http://www.azstarnet.com/allheadlines/163761 By Eric Swedlund Arizona Daily Star Tucson, Arizona 01.09.2007 Foreign hackers infiltrated the UA's computer network several times in the last two months, depositing files on numerous servers and workstations in the library, Student Union and procurement office. University of Arizona investigators have no evidence of other tampering, and they are uncertain about the hackers' motives. With the infiltration, the attacker or attackers could have gained access to other data, although personal student information and research-oriented information were not at risk, said Michele Norin, executive director for the UA's Center for Computing and Information Technology. "Across the three areas, the impact was upwards of 30 servers, and we're assessing upwards of 350 workstations," Norin said. "We're still trying to define all the details of how it occurred." The hackers installed software that enabled them to store files, such as movies or games, on the systems. In similar breaches, hackers typically enable others to access the files, but it wasn't clear whether that happened to the UA computers, Norin said. "Being able to put files on machines is pretty common across any organization that manages a network," Norin said. "What is unclear is the ulterior intent in terms of whether they were trying to see other information or not. That could indicate a different motive." On a few computers, hackers installed software that captures and logs keystrokes and can be used to catch log-in names and passwords. "Because of the potential of what might have been captured, that led to analysis of all the systems and all the machines," Norin said. "We can't confirm that anything was captured or that it was used for anything. All we know is that it was there." The breach was noticed last Tuesday, the first working day after the holiday break, when a typical process failed to run, raising a red flag. The computers were hacked in November and December. The breach wasn't a particularly unusual or sophisticated attack, but it was notable for the number of workstations and servers it hit, Norin said. The attacks appear to have originated in France. In addition to the internal investigation, campus police and the FBI are conducting a criminal investigation. Sgt. Eugene Mejia, the UA Police Department's spokesman, directed all questions to other campus spokespeople. Provost George Davis wrote in a campus memo that the affected servers and computers were removed from the campus network, and all computer network managers have searched their areas for intrusion. No additional breaches were found. The library network which also runs the science and music libraries and the Center for Creative Photography system has been restored. Interlibrary loans, e-mail and e-reserves were temporarily disrupted. In the Student Union Memorial Center, payroll processing and the student meal plan were temporarily disrupted, but they have been restored. In Procurement and Contracting Services, online purchasing and surplus operations are not functioning. Temporary equipment installation is letting staff members operate normally, but they're unable to continue projects initiated before the breach was discovered. If the investigation reveals the breach of any personal data, the UA will notify the individuals affected, Norin said. "I know people will be concerned about data, and we will of course notify as needed once we're more sure about what that data is," Norin said. The UA's system, like most large computer networks, is a frequent target of hackers. In February, Romanian hackers were able to breach computers in the UA's journalism department, creating havoc for students. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 09 2007 - 22:34:17 PST