[ISN] One-at-a-time hacker grabs 22,000 IDs from Univ. of Missouri

From: InfoSec News (alerts@private)
Date: Thu May 10 2007 - 22:37:29 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9018982

By Gregg Keizer
May 09, 2007
Computerworld

A hacker grabbed the Social Security numbers of more than 22,300 current 
and former students at the University of Missouri, the school said 
yesterday. It was the institution's second data break-in of the year.

According to university officials, the attack was launched from IP 
addresses in China and Australia and used a Web form for tracking the 
status of queries to the school's IT help desk. The hacker accessed the 
names and Social Security numbers of school employees during 2004 who 
were also current or onetime students; those records had been compiled 
for a report, but were overlooked rather than deleted.

IT staffers noticed unusual activity that began around 5:30 a.m. CDT 
last Thursday, then tied a large number of database query errors to the 
problem on Friday. Logs showed that the attacks ended at 9:34 a.m. 
Friday. That day, technicians disabled the account used to access the 
database from one IP address in Chinaand another in Australia. The FBI 
was alerted on Monday.

"The hacker was able to reach the information by making thousands of 
queries over a span of hours, allowing the identities to be exposed one 
at a time," the university reported.

A Web page and toll-free telephone line have been set up to take 
questions from students, the school said. Officials are also contacting 
as many of the affected people as possible.

Yesterday, the toll-free line was overwhelmed, a school spokeswoman said 
today, and some callers heard a recording that said the desk was closed. 
That problem has been solved by boosting the number of staffers 
answering the phones. Computerworld confirmed that the hot line was 
working today, with wait times of approximately three minutes.

This is the second incident at the University of Missouri in recent 
months. In February, the school acknowledged that a server attack in 
January might have exposed the identities of 1,220 researchers on its 
four campuses. The spokeswoman declined to comment on whether there 
could be any connection between the two events.

In its message to potential identity theft victims, the university said 
that it "takes this matter very seriously" and noted that it wasn't the 
only organization to be attacked. "All companies or organizations using 
the Internet to serve their customers face this challenge." Last year, 
reported the Columbia Missourian, then-university President Elson Floyd 
ordered that employee Social Security numbers information be deleted 
from online databases.

Universities are a frequent target of identity thieves, according to the 
data breach chronology compiled by the Privacy Rights Clearinghouse. 
Since Jan. 1, 27 colleges or universities have been victimized by 
attackers. The list includes well-known institutions such as the 
University of Notre Dame, Ohio State University, Purdue University and 
Rutgers. Several, in fact, have been hit multiple times: Notre Dame, the 
University of Idaho and the University of New Mexico each suffered two 
attacks in the first four months of 2007.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu May 10 2007 - 22:50:01 PDT