|
|
Educational Institutions Network Security News
|
Netforcement provides network security consulting service to educational institutions including elementary, middle and high schools, universities and colleges. Identity theft is becoming the number #1 security issue in education as you can see from the articles below.
| 06-26-2005 |
InformationWeek.com: UC Discovers Server Breach
The University of Connecticut is notifying 72,000 students, staff, and faculty as a precaution after officials found a computer-hacking program in a server at the school. Technology staff discovered that a program known as a rootkit had been installed on the server. The server was immediately taken off-line, chief information officer Michael Kerntke said.
http://www.informationweek.com/
|
| 06-17-2005 |
The Hawaii Channel.com: UH Warns Students, Faculty Of Potential ID Theft
Students and faculty who attended or worked at all 10 campuses of the University of Hawaii system are being encouraged to take steps to protect themselves against identity theft after a recent case involving a former library employee. Deborah Jenkins was employed at Manoa's Hamilton Library from 2001 until 2003. Right now, she is a fugitive. While working at UH Manoa, she apparently used a Maryland man's Social Security number to get fraudulent loans.
http://www.thehawaiichannel.com/news/4622931/detail.html
|
| 06-13-2005 |
The Daily Texan:UT hacker guilty of stealing information
Former University of Texas computer science major Christopher Andrew
Phillips was found guilty of "recklessly knocking out UT Web services
... and stealing thousands of Social Security numbers belonging to
students, staff and faculty." Phillips was acquitted of two more
serious charges of intending to use the information he stole for
financial gain. Phillips could face up to five years for the reckless
damage conviction and one year for for the theft of the Social Security
numbers.
http://www.dailytexanonline.com/media/paper410/news/2005/06/13
|
| 06-06-2005 |
Associated Press: FL Professor charged with identity theft.
A community college professor has been charged with using his students' names and Social Security numbers to obtain department store credit cards. Bradley Neil Slosberg, of Winter Haven, FL, was arrested Friday, June 3, on charges of criminal use of personal identification and scheming to defraud, the Polk County, FL, Sheriff's Office said. Slosberg and his girlfriend, Deborah Hafner, stole the identities of at least three of the students from his anatomy and physiology class at Polk Community College, sheriff's office spokesperson Carrie Rodgers said. Slosberg had asked his students to write their names and Social Security numbers on a sign-in sheet, students said. "We all signed it," Amanda Bracewell said. "We figured, 'He's a teacher, what is he going to do with it?'"
http://abcnews.go.com/US/LegalCenter/wireStory?id=822816 |
| 06-04-2005 |
Houston Community Newspapers: Texas HS student hacker accelerates school computer security.
The Pasadena Independent School District computer technology department has accelerated implementation of new security measures on the district's computer networks after a student hacker was discovered remotely controlling several computers on the network.
http://www.hcnonline.com/site/news.cfm?newsid=14638251&BRD=1574&PAG=461 |
| 06-01-2005 |
Dover Post: Hackers set up phishing scam from Delaware State University Website..
DSU installed security measures on its website last week after discovering someone hacked into www.desu.edu and the school’s email system in an attempt to steal identity information. In this case, hackers gained access to the DSU site and created a fake, hidden page that impersonated the site of an overseas bank, according to school spokesman Carlos Holmes. Anyone who received a bogus e-mail from the scammer could’ve linked to the fake page and been asked for account information. Coincidentally, the intrusion came just days before the university planned to install a new website upgrade that would, among other things, improve the security of the system, according to Holmes. The upgrade was accelerated and has been completed.
http://www.doverpost.com/pages/newshackers.html |
| 05-31-2005 |
Associated Press: Teens hack into school computer system for personal information.
Police are investigating whether criminal charges are warranted after three teenagers allegedly broke into a Carlisle Area School District computer server and got birth dates, addresses and Social Security numbers of employees and students. Two 18-year-olds and a 17-year-old were caught after one told a classmate that he knew his Social Security number, and that student reported it to a teacher. The students have been suspended.
http://www.poconorecord.com/local/rxf74117.htm |
| 05-27-2005 |
Chicago Maroon: Private records discovered on server of University of Chicago.
Students recently found confidential, unprotected information on the Krypton server which hosts the bulk of the University’s webpages sending adminstrators scrambling to find out where the files came from. Information included students’ social security numbers (SSNs), grades, and comments on financial aid applications in some cases.
http://maroon.uchicago.edu/news/articles/2005/05/27/ |
| 05-23-2005 |
Associated Press: Hacker may have stolen Social Security numbers from Jackson Community College.
A hacker who broke into the computer system
at Jackson Community College in Jackson, MI, may have accessed as many as
8,000 Social Security numbers, the college said Monday, May 23. The hacker
broke into the system Wednesday, May 18. College officials are still
investigating but say the hacker may have downloaded employee and student
passwords. The college has long used Social Security numbers as default
passwords for setting up computer accounts. Jim Jones, the college's
director of information technology services, said people are encouraged to
change their passwords but often continue to use their Social Security
numbers.
http://www.freep.com/news/statewire/sw116169_20050523.htm |
| 05-22-2005 |
Associated Press: Identity theft risk at Georgia college.
A computer identity breach at Valdosta State University, located in Valdosta,
GA, has affected up to 40,000 people who could have had their Social
Security numbers accessed by a computer hacker last week. The computer
server contained information on VSU 1Cards, which are combination
identification and debit cards that could be used to buy food or books on
campus or check out library materials. The Georgia Bureau of Investigation
has the hard drive from the computer server and is investigating, said
school spokesperson Joe Newton.
http://news.mywebpal.com/partners/680/public/news633984.html |
| 05-17-2005 | Savannah Morning News: University hacker puts bookstore customers at risk.
The FBI and state investigators in Georgia are trying to figure out how tens of thousands of Georgia Southern University (GSU) bookstore customers fell prey to a computer hacker. Although no incidents of theft or fraud have been reported, university officials are warning students, alumni and bookstore customers that Social Security numbers and credit card information were put at risk on April 23, when someone hacked into the bookstore's computer system, said GSU spokesperson Rosemary Carter. The server contained names, credit card numbers and expiration dates of those who made credit card purchases. It also included Social Security numbers of those who used checks, according to Carter. Until recently, Georgia drivers' licenses contained drivers' Social Security numbers. Campus officials said they are unsure the extent of the security breach, but said tens of thousands people are at risk.
Source:
http://savannahnow.com/stories/051705/3037421.shtml |
| 05-09-2005 | ABC news: Two students investigated for identity theft at high school.
Criminal charges might be filed against two students for stealing personal information at a west suburban high school. The students at Hinsdale Central are accused of hacking into the school's computer system and obtaining Social Security numbers for students and staff. The technology department is working on restructuring the system to prevent future security breaches.
http://abclocal.go.com/wls/news/051205_ns_school_hacked.html |
| 05-06-2005 | Detroit Free Press:Michigan State University Patrons Notified of Cyber Security Breach
Michigan State University's Wharton Center for the Performing Arts has begin notifying approximately 40,000 patrons that their personal data, including names, addresses and credit card numbers, may have been compromised after a security breach of a server at the Center. The intrusion was discovered on April 26, 2005; the Wharton Center has added an intrusion FAQ page to their web site to provide additional information to concerned patrons.
http://www.freep.com/news/statewire/sw115435_20050506.htm
http://www.whartoncenter.com/FAQ/default.htm |
| 05-01-2005 | American School Board Journal: How Safe is Your Network?
The first step in protecting your network should be to develop a policy outlining its vulnerabilities and how it can be secured. Implementing that policy is perhaps the most important key to ensuring maximum protection against a breach in security.
http://www.asbj.com/2005/02/0205technologyfocus.html |
| 04-21-2005 | Associated Press: Carnegie Mellon says computers breached.
Carnegie Mellon University, located in Pittsburgh, PA, is warning more than 5,000 students, employees and graduates that their Social Security numbers and other personal information may have been accessed during a breach of the school's computer network. Carnegie Mellon discovered the breach on April 10. Spokesperson Mike Laffin said that as of Wednesday, April 20, the school had no clear idea how long the system had been vulnerable. Officials say they have no evidence that anyone had used the personal information.
http://www.washingtonpost.com/wp-dyn/articles/A6646-2005Apr21.html |
| 04-12-2005 | BusinessWeek: A hacker break-in affects Northwestern University.
The Kellogg School of Management at Northwestern University in Evanston, IL, is investigating a recent security breach on its computer network. On March 20, while most students were away on spring break, Northwestern University's information technology (IT) department noticed that two Kellogg servers were sending anomalous traffic onto the university network. The IT group blocked this traffic from the broader network and alerted Kellogg. Investigations uncovered hacking activity on multiple computers and also revealed that the hacker had most likely gathered user ID and password information from the Kellogg domain. No reports have yet surfaced of unauthorized use of personal information as a result of the security breach, said David Keown, Kellogg's chief information officer and assistant dean for information technology.
http://www.businessweek.com/bschools/content/apr2005/ |
| 04-09-2005 | Northeast Mississippi Daily Journal: University students left vulnerable to identity theft.
The mistake of a former employee left hundreds of University of Mississippi sorority and fraternity students vulnerable to identity theft. According to Assistant Vice Chancellor for University Relations Jeff Alford, over 300 students' names and social security numbers from 14 sororities and fraternities were placed on the university's Website. Alford said the information had probably been on the site since August 2003 when a former staff member in the Dean of Students office backed it up on the Web server to save. Alford said the former employee responsible for the leak was contacted when the school discovered the mistake. "He said he thought he had erased it and was very apologetic for the mistake," Alford said. The university shut down the site Wednesday, April 6. "The information was posted in such an obscure manor that it would have been extremely difficult for someone to access it," said Alford.
http://www.djournal.com/pages/story.asp?ID=190865&pub=1&div=News |
| 04-04-2005 | New York Times: Some colleges fall short in security of computers.
With a rash of incidents of personal information being stolen from universities, attention is now being focused on how universities are protecting their data. "Universities are built on the free flow of information and ideas," said Stanton S. Gatewood, the chief information security officer at the University of Georgia, which is still investigating a hacking incident there last year that may have exposed records on some 20,000 people. In many cases, Gatewood said, that free flow has translated into a highly decentralized system that has traditionally granted each division within a university a fair amount of autonomy to set up, alter and otherwise maintain its own fleet of networked computers. Various servers that handle mail, Web traffic and classroom activities - "they're all out in the colleges within the university system," Gatewood explained, "and they don't necessarily report to the central IT infrastructure." Throw in aging equipment, an entrenched sense that information should be as free-flowing as possible, and a long-standing reliance on Social Security numbers as the primary means of identifying and tracking transient populations, and the heightened vulnerabilities of universities become apparent.
http://www.nytimes.com/2005/04/04/technology/04data.html |
| 03-28-2005 | Associated Press: Stolen University of California (UC) laptop exposes data of university students.
Someone recently walked into a US, Berkeley office and stole a computer laptop containing personal information on alumni, graduate students and past applicants. University officials waited until Monday, March 28, to announce the March 11 crime, hoping that police would be able to catch the thief and reclaim the computer. When that didn't happen, the school publicized the theft to comply with a state law requiring consumers be notified whenever their Social Security numbers or other sensitive information have been breached. UC Berkeley plans to advise the 98,369 people affected by the laptop theft to check their credit reports, although there has been no indication any of he personal information has been used illegally, university spokesperson Maria Felde said. The laptop stolen from the UC Berkeley was supposed to be encrypted this month, Felde said. The computer, which required a password to operate, was left unattended for a few minutes in a restricted area of a campus office before someone walked in and stole it, Felde said. Authorities suspect the thief was more interested in swiping a computer than people's identities.
http://www.securitypipeline.com/showArticle.jhtml?articleID=159907438 |
| 03-21-2005 | Yale Daily News: Phishing scheme targets students at Yale Univeristy.
Some students recently were tricked by a Website that looked just like one from Yale. On Monday, March 14, some users received an e-mail directing them to a duplicated or "spoofed" version of the Yale Central Authentication System login Website where they were prompted to enter their NetIDs and passwords, Chief Information Officer Philip Long said. The spoof was the most advanced phishing scheme to invade University e-mail servers, he said. Now, new anti-spam software will be introduced on Yale e-mail servers. Although 28 phony messages were received by users before the hoax was reported and blocked, Long said the damage was minimal. Still, he said both the quantity and quality of such phishing scams are on the rise. Long said the spoof was considered particularly dangerous because it was the first such duplication of a Yale Website he had seen, and implied knowledge of the University's network systems. "This clearly used knowledge of Yale and was sent to individuals at Yale, so we take this as a higher concern than just general issues of phishing," Long said, adding that the spoof originated off campus.
http://www.yaledailynews.com/article.asp?AID=28785 |
| 03-21-2005 | Network World Fusion: K-12 schools fight to stop student hackers.
When today's K-12 students act up, they increasingly are going high-tech by using the school's network to launch denial-of-service attacks, sending harassing e-mails or breaking into databases to try to change their records. With public schools now widely equipped with LANs and high-speed Internet access, IT administrators have to cope with many cyber incidents. Some infractions, such as attempts to get to pornography sites, might force administrators to temporarily yank a child's network access as punishment. But some types of incidents, such as hacking and e-mail threats, even end up with students being booted out of school or in trouble with the law. Philip Scrivano, management analyst at Fiscal Crisis & Management Assistance Team (FCMAT), agrees. Scrivano says that in his role as adviser, he's seen students expelled for installing a keylogger on the teacher's PC and changing grades or breaking into a server. Some troublemakers are spending inordinate amounts of time planning break-ins - sometimes 50 to 100 hours for one attack. The hard part is making teenagers understand that what they're doing is a crime. Department of Education's "Internet Access in U.S. Public Schools and Classrooms: 1994-2003"
http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2005015
http://www.nwfusion.com/news/2005/032105-hacker-kids.html |
| 03-17-2005 | Chico Enterprise-Record: Chico State computer system attacked by hackers.
More than 59,000 people connected to Chico State University in Chico, CA, will be contacted for what officials are calling
the largest computer hacking incident the college has seen. Notifications to anyone whose personal information was compromised were going out Tuesday, March 15, said Joe Wills, director of public affairs at the university. That list includes current and former Chico State faculty and staff members. However, the majority of those receiving notifications are students, because the server hackers targeted held the names and Social Security numbers of current, former and prospective students. The university was made aware of the incident about three weeks ago, after routine monitoring of its network showed that hackers illegally accessed the University Housing and Food Service server. An investigation revealed hackers installed software to store files and attempted to break into other computers.
http://www.chicoer.com/Stories/0,1413,135~25088~2765075,00.html |
| 01-10-2005 | CNET News: Hackers steal identity information from Virginia university.
George Mason University, a public university located in Fairfax, VA, confirmed on Monday, January 10, that the personal information of more than 30,000 students, faculty and staff had been taken by online intruders. The attackers broke into a server that held details used on campus identity cards, the university said. Joy Hughes, the school's vice president for information technology, said in an internal e-mail sent over the weekend that "the server contained the names, photos, Social Security numbers and (campus ID) numbers of all members of the Mason community who have identification cards." Hughes went on, "It appears that the hackers were looking for access to other campus systems rather than specific data... However, it is possible that the data on the server could be used for identity theft." Last year,
George Mason said it would cease to print Social Security numbers on campus ID cards and would instead generate unique "G numbers" for each student and each member of faculty and staff. However, the server with the ID card information still stored Social Security numbers in its database, according to the George Mason e-mail. The university said police are investigating the crime.
http://news.com.com/Hackers+steal+ID+info+from+Virginia+university/ |
| 12-07-2004 | The Courier-Journal: Computer virus infects Jefferson County schools.
Jefferson County public schools in Kentucky are battling a virus that has infected at least 1,000 computers and wreaked havoc on everything from attendance reports to students' ability to finish term papers. Officials blame the same "w32gaobot" virus that hit tens of thousands of school computers statewide late last month, freezing school Websites and barring student access to the Internet. After getting into the state's education computer network, that virus bogged down computers partly by generating overloading traffic on the Internet - and in some cases reading computer passwords and dispersing them and other technical information onto the Internet. Potentially debilitating viruses "show up on a regular basis now," said Cary Petersen, director of technology in Jefferson County Public Schools. One problem controlling viruses in a school system like Jefferson County's, which has about 28,000 computers, is that there are many possible entry points, including spam e-mail attachments, Internet ads or infected floppy disks. Precautions, including anti-viral software and educating workers not to open an e-mail without certain knowledge of its origins, have helped limit the spread, Petersen said.
http://www.courier-journal.com/localnews/2004/12/07ky/ |
| 11-17-2004 | Denver Post: Colleges easy prey to hackers.
University computer systems are an easy and likely target for computer hackers, and experts warn that students will be more likely to become victims of identity theft if changes don't come soon. Campus technology experts say universities are in a unique and vulnerable security situation. While their computer systems contain a wealth of personal identifiers, universities represent a culture of open information sharing. "It is hard because security and convenience are kind of mutually exclusive," said San Diego State University's (CA) technology security officer, John Denune. "So with a university environment, we always have to keep our educational mission in perspective because we can't lock things down like a business would," Denune said. Identity theft is not the only motivation for those hacking into university systems, experts said. Hackers are also intent on scoring bragging rights
among their online buddies or manipulating an army of computers to do their bidding. "Universities tend to be a large target of opportunity because we have a lot of bandwidth," said Denune.
http://www.denverpost.com/Stories/0,1413,36~32540~2539839,00.html |
| 11-04-2004 | Associated Press: Former student indicted on hacking charges.
A federal grand jury has indicted a former University of Texas student on charges he hacked into the university system and stole Social Security numbers and other personal information from more than 37,000 students, faculty and staff. Christopher Andrew Phillips is charged in the four?count indictment with fraud and with storing credit card and bank account information with the intent to defraud. Phillips is not accused of using any of the information for illegal purposes. The university spent $167,000 responding to the security breach and warning people of possible identity theft. Phillips told investigators that he designed a program that attempted to access the university database by automatically entering Social Security numbers one after another. The numbers were entered as rapidly as 72,000 per hour from an off campus computer over five days in early 2003.
http://abcnews.go.com/US/wireStory?id=226870 |
| 10-22-2004 | Security Focus: Purdue says someone hacked into university's computers.
Someone gained unauthorized access to Purdue's computer network, prompting school officials to urge all students, staff and faculty to change their passwords. "We have confirmed that some computer passwords have been obtained by unauthorized users accessing a number of computer systems," said Scott Ksander of Purdue's information technology office. "The full extent of the problem is still being analyzed, but we think it is important to exercise caution, and the best action to take is for all users to change their passwords at this time." Purdue officials said that after the initial breach was detected, an investigation found that computers in several locations on the 38,000-student West Lafayette campus had been accessed. The Purdue police department was notified of the hacking Wednesday. The school has not been able to determine whether personal information was obtained by the intruder. Ksander said computer users should watch for signs that their personal information might have been obtained by others.
http://www.securityfocus.com/news/9786 |
| 09-07-2004 | Mississippi State University: Alert MSU student thwarts would-be computer hacker.
A computer security major at Mississippi State used cyber-investigative techniques he learned in the classroom to thwart the improper activities of a would-be hacker from another institution. When Wes McGrew recently noticed his campus e-mail and Internet activities had slowed to a trickle, he became suspicious. Installing special software, he quickly determined that a computer recently added to the university network had been hacked before security patches could be added, and was attacking machines with a Microsoft database vulnerability.
http://www.ur.msstate.edu/news/stories/2004/cyberattack.asp |
| 09-02-2004 | Associated Press: California schools warned of identity theft.
California university officials have warned nearly 600,000 students and faculty that they might be exposed to identity theft following incidents where computer hard drives loaded with their private information were lost or hacked into. Since January, at least 580,000 people who had personal information about them stored in university computers received warnings they might be at risk. Over the year, problems have occurred at California State University, San Marcos, University of California -- San Diego and Los Angeles, and San Diego State University. A California law requiring people be notified when they might be exposed to identity theft took effect in July 2003. Officials say that might explain the rash of notices. "There's no reason to assume that suddenly in July 2003 all these computer security breaches started occurring," said Joanne McNabb of the Office of Privacy Protection in the California Department of Consumer Affairs. "It's just that we know about them now, when we didn't hear before."
http://news.com.com/Hacker+strikes+university+computer+system
http://www.washingtonpost.com/wp-dyn/articles/A57539-2004Sep 2.html
http://www.securityfocus.com/news/9758 |
| 08-29-2004 | Los Angeles Times: Security lapses expose students to possible identity theft.
A missing hard drive containing personal information on 23,500 students, faculty and staff in the California State University system is only the latest example of how campus computers can expose individuals to identity theft. Although the hard drive was lost at Cal State-San Marcos, 13,500 of those affected are linked to Cal Poly-San Luis Obispo, Cal State officials said. The other state universities affected are Dominguez Hills, Fullerton, Monterey Bay, San Diego and Sonoma. The concern is about the potential for identity fraud, where somebody has access to a name, address, Social Security number and other identifiers used in credit applications. The Cal State case is by no means isolated and is not even the biggest example this year of a mass notification of a security breach. Since January, at least 580,000 individuals with information in university computers have been notified of similar risks. That includes 380,000 current and former students, applicants, staff, faculty and alumni at UC San Diego and 178,000 at San Diego State. In both cases, hackers got into computers for other reasons, but had access to files containing personal information, officials at both universities said.
http://www.latimes.com/business/careers/work/ |
| 08-11-2004 | St. Louis Post-Dispatch: Hackers download student data, police say.
The names and passport information of more than 500 foreign students at Southern Illinois University Edwardsville (SIUE) was illegally downloaded recently by a fellow student at the school, according to a search warrant filed Wednesday, August 11, by university police. The search warrant, filed in Madison County Circuit Court, said that the hacker downloaded the information from a special database set up to comply with provisions of the federal Patriot Act. The data included names, dates of birth, Social Security numbers and visa information, Sgt. Marty Tieman of the SIUE Police Department said in his affidavit. Greg Conroy, an SIUE spokesperson, said that employees in the university's Office of Information Technology found out about the breach on Friday, August 6 while doing their daily check of activity logs. He said that the breach was possible because an employee had failed to disable a feature that gives people access to the system without a password. "The students were scanning the system, they found the flaw, and they started downloading files," Conroy said.
http://www.stltoday.com/stltoday/news/stories.nsf/News/Metro+East/ |
| 08-01-2004 | Associated Press: Dartmouth computers hacked.
Hackers hit the computer system at Dartmouth College in New Hampshire last week and got access to sensitive information about thousands of employees and students. Larry Levine, Dartmouth's chief information officer, said he did not know for sure what the hackers' purpose was. He said one of the compromised computer servers contained information on college employees, retired employees and their families. Other servers involved contained research data and staff and student immunization information. Levine said perhaps as many as 10,000 people could be affected. Levine said hackers frequently try to break into university systems to gain illegal access to music and movies without being detected. "We believe that is the most likely scenario in this case," he wrote in an e-mail to Dartmouth faculty and students. "It's not so much to get at information as it is to get at software or games," and make them widely available online. Dartmouth quickly removed the unauthorized program installed by the hackers and added further safeguards to secure the servers, Levine said.
http://www.thewmurchannel.com/news/3603476/detail.html |
| 03-17-2004 | San Diego Union Tribune: San Diego State University (SDSU) student personal data at risk, thousands are warned.
SDSU is warning more than 178,000 students, alumni and employees that hackers broke into a university computer server where names and Social Security numbers were stored. The university began mailing out notification letters Monday, March 15, urging people whose personal information was on the server to get copies of their credit reports and review them for suspicious activity. University officials said the hackers infiltrated a server in the Office of Financial Aid and Scholarships in late December and used it to send spam e?mail messages and transfer files. The problem was discovered in the last week of February and SDSU took the server off the network. The server contained financial aid reports since 1998, but not the applications themselves or award information. SDSU said there is no indication that the intruders targeted confidential information in the system. "We have to let people know what happened and let them take steps to protect themselves." The case is being investigated by university police. The FBI also has been notified because there is evidence that the hackers broke into the server from another state, said SDSU police Capt. Steve Williams.
http://www.signonsandiego.com/news/computing/ |
|
|
