* subscribe at http://techPolice.com Hoosier Favorite Hack Victim? By Michelle Delio 8:35 a.m. June 13, 2001 PDT For the second time this year, hackers have broken into computers at the Indiana University, this time just two weeks after the school pledged to tighten its computer security policies. University officials said Wednesday that hackers had entered the network and were able to break into a database containing the names, addresses and Social Security numbers of 1,700 people who had requested information about the university's music program. The hackers also used the university's servers as a private chat room and stored hacking tools and other files on the servers. Mark Bruhn, Indiana University's information technology policy officer, told a reporter at the Indiana Herald-Times that the university is fighting a "losing battle" against hackers. Each of the university's 55,000 Internet-connected computers are probed by hackers looking for security holes every day, Bruhn said. "They have better tools than we have. We are being outgunned by the hackers," Bruhn said. The university's network was hacked in January when 3,000 student records containing sensitive data were compromised. The Indiana Daily Student reported May 4 that in response to the January hack, IU's trustees had unanimously passed a resolution designed to tighten the university's computer security policies and procedures. The resolution directed the information technology office "to develop and implement policies necessary to minimize the possibility of unauthorized access to Indiana University's information technology infrastructure regardless of the Indiana University office involved." School officials believe that hackers first entered the School of Music servers on May 24. The breach was discovered June 4. Bruhn said the hackers appear to have been using the music department's servers to store programs and communicate with each other over a private chat network. The January security breach also involved a server that was hacked so that it could be used as a storage site. It was later discovered that a Swedish man was storing his music and video files on the server. The January hacker's identity was discovered after university technicians analyzed server log files, which pointed them to a computer in Sweden. But the hackers who breached the School of Music's servers in May deleted all of the log files that would have allowed systems administrators to track their activities, the university said in a statement, admitting that it will probably be impossible to trace or identify their latest visitors. The university police, local FBI office and the school's internal audit office were notified of the hack. People whose personal information may have been stolen have been notified by letter. The school said it will reimburse the cost of three credit reports so that people whose information was stolen can track any attempts to use the purloined data to obtain credit cards. University technicians determined that the hackers gained entrance through a known server operating system flaw, "rpc.statd buffer overflow," about which the university had circulated a warning in August. Roughly 200 of the 1,900 people who registered to receive information at the university's School of Music website supplied their Social Security numbers, even though the form stated that providing the number was optional, the university said in a statement. As yet, there is no evidence that the data in the exposed file has been posted on any website, but school officials pledged that the School of Music staff will be "diligently searching the Web for occurrences of the data" for the next six months. After the January hack, students asked that the university stop storing Social Security numbers on its computer systems. School officials say they'll remove the information when IU replaces its existing software systems in 2004. http://www.wired.com/news/print/0,1294,44501,00.html ============================================================ How much can you save on your favorite stuff? With TopOffers, the sweet deals & super savings never stop. http://click.topica.com/caaab6jb1dhr0b2EDp2f/TopOffers ============================================================ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email To: [EMAIL PROTECTED] This email was sent to: archive@jab.org T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
