Hacker invades a Florida University system
Thousands of Florida State University employee passwords are in jeopardy because of a computer-system intrusion.
"We got a pretty sophisticated and pervasive hack of some of our servers. That's the bad news," Larry Conrad, associate vice president for technology integration, said Wednesday. "The good news is, as near as we can tell, there has not been any particular user data that was compromised." Of FSU's 80 servers, a handful used for Windows software were exposed this past weekend, he said. And although one of the servers is used for student financial information, such as paying for classes with credit cards, it was a pass-through server and didn't hold any data that could be stolen, Conrad said. The biggest inconvenience so far, he said, has been for those 4,000 FSU staff members with "admin" in their e-mail addresses. Since Monday, they have been unable to check their e-mail through the Internet while away from campus. A file of "admin" passwords was downloaded, but any hacker would have to decode them. Even so, Conrad said, passwords for "admin" accounts will be changed. "When someone steals a key, you install a new lock, and that's what we are doing," he said. The university also is in the process of rebuilding tainted servers, he said. How a hacker or hackers found their way into the system is not something Conrad would talk about. Nor would he provide any documentation showing FSU had all its usual defenses in place when the intrusion occurred. "We are reviewing our procedures, and our next step will be to closely examine what preventive steps we may need to take over and above what we already do," Conrad said in a prepared statement. "For security reasons, we will have no further comment on what those might be." FSU President T.K. Wetherell said Conrad and his team are planning to tell him Monday exactly how the breach of security happened. The president's e-mail address was not affected, but he's not taking any chances on whether his password is at risk. "I'm going to change it anyway," Wetherell said. Universities, with their wide bandwidths and capacity for transporting large packages of information via the Internet, are prime targets for hackers, especially those needing to steal server use for illegal activity such as music- and video-file-sharing. In January, hackers circumvented the University of Georgia's security and accessed a server that included student names, birth dates, Social Security numbers, credit-card account numbers and other personal information. It was information submitted by undergraduate applicants to the university dating back to August 2002. Georgia has sent e-mails to 31,000 people, letting them know their information might have been stolen. Federal and Georgia officials continue to investigate. The school took the server offline immediately after it discovered the security breach. Conrad said FSU has worked hard to keep computer intruders and viruses out of its network. He said although it appears the recent intrusion resulted in common illegal Internet activity, it was done by someone with sophisticated skills. Said Conrad: "This was somebody that buried their tracks deep in the code."
Reproduced from an article published by Tallahassee.com
© Tallahassee.com
The original article can be viewed here:
http://www.tallahassee.com/mld/democrat/7986117.htm
Permalink Bookmark Digg this story
