[ISN] Cal State combats thieves in cyberspace

InfoSec News isn at c4i.org
Tue Aug 30 02:34:37 EDT 2005


By Katy Murphy
HAYWARD Every morning, Thomas Dixon goes into his office at California
State University, East Bay, knowing that a million attempts will be
made - each hour - to break into the computer system he is charged
with protecting.

Dixon is a quiet, seemingly unflappable man who didnt blink at the
break-ins reported this month at Sonoma State University and
California State University, Stanislaus, that potentially compromised
the personal information of tens of thousands of students.

But the information security specialists biggest fear, which he shares
with others in the know on campus, is that someone will manage to
break into the main system containing student data and financial

Do I get nervous? Of course, he said.

To prevent such a catastrophe, Dixons team installs firewalls to keep
unwanted users out of the main system. They keep their ears open about
the latest threats and how to keep them at bay. And they give critical
self-defense instructions and controls to the 10 to 20 faculty and
staff whose laptops contain sensitive data about the university.

Sometimes their efforts are not enough.

Last September, a hacker gained access to a server in a Warren Hall
office, later boasting about the conquest on the offices home page. As
mandated by state law, the university sent letters to about 2,300
people, warning them that their personal information could have been

Shortly after that attack, someone struck again, leaving a similar
mark on the home page. Since Dixon already had scrubbed the hard drive
of data, no information could have been taken.

Dick Metz, vice president of administration and business affairs for
the university, said he didnt know whether the phisher was simply
gaming the system or trying to steal information. As far as he knows,
no reports of fraud or misuse of data have been made in connection
with the break-in, he said.

Metz considers the September hack a minor incident. A major one, by
his standards, would affect at least 10,000 people.

At the time, many students went about their lives, oblivious to the
invasion. Kelly Lunsford, a freshman last year, said Thursday that she
wasnt aware of it - or of the recent problems at other universities,
including the University of California, Berkeley.

Lunsford said she assumed her information was safe at Cal State East

I guess Ill trust them until something happens, she said.

Likewise, incoming freshman Larry Ornellas said he wasnt too worried.

I feel the school is a secure enough place, and they have thousands -
and maybe tens of thousands - of records on file. It would have to be
a secure enough domain for them to stay there, he said, although he
added that the threat of identity theft is always in the back of his

When students return to dormitories next month for the fall quarter,
their laptops will be checked for infection.

Software and other protections will be given to on-campus students
connected to the network, Dixon said, because someone could get to us
through them.

Despite the countless barriers they have erected, Dixon and Metz are
keenly aware that all a hacker needs is a tiny opening.

Weve come to the conclusion that it isnt a matter of whether we get
breached again, Metz said. Its when.

More information about the ISN mailing list