[ISN] Hacker compromises data at George Mason University

InfoSec News isn at c4i.org
Tue Jan 11 01:44:26 EST 2005

Forwarded from: William Knowles <wk at c4i.org>


By Jaikumar Vijayan 
JANUARY 10, 2005 

The names, photos and Social Security numbers of more than 32,000
students and staff at George Mason University in Fairfax, Va., have
been compromised as the result of a hacker attack against the
university's main ID server.

The attack was discovered during a routine review of system files and
prompted the school to disconnect the compromised server from the
network, according to an e-mail sent to members of the university
community yesterday by Joy Hughes, the school's vice president for
information technology.

"It appears that the hackers were looking for access to other campus
systems rather than specific data," Hughes wrote in her e-mail.  
"However, it is possible that the data on the server could be used for
identity theft."

Law enforcement authorities and school officials are now investigating
the incident, which was discovered last week but may have occurred as
far back as November.

The affected server contained information on "all members of the Mason
community who have identification cards," Hughes said in her message.  
The intruders also installed tools on the ID server that allowed other
campus servers to be probed. Hughes, however, offered no details about
the other GMU systems that may have been probed.

"There is no evidence that any of the data available on the Mason ID
server has yet been used illegally," she wrote, while urging students
and staff to contact the three major credit bureaus and place fraud
alerts on their credit files.

The university is the largest state college in Virginia, with more
than 28,000 enrolled students and over 4,000 employees, according to
the GMU Web site.

Daniel Walsch, director of GMU's media center, said the break-in was
discovered on Jan. 2. Preliminary indications are that hackers may
have broken into the system as far back as late November, Walsch said.

"We felt that everything was secure and that we had safeguarded
against something like this," he said, noting that the university is
looking to see what other systems were also broken into. "There were
some hints that [the hackers] were trying to open some other doors. We
are not sure if anything else was compromised."

The incident is a black eye for an institution that is one of a few
select universities to be designated as Centers of Academic Excellence
in Information Assurance Education by the National Security Agency.  
Students at the university's Information Assurance Scholarship Program
are placed in Defense Department jobs upon completion of the program,
according to the school's Web site.

"What concerns me is that they promote themselves as being big in the
infosec world," with some of the best resources and staff in the
academic world, said one part-time student who asked not to be

"In the 'Do as I say, not as I do' department, GMU has a Center for
Secure Information Systems, [which is] both a research and teaching
outfit," said another university source who also asked not to be
named. "CSIS has numerous cooperative agreements with local defense
and government contractors," which makes the break-in more
significant, he said.

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list