Click here to receive your FREE subscription to Campus Technology

Home > Security Technology >> Hack Job

Features

Security Technology >> Hack Job

3/31/2005

By Matt Villano

The best way to avoid security breaches might be to pay for them.

When a hacker broke into the network at George Mason University (VA) earlier this year, IT officials were absolutely powerless to stop him. Within minutes, the hacker compromised the school’s main Windows 2000 server and gained access to information that included names, Social Security numbers, university identification numbers, and even photographs of almost everyone on campus. Next, he poked around for a back door into other GMU servers that store information such as student grades, financial aid, and payroll. Finally, the hacker tried to crack passwords for other machines—machines in just about every department on campus. Curtis McNay, a system administrator who manages some of the university’s computing systems, saw the whole thing happen. After the break-in, McNay told the Washington Post that he knew from data streaming across his monitor that a break-in was going down. By the time the hack was halted, however, it was too late. Information surely had been copied; privacy most certainly had been breached. And after a week of investigating the scope and nature of the electronic break-in, university officials reluctantly sent an e-mail warning 32,000 students, faculty, and staff members that they were all vulnerable to identity theft or credit card fraud.

“It appears that the hackers were looking for access to other campus systems rather than specific data,” Joy Hughes, the school’s vice president for information technology, wrote in the e-mail blast. “However, it is possible that the data on the server could be used for identity theft.”

Talk about nightmares. For an institution designated as a Center of Academic Excellence in Information Assurance Education by the National Security Agency, the hack attack was disastrous. But the debacle was only the latest in a string of hack attacks against higher education institutions. In the last two years, similar attacks have occurred at the University of Georgia, the University of Texas at Austin, the University of Missouri at Kansas City, the University of California-San Diego, and the University of California-Berkeley, to name a few. In all of these cases, the hackers exploited vulnerabilities in technology set up to foster collaboration and the free exchange of information. Across the board, the hackers scored sensitive information, putting users at risk.

These cases may not represent the norm across North America, but increasingly, US schools are feeling the need to step up security measures to protect their users from invasions of this kind. Most schools take a traditional approach, purchasing the latest and greatest Intrusion Prevention System (IPS) technology from vendors that serve the corporate world (see box below).

Playing it Safe

Of course, the safest way to secure a network is to do it the old fashioned way, with a smorgasbord of security products from a variety of leading vendors.



Recommended Reading
  • Cedarville U Sets Up SonicWall Firewalls

    Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.

  • Data Breach Strikes U North Dakota Alumni Association

    The alumni association for the University of North Dakota has gone public with a data breach that occurred when a laptop belonging to a software vendor was stolen from a vehicle. The computer contained the names of 84,000 university alumni, donors, and others, according to coverage by the Grand Forks Herald.

  • Tips for Selecting a Campus CRM tool

    As competition for students increases, colleges and universities are looking more and more to customer (or constituent) relationship management software for help in remaining competitive.

  • Intercast Networks Goes into Beta with Kazam Video Service at Internet2 Universities

    Intercast Networks has redesigned Kazam, its student Internet TV and video service based on the company's VideoXpress platform. Following a spring semester alpha trial at Columbia and Purdue University, the company redesigned Kazam's interface based on student feedback and added additional content that caters to a student audience.

  • Michigan State Managing MRI Images from Africa with Acuo Tech DICOM Services Grid

    Doctors at Michigan State University have begun using the Digital Imaging and Communications in Medicine (DICOM) Services Grid from Acuo Technologies to transport and manage magnetic resonance imaging (MRI) results from a hospital in Malawi, Africa in order to monitor the impact of malaria on children.

  • IIT Delhi Delivers Services with Ingres Open Source

    Administrators at the Indian Institute of Technology Delhi (IIT Delhi) have gone public with their installation of open source database management software from Ingres. IIT Delhi, one of seven leading institutes of technology in India, adopted Ingres Database to support administration functions such as grading, finance, human resources, procurement, and hospital administration.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format