Original URL: http://www.theregister.co.uk/2005/04/29/fiu_id_fraud_alert/

Florida Uni on brown alert after hack attack

IT hits the fan

By John Leyden

Posted in Security, 29th April 2005 14:02 GMT

Students and staff at Florida International University (FIU) were warned they are at risk of identity fraud this week after techies discovered hackers had broken into college systems. A file found on a compromised computer showed that an unknown hacker had access to the username and password for 165 computers at the University, sparking a major security alert.

A preliminary investigation has revealed that only a few of the compromised computers contained sensitive information (e.g. credit card details and social security numbers). That’s by enough by itself but the greater fear is that hackers have compromised the University’s network to such as extent that few systems are safe. FIU information-systems chief John P. McGowan reckons hackers based in Europe are responsible for the attack, the Orlando Sentinel reports.

Users are being advised to remove any sensitive information from their university computers. They are also advised to set up a fraud alert on their credit file, as a precaution. The amount of confidential information obtained by hackers is unclear. There’s no evidence that any fraud has taken place as yet. Even so university authorities are taking the problem seriously, going to the unprecedented length of having technicians examine 3,000 campus computers for possible security problems in a scheme likely to take weeks if not months to complete.

Among other things these technicians will be updating operating system and anti-virus protection, removing known Windows vulnerabilities, re-configuring log-in accounts, scanning for applications that allow for unauthorized access as well as disseminating new information on effective password management and computer user access guidelines. As part of this extensive security mitigation checklist, technicians will also be examining PCS for types of sensitive information (i.e., SSNs, credit card numbers) saved on computers or network file shares but not recording the actual numbers. This last procedure comes perilously close to been a security risk in itself, you might think.

Florida International University has reported the incident to the FBI for investigation. FIU joins a growing list of US Universities to have suffered cyber attacks over recent months. Boston College, Carnegie Mellon University and Northwestern University have been among the victims. ®

Related stories

Berkeley hack sparks legislative backlash
Student owns up to Texas Uni cyber-heist
Student charged with massive ID fraud
Feds probe huge California data breach
ID theft is inescapable

Related links

FTC advice on guarding against identity theft FIU's alert