Unauthorized access to University of Georgia server affects 4,250
Technorati Tag: Security Breach
Date Reported:
1/9/07
Organization:
University of Georgia
Contractor/Consultant/Branch:
None
Victims:
Current graduate students living in family housing AND former students and applicants.
Number Affected:
4,250
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
Sometime between December 29th and December 31st, 2007 a "hacker" using a computer "with an overseas IP address" was able to access a University of Georgia server used to store confidential personal information belonging to certain current and former university students. 4,250 individuals are affected by this breach.
Reference URL:
Associated Press report on ajc.com
WNEG Channel 32 News
Report Credit:
The Associated Press
Response:
From the online sources cited above:
University of Georgia officials are trying to contact more than 4,000 current, former and perspective residents of a university housing complex after a hacker was able to access a server containing personal information, including Social Security numbers.
The security breach happened sometime between Dec. 29 and Dec. 31
a computer with an overseas IP address was able to access the personal information including Social Security numbers, names and addresses of 540 current graduate students living in graduate family housing and 3,710 former students and applicants
[Evan] These investigations are typically difficult to track to a specific source. We have seen "hackers" use insecure computers overseas as proxies. If a proxy is used in a country that does not cooperate with law enforcement in the United States, then the investigation typically stalls due to the fact that logs and other forensic evidence is not available.
University officials know what country the hacker was operating in, but would not comment on it, UGA spokesman Tom Jackson said.
Workers took the server off-line as soon they discovered the problem.
There was no evidence the hacker used or recorded the information, said Stan Gatewood, UGA's chief information security officer.
"It seemed to be one of those things where the door was opened, but no one walked in," Jackson said. "But still everyone needs to be notified."
[Evan] If "no one walked in", then why is there mention of a "hacker" using "a computer with an overseas IP address"? The two statements don't jive.
But notifying all the affected people could be difficult because many are former students from outside the country, Jackson said.
[Evan] Probably more difficult than it would have been to secure the information in the first place.
Commentary:
If we can't be reasonably certain that the attacker did not access the information, then we are left with the assumption that the attacker did. There is little chance that the university will find out who the attacker is with any certainty. It is easy to be anonymous with the use of proxy servers (bots, open proxies, etc.), especially going through foreign countries.
What was the purpose of storing this information on a server that was accessible through the internet? I also wonder what other controls were placed around access to this server.
This isn't the first time that an "overseas hacker gained access" to University of Georgia confidential information resources (see below). Same "hacker"? Food for thought.
Past Breaches:
February, 2007 - Overseas hacker accesses University of Georgia database
Date Reported:1/9/07
Organization:
University of Georgia
Contractor/Consultant/Branch:
None
Victims:
Current graduate students living in family housing AND former students and applicants.
Number Affected:
4,250
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
Sometime between December 29th and December 31st, 2007 a "hacker" using a computer "with an overseas IP address" was able to access a University of Georgia server used to store confidential personal information belonging to certain current and former university students. 4,250 individuals are affected by this breach.
Reference URL:
Associated Press report on ajc.com
WNEG Channel 32 News
Report Credit:
The Associated Press
Response:
From the online sources cited above:
University of Georgia officials are trying to contact more than 4,000 current, former and perspective residents of a university housing complex after a hacker was able to access a server containing personal information, including Social Security numbers.
The security breach happened sometime between Dec. 29 and Dec. 31
a computer with an overseas IP address was able to access the personal information including Social Security numbers, names and addresses of 540 current graduate students living in graduate family housing and 3,710 former students and applicants
[Evan] These investigations are typically difficult to track to a specific source. We have seen "hackers" use insecure computers overseas as proxies. If a proxy is used in a country that does not cooperate with law enforcement in the United States, then the investigation typically stalls due to the fact that logs and other forensic evidence is not available.
University officials know what country the hacker was operating in, but would not comment on it, UGA spokesman Tom Jackson said.
Workers took the server off-line as soon they discovered the problem.
There was no evidence the hacker used or recorded the information, said Stan Gatewood, UGA's chief information security officer.
"It seemed to be one of those things where the door was opened, but no one walked in," Jackson said. "But still everyone needs to be notified."
[Evan] If "no one walked in", then why is there mention of a "hacker" using "a computer with an overseas IP address"? The two statements don't jive.
But notifying all the affected people could be difficult because many are former students from outside the country, Jackson said.
[Evan] Probably more difficult than it would have been to secure the information in the first place.
Commentary:
If we can't be reasonably certain that the attacker did not access the information, then we are left with the assumption that the attacker did. There is little chance that the university will find out who the attacker is with any certainty. It is easy to be anonymous with the use of proxy servers (bots, open proxies, etc.), especially going through foreign countries.
What was the purpose of storing this information on a server that was accessible through the internet? I also wonder what other controls were placed around access to this server.
This isn't the first time that an "overseas hacker gained access" to University of Georgia confidential information resources (see below). Same "hacker"? Food for thought.
Past Breaches:
February, 2007 - Overseas hacker accesses University of Georgia database
Posts Atom 1.0
Comments