"Sophisticated hacker" compromises LCCC server
Technorati Tag: Security Breach
Date Reported:
12/24/08
Organization:
Lorain County Community College ("LCCC")
Contractor/Consultant/Branch:
None
Location:
Elyria, Ohio
Victims:
"students, community users and employees" registered with the "library identification card system"
Number Affected:
"approximately 22,000"
Types of Data:
Personal information including names and Social Security numbers
Breach Description:
"ELYRIA — A sophisticated computer hacker was able to breach the security system of two Lorain County Community College servers in an attack during the Thanksgiving holiday break."
Reference URL:
Lorain County Community College
The Chronicle-Telegram
Report Credit:
Lorain County Community College
Response:
From the online sources cited above:
Lorain County Community College has recently learned that a sophisticated computer hacker was able to breach two of its servers in an effort to pirate available server space.
[Evan] How sophisticated do you think this "hacker" really is? It wouldn't sound as good if you blamed this breach on an idiot hacker, would it?
When this breach occurred, LCCC’s system detected the downloading of application files and a virus alert was initiated.
[Evan] The fact that LCCC's detective controls alerted them to this incident is a good sign. Often times detective controls are sorely lacking.
The two servers were accessed during the Thanksgiving holiday.
The College’s Information Systems and Services staff immediately shut down the servers and blocked access.
An internal investigation suggests that the breach was not an attempt to extract any data, but to gain access to server space.
[Evan] Don't you think that a sophisticated hacker would have found the poorly secured data on the server?
The College has brought in computer forensics experts and is working with the FBI to investigate this incident further.
One of the servers contained the records of approximately 22,000 students, community users, and employees and their Social Security numbers. That server hosted the college’s library card system.
[Evan] I wonder if this server was accessible from the internet or if the intruder used another server/device as a proxy. We don't know enough about the architecture to say for sure.
This ID card system is a separate system from LCCC’s overall college records and databases, which were not affected.
While we have no evidence to suggest that the hacker accessed files from the ID card system, we are taking aggressive precautionary steps to protect those whose records are on that server.
[Evan] With effective logging, LCCC would be able to state this with some level of certainty.
LCCC will contact everyone whose personal information was contained in the ID card database by letter.
We have contracted with Equifax, at no cost to individuals, for one year of credit monitoring and ID theft protection insurance.
Those affected may contact our Equifax Personal Solutions representative at , Monday through Friday from 8:00 a.m. to midnight EST for more detailed information and assistance with plan enrollment.
you will need to verify your identity as part of the enrollment process
[Evan] I thought this was a little ironic. What if a fraudster used someone else's identity to enroll?
LCCC is committed to maintaining the privacy of database information and takes many precautions for the security of personal information.
In response to incidents of theft like this one and the increasing number of Internet-enabled computer attacks, LCCC is continually modifying its systems and practices to enhance security of sensitive information.
[Evan] Here LCCC refers to this as an incident of theft, but previously we were told that there was no evidence of theft.
We sincerely apologize for the inconvenience and concern that this may cause you.
If you have been a victim of fraud, and believe that it is due to this incident, please file a report with LCCC Campus Security at or on-line at .
An FAQ from LCCC:
How could the College let this happen?
This hacking incident epitomizes the national trend that is plaguing colleges and universities due to their robust systems and server capacities.
[Evan] If we know of this trend, shouldn't we prepare better?
Hackers, such as the one that accessed LCCC’s servers, are extremely sophisticated in identifying those systems with such capacity.
[Evan] Do "extremely sophisticated" hackers need server capacity? I would think that they would be more interested in more direct financial gain. I would also think that they would go more unnoticed.
About 58 percent of college IT officials have dealt with at least one computer-security incident in the past year, according to a survey by CDW Government Inc. and Eduventures, two IT consulting firms.
The Chronicle of Higher Education in December 2008 reported that the good old days are gone when computer hackers were mainly done by hobbyists who launched attacks for fun. Today, international hackers are professional criminals with tremendous sophistication that enables them to create penetration tactics through viruses and software applications.
By working with the college’s computer experts, the FBI’s forensic experts will continue to investigate the breach in hopes of identifying the hacker, said Scott Wilson, FBI spokesman.
“We will attempt to track and identify the person who did this, as well as determine where the hacker is from,” Wilson said. “We have quite a few computer intrusions that are committed from a foreign country and, if that is the case, we will work with that country’s government to ensure the hacker is prosecuted accordingly.”
[Evan] What if the "hacker" came from (or proxied through) a country that doesn't cooperate with the United States? Wouldn't a super sophisticated attacker know better than to attack directly from an ally? There are plenty of insecure computers in China, Russia, etc. to work through.
cyber crimes to No. 3 on the FBI’s list of priorities, behind terrorism and counterintelligence
[Evan] This is an interesting tidbit.
Commentary:
I have my doubts about what has been publicized in this breach. I don't think that the "hacker" is all that sophisticated. If the "hacker" is all that sophisticated, I don't think he/she will be caught.
LCCC's information security is probably not all that different from many post-secondary schools, but that isn't necessarily a good thing.
Past Breaches:
Unknown
Date Reported:12/24/08
Organization:
Lorain County Community College ("LCCC")
Contractor/Consultant/Branch:
None
Location:
Elyria, Ohio
Victims:
"students, community users and employees" registered with the "library identification card system"
Number Affected:
"approximately 22,000"
Types of Data:
Personal information including names and Social Security numbers
Breach Description:
"ELYRIA — A sophisticated computer hacker was able to breach the security system of two Lorain County Community College servers in an attack during the Thanksgiving holiday break."
Reference URL:
Lorain County Community College
The Chronicle-Telegram
Report Credit:
Lorain County Community College
Response:
From the online sources cited above:
Lorain County Community College has recently learned that a sophisticated computer hacker was able to breach two of its servers in an effort to pirate available server space.
[Evan] How sophisticated do you think this "hacker" really is? It wouldn't sound as good if you blamed this breach on an idiot hacker, would it?
When this breach occurred, LCCC’s system detected the downloading of application files and a virus alert was initiated.
[Evan] The fact that LCCC's detective controls alerted them to this incident is a good sign. Often times detective controls are sorely lacking.
The two servers were accessed during the Thanksgiving holiday.
The College’s Information Systems and Services staff immediately shut down the servers and blocked access.
An internal investigation suggests that the breach was not an attempt to extract any data, but to gain access to server space.
[Evan] Don't you think that a sophisticated hacker would have found the poorly secured data on the server?
The College has brought in computer forensics experts and is working with the FBI to investigate this incident further.
One of the servers contained the records of approximately 22,000 students, community users, and employees and their Social Security numbers. That server hosted the college’s library card system.
[Evan] I wonder if this server was accessible from the internet or if the intruder used another server/device as a proxy. We don't know enough about the architecture to say for sure.
This ID card system is a separate system from LCCC’s overall college records and databases, which were not affected.
While we have no evidence to suggest that the hacker accessed files from the ID card system, we are taking aggressive precautionary steps to protect those whose records are on that server.
[Evan] With effective logging, LCCC would be able to state this with some level of certainty.
LCCC will contact everyone whose personal information was contained in the ID card database by letter.
We have contracted with Equifax, at no cost to individuals, for one year of credit monitoring and ID theft protection insurance.
Those affected may contact our Equifax Personal Solutions representative at , Monday through Friday from 8:00 a.m. to midnight EST for more detailed information and assistance with plan enrollment.
you will need to verify your identity as part of the enrollment process
[Evan] I thought this was a little ironic. What if a fraudster used someone else's identity to enroll?
LCCC is committed to maintaining the privacy of database information and takes many precautions for the security of personal information.
In response to incidents of theft like this one and the increasing number of Internet-enabled computer attacks, LCCC is continually modifying its systems and practices to enhance security of sensitive information.
[Evan] Here LCCC refers to this as an incident of theft, but previously we were told that there was no evidence of theft.
We sincerely apologize for the inconvenience and concern that this may cause you.
If you have been a victim of fraud, and believe that it is due to this incident, please file a report with LCCC Campus Security at or on-line at .
An FAQ from LCCC:
How could the College let this happen?
This hacking incident epitomizes the national trend that is plaguing colleges and universities due to their robust systems and server capacities.
[Evan] If we know of this trend, shouldn't we prepare better?
Hackers, such as the one that accessed LCCC’s servers, are extremely sophisticated in identifying those systems with such capacity.
[Evan] Do "extremely sophisticated" hackers need server capacity? I would think that they would be more interested in more direct financial gain. I would also think that they would go more unnoticed.
About 58 percent of college IT officials have dealt with at least one computer-security incident in the past year, according to a survey by CDW Government Inc. and Eduventures, two IT consulting firms.
The Chronicle of Higher Education in December 2008 reported that the good old days are gone when computer hackers were mainly done by hobbyists who launched attacks for fun. Today, international hackers are professional criminals with tremendous sophistication that enables them to create penetration tactics through viruses and software applications.
By working with the college’s computer experts, the FBI’s forensic experts will continue to investigate the breach in hopes of identifying the hacker, said Scott Wilson, FBI spokesman.
“We will attempt to track and identify the person who did this, as well as determine where the hacker is from,” Wilson said. “We have quite a few computer intrusions that are committed from a foreign country and, if that is the case, we will work with that country’s government to ensure the hacker is prosecuted accordingly.”
[Evan] What if the "hacker" came from (or proxied through) a country that doesn't cooperate with the United States? Wouldn't a super sophisticated attacker know better than to attack directly from an ally? There are plenty of insecure computers in China, Russia, etc. to work through.
cyber crimes to No. 3 on the FBI’s list of priorities, behind terrorism and counterintelligence
[Evan] This is an interesting tidbit.
Commentary:
I have my doubts about what has been publicized in this breach. I don't think that the "hacker" is all that sophisticated. If the "hacker" is all that sophisticated, I don't think he/she will be caught.
LCCC's information security is probably not all that different from many post-secondary schools, but that isn't necessarily a good thing.
Past Breaches:
Unknown
Posts Atom 1.0
Comments