A hacker gained access to the Mills computer system over the
weekend of April 17, and led to the shut down of all services that
require a password. The security breach follows a number of similar
cases that have occurred on college campuses across the country
within the last couple of months.
The breach was discovered the morning of April 19, according to
Director of Computing Ser vices Marshall Northcott. Services were
shut down but returned the next day. According to Northcott, their
investigation revealed that the hacker looked at a password file,
making it necessary for all users to obtain new passwords and PIN
numbers.
In an e-mail sent to all students and staff on April 22,
Assistant Vice President for Library and Technology Renee
Jadushlever stated, “Although our investigation of the security
breach does not show attempts to collect confidential personal
information from our database, it is important to warn everyone to
be vigilant in oversight of their financial assets to detect
irregularities that might be signs of identity theft.”
The Federal Trade Commission reported that people between the
ages 18 to 29 filed 28 percent of identity theft complaints in
2003, making them the largest complaint group by age.
Northcott said that, while it does not appear that the hacker
looked for confidential information such as Social Security
numbers, it is possible that they were able to obtain that kind of
information.
“All my information is in those files too,” said Northcott. “If
they had been on for two weeks, I’d be very concerned. They were on
for part of a weekend.”
According to Northcott, hackers generally hack into a system to
prove that they can do it or to use the machine for something
illegal, like breaking into other computers or to share pirated
software. He added that college campuses are targeted in particular
due to high-speed Internet connections.
They have been unable to find who the hacker is, but Northcott
said that they intend to contact a number of ISPs indicated from
their investigation and inform them that they believe “there was
some illegal activity going on.”
“So far we have learned that the attack on our system was
similar to some of the Windows viruses that use the computer as a
base of operations for attacks on computers in other locations,”
said Jadushlever in the campus-wide e-mail.
Last August, Stanford University fell victim to a similar attack
when hackers were able to access their system and damage thousands
of computers through a weakness in Microsoft Windows.
In March, San Diego State University had to warn more than
178,000 students, alumni and staff that a hacker had gained access
to names and Social Security numbers.
More recently, UC Berkeley had to notify over 2,000 applicants
and students that their addresses, phone numbers and Social
Security numbers had been released online due to a server overload.
A similar case took place at California State University at
Monterey Bay, when roughly 2,800 applicants had their confidential
information released on the Internet due to an employee’s
mistake.
In January, the confidential information of about 2,100 students
and faculty at New York University was accidentally posted on the
Internet.
Northcott said that the accidental release of information is
less likely and easier to control than a malicious attempt at
gaining information.
“There are a lot of people on campus that have access [to
confidential information] and they are all trained to not give info
to anyone that shouldn’t have it,” said Northcott. “There is no
campus policeman to make sure this doesn’t happen but I sort of
take that role as educator, but not as enforcer.”
