Server Breach at University of California Puts 160,000 in Danger

Hackers invaded the computer system of the health services department of the University of California, Berkeley, and potentially seized the private details of over 160,000 current and former students and other people, officials at the university said.

Shelton Waggener, Chief Technology Officer of UCB, states that those in the greatest danger of ID theft are about 97,000 persons, whose SSNs (Social Security numbers) had been compromised. However, it is still not certain if the hackers have been able to determine those SSNs against their respective individual names, as reported by cnetnews on May 8, 2009.

Meanwhile, the server hack is believed to have happened on October 6, 2008 but was noticed only on April 9, 2009 when the maintenance staff at the campus discovered messages from the hackers.

The indications, according to Waggener, point out that the perpetrators were taunting the system administrators about their successful invasion through these messages. This is a common approach of hackers for their identification.

The university officials said that they had tracked down the hackers' computers to places, like China, and they had also notified the campus police as well as FBI about it. Meanwhile, the university has hired a security company to examine its systems along with its measures of information security.

Despite the early notification to the FBI and campus police, it was only on April 21 that officials discovered the data theft. Since then, the investigators have been trying to determine the content of the stolen material and who were in danger.

Moreover, Slavik Markovich, CTO of Sentrigo, the hired security company, suspects it is an SQL injection attack that involves inserting a tiny malevolent script into the data supplying details to a particular site. The security company came to this conclusion after analyzing the mode of attack. Markovich further doubts if there are suitable monitoring tools on the university's computers as the hack was noticed after six months and why the university hosted various sensitive data on a single server.

Additionally, UC Berkeley's computers were hacked previously also when attackers accessed the university's research for the State Department of Social Services that put personal data of 600,000 people at risk.

Related article: Server-Side Polymorphic Viruses Beat Standard AV Signatures

» SPAMfighter News - 5/19/2009