Iowa State University Announced Major Security Breach

Threatpost.com reported on 23rd April, 2014 quoting Officials of Iowa State University in Ames, Iowa, United States as saying "Personal data of nearly 30,000 alumni including Social Security numbers was compromised during a data breach".

The University released a letter saying five servers of the department were compromised and all of them had personal details of students of classes in computers, materials science, world languages and engineering. Each of the systems was maligned with BTC (bitcoin) mining malware.

It was found that hacking was due to bitcoin mining which is a beneficial prospect engulfing the international BTC community. Bitcoin mining comprises of solving difficult algorithms of mathematics and involves exponential power of computer and a mammoth amount of graphics cards.

An investigation in this matter reveals that the attack took place on 3rd February, 2014 but the University discovered it on 28th February, 2014.

Servers of ISU were upgraded shortly after but the breach could not be resolved till beginning of March 2014 because of defense mechanism built inside the malware.

Threatpost.com published news on 23rd April, 2014 quoting Jonathan Wickert, ISU Provost and Senior Vice President as saying "We don't believe that personal information of our students was the target in this incident but it was exposed to affected former students. We have informed law enforcement and asked students, whose Social Security numbers were compromised, to monitor their financial reports".

Moreover, the University is also contacting 18,949 students whose University ID numbers were located on the breached servers in addition to their Social Security Numbers.

Csoonline.com published another statement quoting Wickert as saying "Those IDs are only used for school authentication with a password and hence no financial risk is involved".

This is not the first time that nasty cybercriminals have used bitcoin mining to implement their nasty criminal campaigns. Before the above discussed incident, in early April 2014, a Dutch bitcoin miner was arrested by security officials for stealing electricity to power 21 computers for mining bitcoins. However it was unclear that how many bitcoins were actually mined in the farming operations.

» SPAMfighter News - 5/5/2014