Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Space-Seeking Hacker Takes Files

From: InfoSec News <isn () C4I ORG>
Date: Tue, 27 Feb 2001 21:12:33 -0600
http://www.wired.com/news/culture/0,1284,42051,00.html

Associated Press
10:35 a.m. Feb. 27, 2001 PST

BLOOMINGTON, Ind. -- A Web surfer in Sweden got into an unprotected
Indiana University computer, removing more than 3,000 student names
and identification numbers while leaving behind a cache of downloaded
music files.

University officials believe the student data was taken by accident,
since the person was looking for computer space to store the MP3
files.

"It's a common trait for students to look for storage space on the
Web," said Perry Metz, associate vice president of the university's
Bloomington campus. "They go to Napster, find all these music files,
then need a place to store them."

The university server was unprotected Feb. 6 because the system had
crashed and the person who normally fixes it was out sick, Metz said.
Another employee who brought the system back up reconfigured it
improperly, leaving out security safeguards, he said.

The computer used to break into the university's server was traced to
a university in Sweden.

"When they found this open server, they used it to store and then
re-access a lot of music and video files," Metz said. "It was only in
passing that someone exported this data file."

The data file contained the names of 3,100 graduate students, along
with many of their Social Security numbers. Letters were sent to
affected students Friday.

There was no indication that any of the information had been used
improperly, Metz said.

"My hope is that when they saw it wasn't a music file, they simply
deleted it," he said.

Graduate student Garvey Pyke said he spent much of Saturday sorting
through his financial information to prevent any problems.

"I couldn't believe how violated I feel by the university, that they
didn't protect my private information," he said.

University police were investigating and the FBI was notified, Metz
said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: