Hackers strike Georgia Tech computer, gain credit card data

[InfoSec News <isn () c4i org>]

http://www.accessatlanta.com/ajc/business/0303/28hacker.html

By BILL HUSTED 
The Atlanta Journal-Constitution 
3/28/03

Computer hackers invaded a computer at Georgia Tech and copied names,
addresses and -- in some cases -- credit card information for 57,000
patrons of the Ferst Center for the Arts.

Tech said the database held credit card records for about two-thirds
of the 57,000 people. Some cards had expired. The hackers had access
to the computer between Feb. 4 and March 14, when the attack was
discovered.

Ferst is an entertainment venue that offers concerts, recitals,
lectures, dance, film and theater to the public.

There's no evidence any credit card numbers have been used by hackers.  
Tech sent letters to patrons this week warning of "a potentially
serious security breach." The letter advised them to check with credit
reporting agencies and credit card companies to make sure their
information is not being used fraudulently.

Tech's computer security experts discovered the attack through
internal monitoring, said Bob Harty, a Tech spokesman. It used a
tactic known as "denial of service." Once hackers invade a networked
computer, they can take control of it and use it to overload Web sites
and other computers with data.

The same stealthy program that lets hackers control the computer -- a
so-called Trojan horse -- provides a secret back door into the
computer and its contents.

Tech said its experts believe hackers did not immediately copy
customer records.

"As best we can tell, we think nothing happened until March," Harty
said.

Tech is nationally recognized for engineering and computer technology.  
Harty admitted: "It is always tough to go public. There is much
chagrin here. We are not happy about it all."

Tech admitted the Ferst Center computer was lost in the shuffle after
control of it was transferred from one department to another. It was
not protected by a firewall, something that even home users often do.  
It had not recently had its security software updated. As a result of
the incident, a security survey is being made to find any other
unprotected computers.

Harty said Tech could have simply notified credit card companies and
not patrons. He said credit card companies would have notified
customers of the problem, but "frankly they would have not identified
the source of the problem."

Tech has told the GBI and FBI about the break-in. Harty said there are
no suspects, and "it is our understanding that it was someone not in
this country. I would prefer not to get too specific."

Chris Rouland of Atlanta-based Internet Security Systems said hackers
specializing in "extracting financial information" seem to be
concentrated in South Korea, Eastern Europe and the former Soviet
republics. Based on similar crimes, Rouland offers little hope of an
arrest.

Rouland wasn't surprised by the attack, even at a institution like
Tech.

"We find if you plug a computer into the Internet without protection
it will generally be hijacked within four hours," he said. Rouland
said universities are especially desirable targets because they offer
a lot of computer bandwidth for hackers to use.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.