Hacker Breaks Into UMKC Computer System

[InfoSec News <isn () c4i org>]

http://www.thekansascitychannel.com/technology/2764780/detail.html

January 14, 2004

KANSAS CITY, Mo. -- A hacker broke into the University of
Missouri-Kansas City computer security system, compromising the
passwords of about 17,000 students, staff and faculty.

The school's Internet system was temporarily shut down Monday as
students returned from holiday break. Users were required to change
their passwords.

The hacker downloaded an encrypted file containing passwords for
university e-mail accounts, but there was no evidence other files had
been tampered with, said Tom Brenneman, interim director of
information services at UMKC.

"We are confident that we have stopped any and all problems with
this," he said.

The FBI is investigating the security breach.

UMKC employs a "single-sign-on" system designed to make it easier to
use several university services with the same username and password.  
The computer system allows a person with an e-mail password to access
financial information, human-resources records and student grades.

Officials would not give specifics about when the breach occurred and
the hacker downloaded the passwords. Faculty, staff and students were
told late Monday the breach was "discovered" earlier that day. But an
internal memo obtained by The Kansas City Star said the first sign of
a possible breach occurred Thursday evening, four days earlier.

Officials did not react until another incident was detected in the
computer logs around midnight Sunday.

"That's when we immediately decided to shut down the Internet and
change all the passwords," Brenneman said. He said the hackers likely
did not have time to unscramble the encrypted passwords before the
intrusion was discovered.

But independent computer security officials say a four-day span could
give hackers enough time to unscramble them and use the passwords to
access information.

"If someone got that file and knew what they were doing, they could
get working passwords, if they had it four days," said Gary Fish, head
of Kansas City-based Fishnet Security Systems.

The security breach occurred on a Windows-based computer that
authenticates the university's Microsoft Exchange e-mail.

Mary Lou Hines, vice provost for strategic partnerships for UMKC,
alerted the campus community late Monday to the break-in and said the
password file had been copied.

She assured faculty, staff and students that the file was encrypted
but added, "it has been demonstrated that these files can be cracked
once they are in the hands of the hacker."

Officials said they were pleased that new security monitoring software
placed on the system had alerted them to the breach. Brenneman
stressed the system was secure.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.