Sunday, December 21, 2008

Hackers strikes LCCC system - - 20 Dec 08

ELYRIA — A sophisticated computer hacker was able to breach the security system of two Lorain County Community College servers in an attack during the Thanksgiving holiday break.

It is believed that the hacker was not attempting to steal information or identities, but rather to pirate available server space, said Marcia Ballinger, vice president of strategic and institutional development. The attack did not disrupt the college’s operations.

Still, the breach is being investigated by forensic experts and the FBI.

One of the servers contained the records of approximately 22,000 students, community users, and employees and their Social Security numbers. That server hosted the college’s library card system.

“We believe from the computer forensic experts that no one’s personal information was targeted,” Ballinger said.“Still, the college believes firmly in being as aggressively precautionary as possible in not only notifying everyone involved, but by also contracting with Equifax and making credit monitoring available for one year to anyone whose information was stored on that server.”

By working with the college’s computer experts, the FBI’s forensic experts will continue to investigate the breach in hopes of identifying the hacker, said Scott Wilson, FBI spokesman.

“We will attempt to track and identify the person who did this, as well as determine where the hacker is from,” Wilson said. “We have quite a few computer intrusions that are committed from a foreign country and, if that is the case, we will work with that country’s government to ensure the hacker is prosecuted accordingly.”

Everyone affected by the breach was notified by the college in a letter sent Friday. The letter, written on LCCC letterhead, contained information on how to contact Equifax and sign up for the credit monitoring system.

Those who did not receive a letter were not affected, Ballinger said.

When the breach occurred, LCCC’s system detected the downloading of application files and a virus alert was initiated. The College’s Information Systems and Services staff immediately shut down the servers and blocked access, Ballinger said.

Hackers like the one who attacked LCCC have long since advanced from hobbyists who breach systems for fun.

They are now international criminals intent on committing elaborate cyber crimes.

With available server space, hackers can take those crimes to a whole new level by launching underground Web sites that bounce from one IP address to another undetected.

This is a major concern for institutes of higher education, Ballinger said.

“Colleges and universities are targeted because we have strong, robust bandwidths,” she said. “The capacity that a college or university has is greater than what businesses and individuals may have and — as a result — we are high targets. As much as IT professionals are trying to stay up-to-date with these types of crimes, cyber thieves are likewise trying to stay one step ahead of authorities.’’

LCCC has not experienced any hacking or cyber attack incidents in the past.

But other colleges and universities in Ohio have been targeted in similar ways. Ohio University, Miami University and Antioch College all have experienced security breaches in recent years.

Educational organizations accounted for nearly one-third of all U.S. data-breach incidents during the past three years, according to the Privacy Rights Clearinghouse. About 58 percent of college IT officials nationwide have dealt with at least one computer-security incident in the past year with the increase in cyber attacks on college campuses has dramatically increased between 2006 and 2007 with 67.5 percent more incidences being reported in just one year.

Wilson said the increase has moved cyber crimes to No. 3 on the FBI’s list of priorities, behind terrorism and counterintelligence.

By Lisa Roberson

No comments: