Two former students, Joseph Camp and Daniel Fowler, at the University of Central Missouri have been indicted on the charges of breaking into university databases. They acquired over personal information on 90,000 students, faculty, staff, and alumni and attempted to sell the data. The students launched a virus on the UCM computer system and attempted to steal funds from the university.
The duo completed the attacks during last year's fall semester while they were both students at the school. They used a dorm room as the "home" of their attacks. They used a virus to infect the system - the source was typically a USB drive that they convinced people to insert into their computers. Another way they launched their virus was through enticing links in e-mails.
The virus allowed them to monitor all happenings on the network - including keystrokes, steal data, etc. It seems as if their main motivation was money because they attempted to sell the data they stole and add money to their student accounts.
I think that the cause of the event was fairly obvious. The users that allowed Camp and Fowler to gain access to their systems by either inserting a USB drive into their computer or clicking on a link in an e-mail.
I think it is necessary for everybody to become as educated on information security as possible. It is obvious that some education could have prevented this attack. If individuals would have known that the links were not safe to click on and to not load a USB onto their computer then it could have been prevented. Every user needs to be cautious all the time because there could always be somebody attempting to gain access to your computer (and personal information). On a larger scale, I think that the university needs to protect their students. I think that they could involve some sort of data encryption (possibly a hash function or triple DES) for very personal information. Although it would take more time and money to retrieve the data, the school could be certain that their students' information is protected.
http://www.computerworld.com/s/article/9197884/Two_former_students_charged_in_university_hack_in_Mo.?taxonomyId=17
Tuesday, November 30, 2010
Subscribe to:
Post Comments (Atom)
Posts
I agree that overall caution could have softened the blow a bit. It is still hard for me to believe Fowler and Camp were able to convince people to insert the USB drive onto their computer- it seems like they would have noticed something was fishy right away. However, like you said Blake, the university should have been more protected in this case. University systems store a great deal of sensitive data, and UCM cannot guarantee its records are safe now just because the two hackers have been caught. It seems like Fowler and Camp have malicious intent, so we might not know the extent of the damage yet.
ReplyDeleteHopefully this attack hits home for other universities and IT administrators take a closer look at their systems, especially if the system is centralized, like that of Notre Dame. Perhaps access controls should be revisted also. That way, it would be harder for a hacker to penetrate the entire system.