[ale] GT Hacked in early March?

Keith R. Watson keith.watson at gtri.gatech.edu
Thu Apr 11 08:54:48 EDT 2002


Cade,

Here's a copy of the official announcement that came out with a link to a 
web page for more info.

STATEMENT FROM GEORGIA TECH
ON A RECENT COMPUTER INTRUSION

In the early morning hours of Sunday, March 9, computers hackers
circumvented Georgia Tech server security and gained illegal
access to a server in our business office.  Our investigation
reveals that the system was used as an illegal FTP site and
appears to have been used to distribute large digital files
(e.g. movies, music, etc.).  The intrusion was potentially
serious and resulted in the downloading of some 350 gigabytes of
data from that server.  This illegal entry also gave the
intruder the opportunity to view files that were resident on the
server.  Files housed on this system date from as far back as
July 1, 2000, and may include:
   --Travel and reimbursement vouchers for employees, which may
     contain credit card, social security numbers, and
     signatures;
   --Images of receipts and invoices related to the above;
   --Personal contact information;
   --IDs and passwords for access into our P-Card (on-campus
     credit card purchase system)
   --Files available in the P-Card system include:
   --Account numbers and expiration dates
   --Employee ID numbers
   --Employee address and phone numbers
   --All transaction information for roughly the last two years.

While nothing may come of this, there are potentially serious
ramifications.  The Institute has already taken steps to limit
access to this information.  Our foremost concern, however, is
for the integrity of any personal information that may have been
accessed.  Any employees who have submitted travel or
reimbursement vouchers since July 1, 2000, and who did not
follow Institute guidelines on blacking out personal credit card
information, could be at risk.  A spot check of information in
the system found some credit card numbers, Social Security
numbers, personal contact information, and drivers license
numbers from supporting documentation to Travel Expense
Statements.  That risk to those whose information may have been
in the system includes identity theft and/or unauthorized credit
card usage.

We are in the process of trying to further pinpoint who may have
been impacted and will be providing information to unit business
offices over the course of the next few days.  Initial estimates
are that fewer than 1,000 faculty and staff could have had
information in the compromised system.  In the meantime,
however, there are a number of things that anyone who may be in
this situation should do to prevent or mitigate any problems.

1.  Contact the credit reporting agencies and tell them that
your personal information may have been compromised and request
a credit report.  The three agencies are listed below.  Please
know that there is no need to pay anyone to obtain this
information, unless you want to receive it in an expedited
fashion.  This is a free service.
     -Equifax - (800) 525-6285
     -Experian - (888) 397-3742
     -TransUnion - (800) 680-7289

2. Contact your credit card companies and inform them that your
credit card number may be compromised. The phone number for your
company should be on the back of each credit card.  If not,
contact the financial institution through which you received the
card.

You should also check a Georgia Tech Web site that has been
established specifically for this issue.  You may find it at
http://www.fraud_concern.gatech.edu.  There, you will find
additional information and links to other sites that may be
helpful.

The Institute recognizes that those potentially impacted may
need time and resources to investigate credit history, cancel
credit cards, or take other precautionary steps.  As such,
supervisors are encouraged to allow anyone who may be impacted
to use Georgia Tech phones and computers, and use time at work
to take whatever steps are necessary to protect themselves from
potential fraud.

 >From an Institute perspective, there are a number of steps
already being taken to limit exposure.

--We have been in touch with the appropriate state and federal
authorities to assist us in the investigation of this crime.

--We are working with Bank of America on the P-Card issue and
they have been very helpful in the process.  Effective
immediately, all of the some 1,000 P-Cards are cancelled and a
process is in place to replace them all.  It appears that no
unusual activity has occurred with any of the P-Card
information.  Procurement Services will contact P-Card
coordinators and holders within a week to pick up new cards.  In
the meantime, if your department has to make a small dollar
purchase, you may use departmental purchase orders.  We
apologize for the inconvenience, but this is the most effective
solution to the intrusion problem.

--We will also be directly contacting any vendors which may have
been in the compromised system and alert them to the intrusion.

--We have altered access to the system in question and will now
have very tight access controls on those and other servers.
Some of that access control may result in changes to who and how
information is accessed.  Those impacted by these changes will
receive specific information on that.

--We will be providing unit heads with a listing of personnel
who have received reimbursements documented in the compromised
server.  Unit business personnel are encouraged  to assist staff
in any desired review of past Travel Expense Statement
supporting documentation.  Procurement Services and Accounts
Payable staff can assist in document retrieval if unit records
are not available.

Network attacks are sadly commonplace phenomena on university
campuses, in corporate headquarters, at government institutions,
and on personal computers.  As written about in todays Chronicle
of Higher Education, the trends toward network attacks are
decidedly on the rise.  Universities are particularly targeted
due to our open society culture.

We hope to provide as much information as possible to prevent or
minimize any problems to individuals or the Institute.  OIT has
established a Web site at http://www.fraud_concern.gatech.edu.
Please take the time to review the information there and avail
yourself of it, if you think that you may have had personal
information in the system.  We will continue to try and keep you
abreast of any developments with this issue and will post all
mass communication to this site as well, for future reference.

We hope that no problems arise as a result of this criminal
intrusion into our business systems.  We also hope that by
letting everyone know of the potential for problems as soon as
reasonably possible, that we can prevent anything from arising.

We dont know all of the answers at this point, but are working
hard to find them.  If you need additional information, you may
contact an e-mail established specifically for this effort at
fraud at gatech.edu.  You may also contact Judy Whitfield in
Procurement Services at 404.894.9054.  Please understand,
however, that there may be problems getting through to that
number immediately.

We will continue to provide you with information as it develops
and we appreciate your understanding and patience as we navigate
through these uncharted waters.


keith


At 16:37 4/10/2002 -0400, Cade Thacker wrote:
>http://www.cnn.com/2002/TECH/internet/03/20/georgia.tech.hack.idg/index.html
>
>anybody have any follow up info?
>
>--cade
>
>On Linux vs Windows
>==================
>Remember, amateurs built the Ark, Professionals built the Titanic!
>==================
>
>
>
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>sent to listmaster at ale dot org.

-------------

Keith R. Watson                        GTRI/AIST
Systems Support Specialist III         Georgia Tech Research Institute
keith.watson at gtri.gatech.edu           Atlanta, GA  30332-0816
404-894-0836

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list