UAF investigating breach of Kuskokwim Campus server

 

UAF investigating breach of Kuskokwim Campus server

Submitted by Marmian Grimes
Phone: (907) 474-7902

04/20/06

FOR IMMEDIATE RELEASE
April 20, 2006

Fairbanks, Alaska--University of Alaska Fairbanks police and the UA Office of Information Technology are investigating a recently discovered security breach of a server at the Kuskokwim Campus in Bethel.

University officials will be available to offer information and answer questions on the incident during a 1:30 p.m. press briefing in the second-floor conference room of the UAF administrative building at 3295 College Road. Media outside the Fairbanks area may participate via audioconference at 1-800-519-1987, meeting number 7826357.

The compromised server was used for routine business at the campus and housed, among other information, two files that contained nearly 39,000 names, e-mail usernames and social security numbers of current and former UA and UAF staff, faculty and students. The data in one of the files included information on people who were issued UAF or UA e-mail accounts since at least 1995. The other file was smaller and contained user IDs and passwords for Bethel students and employees.

Though it does not appear that any other personal information was housed on the server, the university is working to determine the extent of the breach and is contacting individuals whose information could have been compromised. Although investigation shows that break-ins to the server started in February 2005, thus far the university has received no reports of identity theft associated with the incident.

"In most cases, people who break into computer systems are doing it to prove they can, or to transfer videos and music illegally,"? said Fred Smits, UA director of infrastructure technical services. "Very few people look for personal information or use it with any evil intent. In this case we found no evidence that the personal information was the target."?

Staff, faculty and students can get more information about the security breach and the steps they can take to protect themselves at www.uaf.edu/security/IT_security.html. The page includes updates on the investigation, as well as information on how to issue a fraud alert to credit reporting agencies. In addition, UAF has set up a call center to answer questions from those affected by the incident. The toll-free number is 1-888-331-8003.

A computer technician at the Kuskokwim Campus first noticed an anomaly on the server on Thursday, March 30 during system maintenance. The technician followed normal protocol and initiated a trouble call with the Fairbanks help desk the same day. The university assigned a technician to the problem the following Monday.

"Our technicians log thousands of trouble calls every year,"? Smits noted. "Most of them are relatively minor issues or application problems. Very few of them become security issues."?

In this case, computer technicians continued to investigate the anomaly and on Wednesday, April 5 identified a possible security issue. The case was forwarded to security technicians who conducted forensic scans. Late on April 6 they discovered an unauthorized program running on the server. The program was immediately shut down. The following day, after personal information was found on the server, technicians closed the server to incoming traffic, quarantined the files containing personal information and shut down the server. A technician from Fairbanks traveled to Bethel over the weekend, installed a new server and brought the compromised server back for examination.

The university immediately began efforts to ensure the security of the entire UA system network, compile accurate regular and e-mail mailing lists, and develop comprehensive communication tools.

Starting on Tuesday, April 11, the Office of Information Technology began a thorough forensic analysis of the compromised server. At this point there is no indication that the personal information was accessed or that it was the target of the break-in. Further analysis may or may not reveal precisely what--if any--information was accessed.

Meanwhile, police and the university warn that publicity surrounding events like this actually may result in additional efforts to obtain sensitive personal information. Other than the letter being e-mailed today and going out by regular mail Monday, the university will not initiate any contact about this incident and will not ask for confirmation of any information, such as address or Social Security number. If you receive such a request, it is not from the university. UAF police ask anyone with information about the break-in to call (907) 474-6200.

CONTACT: UA Chief Information Technology Officer Steve Smith at (907) 450-8383 or via e-mail at steve.smith@alaska.edu. Fred Smits, director of infrastructure technical services, at (907) 450-8330 or via e-mail at Fred.Smits@alaska.edu. UAF Public Information Officer Marmian Grimes at (907) 474-7902 or via e-mail at marmian.grimes@uaf.edu.