AOH :: ISN-3057.HTM

FBI still investigating Bethel server hacking

FBI still investigating Bethel server hacking
FBI still investigating Bethel server hacking 

Managing Editor
September 26, 2006

UAF police asked the FBI to investigate the hacking at the Bethel campus 
in April, but answers remain illusive into who illegally accessed a 
server containing personal information for 38,941 current and former 
students and employees.

"Right now, it's still a pending investigation," said FBI spokesman Eric 
Gonzales. "So at this point, there's really little I can say on the 

Sean McGee, UAF chief of police, said he chose to involve the Federal 
Bureau of Investigation in the investigation on April 24, four days 
after UAF announced the hacking occurred.

UAF announced April 20 that hackers accessed server at the Kuskokwim 
Campus in Bethel multiple times from February 2005 to January 2006.  
Records later showed that university official in Bethel had known about 
the hackings since at least October.

According to an information resource security incident report, dated 
April 18, the Bethel-based Windows 2003 server was called "Yukon."  
Hackers had accessed it and installed rogue FTP servers into the 
computer, the report says.

No one was fired because of the hacking, said Steve Smith, the chief of 
the UA Office of Information Technology.

Handling the FBI investigation is the Anchorage field office, which 
"employs individuals with the necessary training, experience, and 
equipment to investigate this type of criminal act," McGee said via 
e-mail this summer.

Smith said it could be a while longer before the FBI wraps up its work. 
The bureau probably has higher priorities, he said.

Law enforcement officials have also utilized the computer forensic 
facilities at UAF's Advanced System Security Education, Research and 
Training Center.

"It sounds to me like they have it and it's not officially closed, but 
it's not the first thing they do in the morning," Smith said.

The UAF police received no reports of identity theft during the summer 
that appeared connected to the Bethel hacking, McGee said.

UAF police did receive a report Aug. 23 from a woman in Anchorage who 
said an unauthorized bank account had been opened in her name, according 
to police daily incident reports. The unnamed woman, who used to be 
affiliated with UAF, said the incident might have been related to the 

Lt. Syrilyn Tong said no proof exists to substantiate her claim.

In response to the Bethel hacking, the university is trying to tighten 
security and reduce its use of Social Security numbers.

OIT performed a system-wide search for other hacked systems or systems 
with files containing personal information and found some computers with 
those types of files. The office isolated those systems and removed 
them, Smith said.

In addition, OIT is preparing to spend at least $200,000 to engage a 
consulting firm to do an external review of the university system, Smith 

"This review will look in particular at UAF, but it will also look 
across the system because we are all connected," Smith said.

The external review will be discussed Oct. 5 at the Information 
Technology Council's monthly meeting. The meeting is open to the public.

A task force is also drafting up policy to put before the Board of 
Regents as early as December on how Social Security numbers should be 
used on campus, university spokeswoman Kate Ripley said.

Several systems still use Social Security numbers as identifiers. On 
UAOnline, students can use them if they don't remember their 30 million 
numbers, the administration's name for the student ID's it assigns 
students on their first day of enrollment.

"We're really looking to craft some policy to go before the Board of 
Regents that would sort of direct that this is a real priority and that 
it's something we want to take care of," Ripley said.

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2015 CodeGods