By Eric Swedlund
Arizona Daily Star
Foreign hackers infiltrated the UA's computer network several times in
the last two months, depositing files on numerous servers and
workstations in the library, Student Union and procurement office.
University of Arizona investigators have no evidence of other tampering,
and they are uncertain about the hackers' motives. With the
infiltration, the attacker or attackers could have gained access to
other data, although personal student information and research-oriented
information were not at risk, said Michele Norin, executive director for
the UA's Center for Computing and Information Technology.
"Across the three areas, the impact was upwards of 30 servers, and we're
assessing upwards of 350 workstations," Norin said. "We're still trying
to define all the details of how it occurred."
The hackers installed software that enabled them to store files, such as
movies or games, on the systems. In similar breaches, hackers typically
enable others to access the files, but it wasn't clear whether that
happened to the UA computers, Norin said.
"Being able to put files on machines is pretty common across any
organization that manages a network," Norin said. "What is unclear is
the ulterior intent in terms of whether they were trying to see other
information or not. That could indicate a different motive."
On a few computers, hackers installed software that captures and logs
keystrokes and can be used to catch log-in names and passwords.
"Because of the potential of what might have been captured, that led to
analysis of all the systems and all the machines," Norin said. "We can't
confirm that anything was captured or that it was used for anything. All
we know is that it was there."
The breach was noticed last Tuesday, the first working day after the
holiday break, when a typical process failed to run, raising a red flag.
The computers were hacked in November and December.
The breach wasn't a particularly unusual or sophisticated attack, but it
was notable for the number of workstations and servers it hit, Norin
said. The attacks appear to have originated in France.
In addition to the internal investigation, campus police and the FBI are
conducting a criminal investigation. Sgt. Eugene Mejia, the UA Police
Department's spokesman, directed all questions to other campus
Provost George Davis wrote in a campus memo that the affected servers
and computers were removed from the campus network, and all computer
network managers have searched their areas for intrusion. No additional
breaches were found.
The library network which also runs the science and music libraries and
the Center for Creative Photography system has been restored.
Interlibrary loans, e-mail and e-reserves were temporarily disrupted.
In the Student Union Memorial Center, payroll processing and the student
meal plan were temporarily disrupted, but they have been restored.
In Procurement and Contracting Services, online purchasing and surplus
operations are not functioning. Temporary equipment installation is
letting staff members operate normally, but they're unable to continue
projects initiated before the breach was discovered.
If the investigation reveals the breach of any personal data, the UA
will notify the individuals affected, Norin said.
"I know people will be concerned about data, and we will of course
notify as needed once we're more sure about what that data is," Norin
The UA's system, like most large computer networks, is a frequent target
of hackers. In February, Romanian hackers were able to breach computers
in the UA's journalism department, creating havoc for students.
Subscribe to InfoSec News