WSU Alerting Community to Illegal Server Access
OGDEN, Utah – Weber State University is notifying more than 7,000 individuals to be on alert after a university computer was hacked into by intruders via the Internet.
"The protection of our students' personal and financial information is a serious matter," said Bruce Bowen, associate provost. "We are in the process of notifying all students who may have been affected by this illegal intrusion into our system and explaining what precautions they can take to protect themselves."
Computer security managers detected abnormal traffic on the university's network involving extensive communications with computers in Europe. Those abnormalities were traced to a computer in the Financial Aid office. The preliminary investigation revealed third-party hackers were able to remotely install programs and files on the machine, which was then used to illegally distribute DVD movie files. The illegal movie files were found on the same hard drive where sensitive financial aid data were stored.
"It appears that this machine was remotely configured to assist in the distribution of pirated DVD movies," said Don Gardner, WSU's chief information officer. "We can't say with 100 percent certainty that these financial aid files were untouched. In light of that, we decided it was important to let people know about this incident, because of the possibility that sensitive personal information was compromised."
The infected machine was designated specifically to transmit federal financial aid applications to the Department of Education in Washington, D.C. The files on the server contained personal and financial information, including names and social security numbers, of students who applied for financial aid.
WSU began mailing notification letters July 30, and the process is expected to take several days to complete. The letter briefly explains the incident and provides information on additional resources to help individuals prevent and respond to identity theft.
"This was caught fairly quickly thanks to the security measures in place, which limited the hackers' window of opportunity," said Gardner. "Still, it serves as a reminder of the need for ever increasing vigilance in protecting sensitive data and information." Gardner said that in recent years, universities and colleges have become frequent targets for these kinds of intrusions.
Upon discovering the intrusion, the university took immediate steps to secure the specific computer and plans to take additional steps to safeguard all systems.
"This is an unfortunate consequence of the technological world we live in," Gardner said. "We are dealing with some very sophisticated individuals who prey on networks in an effort to exploit them for criminal purposes."
WSU has contacted the FBI about the incident. The university has also provided the IP addresses of machines in Europe involved in this case to international computer security organizations in hopes of preventing future attacks by these parties.