Sunday, May 10, 2009

UCB Hacked







One of the servers at The University of California Berkeley (UCB) has been compromised by hackers. This was not discovered until April 9th of last month and has been going on since October 6th of 2008. It’s amazing how the hackers were able to maintain control of the servers for such a long time of such a big educational institute. It was discovered, by tracing and technological forensic experts, that the hackers originated from China.

The hackers were discovered when a system maintenance worker discovered a message left behind by the hackers. Apparently, it is common for hackers to leave behind secret hidden messages that tell the victim they are being hacked, similar to provoking or playing with the pray. I don’t really understand why they would want to give away the fact that the victim is being hacked since the hackers could have probably maintained control of the server if there were no traces left behind.

It appears that similar incidents has happened before where information has been stolen from UCB, however those cases usually were resolved before anything too major happened. This time, it seems like the thefts got away with 97,000 social security numbers of the staff, facility, and students there. It is also interesting to note that the notifying email sent out to the students and staff warning them of the security breach was not sent out until two days after the discovery of the hacking. Something as major as identity theft should be reported immediately to the victims.


Source: http://tech.yahoo.com/news/ap/20090508/ap_on_hi_te/us_tec_uc_data_theft

1 comment:

  1. Timmy,

    As someone who has had identity theft problems in the past (I used to live in San Bernardino, which has become a raging capital of identity theft), this sort of thing really gets to me. You complain about the university's response time, and that makes sense. My own complaint is about law enforcement -- most police stations only have one guy assigned to "white collar" crime (and identity theft falls into that category). He's always being sent out, however, to support things like raids and other manpower-heavy actions. So most police departments never do anything about identity theft except to take down a report and file it.

    We actually were able to give them enough information that they would know who took our identities and *their street address* -- all an officer needed to do was make a phone call. Never happened. The thieves were using our ATM card number to pay their gas bill, which, being for a home, has an address attached to it. The gas company wouldn't give us the address, but said it would give the address to the police once the police called. The police said "thank you" for the gas company phone number and then didn't do anything.

    Incidentally: Did you know that the gas company won't ask for a PIN, and doesn't care if the name and address on the card's account don't match the name and address of a home owner paying a bill? If you have someone's ATM card number, without any other information you can pay your gas bill with it; the card's owner will have to argue vigorously to get the gas company to stop, and nothing is likely to happen to you in the meantime. Or, at any rate, that's the way things worked a few years ago. With any luck, they've rethought those policies...

    Okay, tangent over. Back to grading. (Interesting post!)

    - GS

    ReplyDelete