Spring Break
University tries to patch security hole
By: Jessica McCann
Issue date: 3/1/07 Section: News
 Photo Illustration by Daniel Bates |
Computer system administrators at Texas A&M intercepted an attempt from an on-campus computer to gain unauthorized access to encrypted passwords to University accounts early Saturday morning, interim president Eddie J. Davis said Wednesday.
"We are undergoing an extensive investigation to identify the person or persons who perpetrated this act," Davis said. "While we know of no illegal or fraudulent use of information as a result of the unauthorized access, the access itself was illegal. We are committed to taking all possible steps to avoid use of such information. As a precautionary measure, all students, faculty and staff will be required to reset all current NetID passwords immediately."
The break-in to the University System potentially affects 96,000 accounts that use NetID usernames and passwords, including Neo, MyRecord and WebCT. Financial, payroll and student administrative systems are not affected. University officials said the encrypted form of faculty, staff, student, applicant, recent graduate and System employee passwords were accessed, though whether or not the passwords were stolen is unknown.
"Because we cut them off as soon as we recognized that this was an intentional break-in, we don't know for sure if they actually obtained the information," said Tom Putnam, executive director of Computing and Information Services. "We don't how long they had access either, but once everyone changes their passwords, the threat is eliminated."
A security breach of this nature has never occurred before at A&M, Putnam said. There are mechanisms in place that continuously scan the system to detect any unusual activity or behavior. These mechanisms alerted University officials to the foreign access, allowing them to restrict the computer used to perform the break-in. But a flaw in the system initially allowed the hacker an entrance.
"We did find a weakness pertaining to our current system," Putnam said. "We've made technical changes to the system to plug the holes that were used to comprise the information."
The encrypted passwords will have to be decrypted before they can be used to access any accounts, and that will take time, Putnam said. The motives of the attackers are unknown.
"You can speculate," Putnam said. "Why do people climb mountains? The people who do this kind of thing probably do it because it's a challenge."
Be sure to include your name, major, and class year. Submissions without this information are subject to deletion.
By submitting a comment, you agree to thebatt.com's Terms of Use.
You may also send a Mail Call to The Battalion at mailcall@thebatt.com