FBI investigating VCU cybersecurity threat
After an email Friday morning that warned the VCU community of a potential breach in informational security, VCU Police and the FBI are investigating the cause of the intrusion of a VCU server.
Mechelle Hankerson
News Editor
After an email Friday morning that warned the VCU community of a potential breach in informational security, VCU Police and the FBI are investigating the cause of the intrusion of a VCU server.
The email warned students, faculty and staff a server containing the personal information of 176,567 current and former members of the university had been hacked but the risk of information actually being taken was low.
The server contained some contact information, Social Security numbers, numbers and other forms of personal identification.
According to VCU Technology Services chief information officer Mark Willis, the original intrusion was an Internet worm that infected one of VCU’s web servers back on Oct. 18. The intruders didn’t do anything, so unusual activity wasn’t noticed until Oct. 24, at which point Technology Services launched an investigation.
VCU Technology Services took the servers offline and fixed the original vulnerability that allowed the intruders to access the servers. However, the intruders were able to access another server with personal information of the VCU community for a 16-minute span of time.
Friday’s email warned students and faculty about the possibility, but Willis said the likelihood of the intruders actually using the information is very small.
“The only thing we have recorded that the intruders did on the server was create two accounts and downloaded some files onto that server,” Willis said.
“(We have) no evidence that they opened up those data files or even knew the data files were there or did any other activities.”
Willis said the intruders were most likely trying to use the server as a command-control center for a botnet. Botnets are networks of infected computers that people use to send out spam or for other malicious purposes.
It is unknown at this point if the intruders were students or not, but Willis was able to confirm that the original intrusion came from outside VCU’s network.
Since the detection of the compromised security, Willis said Technology Services has made some changes to make sure personal information is protected from further threats.
In addition to immediately taking the two compromised servers offline as soon as the intrusion was identified, Willis said more security layers have been added to the servers.
The new security efforts will make it difficult to access servers from the outside, and if an intrusion does occur, makes it difficult to send information out from the inside.
In an effort to prevent a situation like this one happening again, Willis said VCU will bring in an outside security consultant. He said the consultant will be evaluating the university’s cybersecurity practices. The consultant will also be looking at all the university’s servers, computer center and network.
Willis said Technology Services plans on bringing in the outside consultant “immediately.”
If concerned about the security of your personal infromation, visit wp.vcu.edu/securityincident/2011/11/12/what-should-i-do/
