Database - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Database


Hack at UC Berkeley Potentially Nets 1.4 Million SSNs



 By: Lisa Vaas
2004-10-20
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Database story.


Rate This Article:
Poor Best
By exploiting a known vulnerability on an unpatched computer, the hackers potentially gained access to some 1.4 million names, Social Security numbers and more relating to a care program for the elderly.

Hackers took advantage of a known vulnerability on an unpatched computer to potentially gain access to some 1.4 million names, Social Security numbers, telephone numbers, addresses and dates of birth at University of California at Berkeley, officials said Tuesday.

The personal data was that of recipients and providers for the states In Home Supportive Services program, which provides in-home care for elderly people. The data was being used by a researcher, who was studying the impact of wages and benefits paid for by providers and how it impacts the relationship between providers and recipients of in-home care, according to Carlos Ramos, assistant secretary at the California Health and Human Services Agency.

The FBI, the California Department of Social Services and the California Highway Patrol are investigating the breach, which happened at the end of August, according to comments made by UC Berkeley spokesman George Strait in news reports. The state was notified Sept. 27, after the school wrapped up its own investigation with the FBI.

Ramos stressed that the agency has received no indication that the hackers compromised the computer. Nor is there any indication that identity fraud has yet taken place.

Resource Library:
"The investigation is still going on, so I cant get into a lot of detail," he said. He did say that the researchers computer was connected to UC Berkeleys network. University security personnel were performing routine intrusion detection when they determined that an unauthorized user was attempting to get at the computer.

Ramos declined to confirm which vendors database was the subject of the attack but did say it was a "commercially available product" with a known vulnerability that was exploited. A patch for the vulnerability was available at the time, Ramos said.

That points to negligence in patching on the part of the university—a fairly common ailment among institutions of higher learning in the state, according to Jordana Beebe, communications director for the Privacy Rights Clearinghouse, a California-based organization that advises consumers about their rights.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

"Were seeing that [many] major universities and colleges have had a security breach and have had to send out notification because of unauthorized access to secure information," said Beebe, in San Diego. She went on to list a rash of incidents that have been reported since last year, when the state passed a security breach notification law.

To wit, this partial list: Documents containing sensitive information were found in a West Chester University trash bin in August. In May, 380,000 names, Social Security numbers and/or drivers license numbers on a Web server and three workstations were exposed to hackers at UC San Diego. In August 2003, hackers potentially gained access to a database containing the names, addresses and drivers license numbers of about 17,000 visitors from throughout the world at UC Berkeleys Bancroft Library.

Click here to read about critical Oracle vulnerabilities that have been publicly exploited.

Banks, government agencies and schools are at the top of the list as hacking targets, Beebe said. "A lot of private companies do have the wherewithal to make sure data is secure, but many higher institutes of learning are not up to snuff," she said. "Im not sure if its a money thing or accountability.

"It could be that with a place like UC Berkeley, theres so many systems there, and there might not be overarching oversight to make sure this [type of] hacking incident doesnt occur."

The California Office of Privacy Protection recommends that those who suspect their personal data may be at risk should contact one of the three major reporting agencies to receive free copies of credit reports. Contact information for reporting agencies and advice on how to place a fraud alert on credit accounts is located at the California Department of Social Services Web site.

Check out eWEEK.coms Database Center at http://database.eweek.com for the latest database news, reviews and analysis.

Be sure to add our eWEEK.com database news feed to your RSS newsreader or My Yahoo page



  Reader Comments: Hack at UC Berkeley Potentially Nets 1.4 Million SSNs
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Database Articles          >>> More By Lisa Vaas
 


x}r8qռFsw1EiJX;嵔x3uT IS$hK?Kg%L8$n4w~ I ӞKXXcSݣ&}$]!4YJ)kJS]MHѻFYntj+w#<D&/hԞhT a@Y2t4;s>%7esM/cۨW`&`1\tm8|Td'|5{K6 !&H|,j="?J%XqL'H;a\|kԴ Q#R) J8L7[hd} =k}|-Vya+ w-myDƖN-Gȓ CXy9lB,!"BτwGhA%˙:i@ؒI5hm j#ӨRcbx=;wXSVP4j&ܴ9gj5[gNcױ}ǣ.&$ftj6?ŵ (Ok.oRM|'C;)X۱*mS2*cMz6³̂]olb#6fzmCO|l ͟Q~$ꎧc"3Nlˑ,kFp0閩mȺuw*(JT9<Em8eڋ&Ne[ԝwz{˯RMQRrp;.GA܍Ɩfn&;ijY=!^\ǭ[r = +tm%& z DTUjrx$" P}fCC$ /@BK ZQWB-òZRr ɥq'i̮g f Z҄ 'E)"'Îlj^ 77A '77bٚXC J@5$R0LMEYwYt{'g:S/l3H//lixmk"󁭡"pHFPR ?#1?]w,RN.z mT;247QZh,w drF,, QhFU x%%6ȜcP5 4];J~sC#C^7iF5f!aN`qsa7 @̀kiF5 (,egy05AN)V1v% `3R˼Zo d|!CUC5ɿE+dԜөj$o# iF\B(PȀQ~*nU6\mni>U<:y6wܬM&ԴZ߹᭲~J ށY=pujǧ`~߅)gF8 H!e޴$8WG9UG^;UGT!gq\Ct[XQřt 2hbXvP7D[XAQ?/@M4isc>7ǚm'#nJ$ >R7ZЉχjSɦ/MB:ǻښC "(Qұ4|мaqjQ?]*vh `-D>ho 9#*kM T<ģB~v ]|'s\n( 7^!hxrI2% DEMi@(P!$-N`r,lbo(?LHXVZppVݞHpHV?W+3aGe5n^ _ 23CEɴ"Y9yDU#BU`B]ᛦLMam Sn۠oV*cU=5& MX,daZi &L@: 5$&.a*q90A{@L\nGpIN3_hy>epGҶL/j @~V&]\qαrB&5b$ӠCO 7Bʶf/,j0tjQ6tT0VSHH*6@\0,# %.#?ԉ0Z?Lp3w{jN`b;E3eE.W۟Ax#NbZR$ڬY=wl dAq!z?Xr 3XSq=zE>^ii;M/<=zqg#Caچe .G4&fj>Y] "^|W@(KЁUruX˹kjpx2u}- /_$g7.y+lBkLtDm ' #|Zf!WZ"gq2UKeEqL~6=2.eX"PX.>mRLr1'j9Y$tFi.Z*4E8p uT#!ʼn\r0uIXUTySg4vB DwUJm [̝ڥ3$!U4:R Qڄu&t0}yL㽝  A;E . % H m"\b Th\c¸UqKQгSK"nΛhA{h]>L,'~DJP} u@=ܸv?fCŜU^of/x$z\nctxC)J~\Q:qVXf7-7Q)4KușLrs`ѝ?s}dͶ1{SpDo) @g!ڒA5XYf5x/L<5}!zo}BZY\Q"+ȣcY ~ ɍ( 5V8wf;" O>a=EGf0#Lp^Nwހ5-?$Fd#ӀZ/q|\_.S?v3_o%0כ.򧩔ꇍޯEAQm^LjBf(dL4=i;J8K1; ~pq㉱xXF_`uEf^2U{YoƱ vogyͤլp#o|=[0 e0\وq\6ƹT2paNnaˤU6&G0#4" ~uEUxLTJ,BYRzVΠ7/`^̙ugwqXm4!+dWB nxʝ%g3_>M ;L';(.E;A#qD $sHcGynv i)H/j1.KW+0J[6`^/]>lf#-Qn1^ >q;"c'۽\Kߋ6Pk5RTAjj\)HÖ1,|M}Y[x>w'SilmSQJ#G<HS* OdPHZ3u{SfvYل)_2|)Sne6vӼK;J^;ZP{)JX ggR"7T^>SO3(>v!?6ȍE+Aw$2D{fYLM}Jϸ`_{^7Ҍz_4I]ZEU+ U`z^+'0 4 Q@*gz@t27\'7jR|X8PX;HHPYoa mP_چK~7)ɱ$h _oqcrѻJVkQ~܌cv}{uyM8B"DE}{hqTM2dznk쇤ҝa3+vHH!/N :s:VTzF[ɶ6ϐa6qf7G3)ކsºX xCL($S7;0ұ-`=`6ɈNop};N αPDB@fpZ!N)1BEU,$k%IA%u6' <缂69dD~\J~C<B<MpXɫI)jw)˪>- 6O-`H0v9/*JqMXrxX6un£gE~δ'NxwĎ# qYBK+XYCWw ./#lvG6}`FȢ*i{>זdʎi{`ֳsDӜ)|sy33<l]}*`"jn8EqܚxyV⏆3L!>Ibؽ!Os +#AIk# UՅ_>TdkT GNET7^wmYZmFC\f/c_n; VVic,1SJ%ɘΧBARTln,zY9sJ@.W ƽbo@Ɍ7CKҁ[-3H,l#{zi82}KM7k{ Y"Gwuq@!r@qw|}mԪH>r_6jD Nqw5{qJ-Npsr`hzH^أXڃ}DL;*pS޸ZQc%Fs?^3ϗIO 4˼tY#fҩcDicBpIJҡ/3.w4t)|~Ζ<$jc|x<^P}xX {0 pdTŢ3RVʕ|X.ӝ1eaOhm_#v,)%h7Ïf? .#anG YRqXna\Cꌔ`̎^/~<_~_h07t%K?;DKˏ7BQ`7{B[1[8E֧1v3Sh g007j@vae(҄_;*b:>|Vl?GdH΁aH S*KQ.i9i)@8NMBp1"%:02| Y F&qѵqruchLv^^&WۏW#p3ޢA~$]32YBHl{ $(fE-WkĦQ.IlI aB4^+wnqFO~̩bH-oiؑڐ`xZ%cqY0C~>Ϗ;$EBP+ mokR. qs[X)`w~ ^]*JJm$_IO')n正wl2X2 565 诳𥰜Գu$zEq+5FBb (1qaDajCUat*Z7D #vbCTe[(?%[H%k Ȱ.GtY` >ȥ6~NhM #*Yl" ZT.UkF^_y9w3.(R{%v/Xӳ<7eϵ0o_qx>Nܧ#&ɓzj]bҶW}q;gLV@A->J'Ի]J*JZ P"ޠg8%!v@;:V-^z00Եh|E Ҷ'M%X2jS$M`-*9$"F I uuz!xy".ZO+#* `esY Q<~Aw4Nr:N%ˏkʹԤB="1T"F(BT`'=wD@k;[DdJ;±Rf`f0*QqK7k7k7k7k׫zyp7felc]_xBۃp OqWqK+31iޛ DADO b= ZԘRh3 oIsK~9) ay3YiI8%hh=ЖTS}ŹEp1X0daIUJ;n)Ree8~"e"u֓nI_/f'}a1Ro(59}ĐcgaA R(XlcI-.=dDgsk[RA@1o{[k^RN(k걻$b2 =,UgRR?PjyG@5u?D50^^W"tZ/%˄]҆ɝl1111r#f 2AΗ̮4(F( K|%'M?,iVY}ieo;OEu8{ a5('3;1c/mz҇bV-}ԍtzAR.%Ia5#Y紌c>qK-ˠ"`0F ,eNm1!^7'Z^RΛBXK ,ˁ`_!=!E='Җ9@:y|TF?lAl!f }G=}mmKrbXd̀pt8 D >a<J$%arϣN?c9^2DF}Y0ԺP <9AL| #"ݏzew[[f̴qSCyƒZ{[_Jݡ28zZ+c ]`<ş-z{)+~jܪ5!p _-oB_FW#GfaY45#Egv@EO5s*~ d43:.ͤmkoS F:௺evas*kƅF `C(Ź{-V/;{*gM[O?Ãҁ8(X67%%|V R<9Hvu`qtPTҐ4s'nuطZ]{0pA PAftvD)LSU{T‹GST0[o0q[n]̔'3SEWː̹xfϤ¤Zt'O,η v2.EJi!%8j %+-lVpc9nd/|#+6ZP|?E7]Gu1Yۏoݑ?VDŢW0= .X4ѱ ۂ'*~d̤ Pܣˢ{MQD[NtQ]PôLIH]U a!-BZ]f’ۥU=I/s1(ƆjNKn@`b ("lH/q/J~c)C +ā "KEP#AKfl `u=ֹhh/vxWXHmL1V^:T6s.}KJCWz/Zdq4// #|kŇPWsƄwGSJ9椷 G]!ԄXtpU5 *uPZ`>?RcyG<*F#ߒ|}.[˜W5VH>I@6J!%bWe0޻s{UV^@Bq;0ڱ[wKqwm[{=EM<9'9+{^il/9z.z{~°OUq ʹ{[Uzƹ0-bt3]slS蘶xs43?b)oj+sY0t+jO5tRJj> 1Xp,/IoH0"]YY# `xK(Vݻ WEw8 24t(M$:όl,"`qcS`vU.+Ra s xt\$le>s`#A^?1& mC-,Sn(;9Ĕ#A?R;ٽjP:,эQݻ!?ч1@6LnIAX#hbG#Os3`us X0!, ^C.B'Q?9 揣0]&@fpRt\j:YstԬJb8k&ƚ,|nB,$nwK IJ$!%H$b{=9Qa93A_7==ӿ}E }x#И1_ջPj%T%:*!xW`ŊRM/}&OOVkyͬ)f+c|\iiBR ?h$@&쌆(dԵ>1g}7Zb'rֿ!mrvMz_EOAa]|nSsNOOgMjXhRf*E`"eJe) C9>[Ԟri.$ "G}Ƀw]%:/[+x${ËG0%lyіU1oLl+<=N;؊sm9Gr:ٙEKN#GE@f0l1ޗmBfrs@AC?@^uNu ^''igzW9^NZ r?A fe\B/s /~/s{ %2@9y yCȣW9s!<'oKHI+>>ȟ~|ȗk9o~nrg7̡? >GHӿ9ۼtos͡\'I9s} SjuC/ȋuৼtXB]Bz< =^`k 9x { )n;k?[OBh\Jzp+ʞW^vie*q ] }}}oPW mByckR:A)q!a 3l>VLY[,Oмz'ʥ'eFWTCo+d^ {WrUVmhӉZh<Ě/JYy* 4!}} @*oID2KA/ܺCzˆnQ'/\~4g܊lOAptrm>ov+y`GBx&` ~niMnڧ.\v3+ءֆ ~3b 9q?'OxVf|4;(!۰Ҙra֢@)zEkXgZY5~8=hM>^TUbt~eżYfO {̃oD@N$p G;Rk$C^̓~v)Bcظj)UWxJ= W=n;ޔ݌<Ҍn;$w1jU(uzpWrHaӃ"BƬ AUVJrA*'aR,Ng /($@%X̷x#xC3"8aTp+YE!%\B m)b+XҼx-yPyNY~m

M38L"=7hУn{Dqm)|<`̀5WkoRs/ E^GxC#J,Y Lt6ƤPE\WLj1"PU*"e $\>lJc̓]!! Aj:=a^"< CϾty=B*[hxx} n+QeWD =[N/a3ݸ1jW~#qńofëʢbRgAL @ql]5h_z}d5Bk3P/A0gk1`G 6NKԄQx^|?K*_{l x S/!I/]_CSr2:k2p0n2& 6cփBQmˆkc 1LO袔'J :BVE-J673n=GIDπiMUjΪْt=y%0)%y+6Hمtѥ=mNH]{X@ć|{K0Z,=>,D*9"Po 9@AikE?I3軱x&%mY $v|.yzghF˒6\I^T~7(B0w^|6(6% JhwGwɓ:l'.}N5+I"@*x̴5[Pˎ49 m'%8B<ؾQֺ51mdXW}D҆A ,T6y *>ܠK6A/)ix[E)xqtAY}v{[?/'_過Nj%m`Ս٣|JoA{ F;J_%%\#d< lԷ !ۂJ-Ӽ9w֑¹"UXqHٍh,8. sfvOQ+߮9-ByxϷ{<=v7 scg_4ҷU>vǯ-(',yvJ^Q5 7tlcb @Jy 7#Tt<5` GYM`ڃkrǩ 6mxt uty!N,0v33Ldxܫ8mׁS#5lRdJELmaW9~50Ȟ<}4usf{E]Y>q<`T xq;3[h_@>[y71'1V`]ccoRɤ{c ePCdk3\k E1ˍI_c^d++)ؐW kbO1,KLv7CaF*)Aua%o *;Ap^ӗ׎eKS|"[4.d!O:<+5dwɵ;:-14%o̓gkV"F #gE- _5>g~E&zaX0>c\,B?b΢ct9Š3a=E`0Mn>A3s DeU$PtcBiEL`;X+vN*$th&P?8 a#ٔ{ M_L,Y7u!xZuΓ#{_ o>WNyNE=Sf}'s)SL__],?i\h%!ĆSqK ?]t+ByֿJgŧ#RI>Rlv<