Monday, March 21, 2005 | 9:33 a.m.
UNLV officials are sending out warning letters to about 5,000 international students and scholars this week after an unidentified computer hacker breached a university server.
UNLV computer specialists caught the hacker in the act and were able to shut down the server, but not before the hacker downloaded some information, Johnnie Sullivan, the university's information security officer, said.
The university is working with the FBI's cyber crime unit to determine what, if any, information the hacker was able to access and who the hacker may have been, Sullivan said. Sullivan said the hacker's activity on the server indicates that he or she may have just been trying to dump some other program on UNLV's network, a common tactic hackers use to cover their tracks.
Las Vegas FBI spokesman David Schrom said the bureau was investigating the incident but that he could not give any further details.
The Student and Exchange Visitor Information System (SEVIS) server contains up-to-date information on international visitors to the university in compliance with a federal mandate, officials said. The server allows the university to transmit visa and other pertinent information over the Internet to the U.S. Immigration and Customs Enforcement office, the largest investigative arm of the Department of Homeland Security.
Congress mandated the use of the system to better track foreign students and scholars after the World Trade Center was bombed in 1993 and then again after 9/11, officials said.
The database essentially allows Homeland Security to track where foreign students and scholars are, what classes they are taking and whether they are "here doing what you say you're here for," Lori Haley, spokeswoman for the Immigration and Customs Enforcement Western office, said.
The office is working with UNLV and the FBI to make sure the security of SEVIS is not compromised, Haley said. She said she knows of no other instances where a server has been hacked.
UNLV sent a mass e-mail Friday to the students and scholars possibly affected and will be sending formal letters this week, Rebecca Mills, vice president for student life, said. Mills said the university's office of international students and scholars would also be working with students to mitigate any possible identity theft.
"We will try as best as we can to minimize the impact on students and scholars," Mills said.
It was the first time UNLV has had a hacker break into one of its servers, Lori Temple, associate provost for information technology, said. She has worked at UNLV for 21 years.
UNLV has about five employees monitoring the hundreds of servers on its network for suspicious activity, Sullivan said, which is how they noticed the hacker.
The university will be increasing its monitoring of the network and taking extra precautions to ensure the security of its servers, both Temple and Sullivan said.
"It's a constant activity to stay ahead of the hackers," Sullivan said.
The Community College of Southern Nevada, which also has a significant number of international students, is also increasing its alertness in wake of the hacker's attack at UNLV, Al Valbuena, vice president of technology, said. There have been no known breaches of any of CCSN's servers.
Like any intrusion, "you can have tools to prevent it but sometimes it's (hacking) inevitable," Valbuena said.
He said UNLV was fortunate to have stopped the hacker in his or her tracks.
"If you discover it on time you can take measures to stop the person," Valbuena said.
Boston College reported a hacker had compromised one of its alumni databases Thursday, gaining access to names, addresses and social security numbers, according to media reports. The college immediately shut down the server and began contacting 120,000 alumni to inform them of the breach.
As in UNLV's case, officials there said the hacker may have just been trying to plant a program on the server to enable him or her to attack other machines. Purdue University and California State University at Hayward reported similar breaches to their servers last fall, illustrating a growing need for constant awareness, university system officials said.
"It's becoming more and more frequent so we have to be very, very, careful in protecting our servers," Valbuena said.
archive
