University Notifies 25,000 of Incident

Virus Infects Salem State University Computers
University Notifies 25,000 of Incident

A state university in Massachusetts is notifying 25,000 current and former employees that their information may have been exposed as a result of a virus that infected servers, This week's breach roundup also includes news of a hacker who allegedly developed a program to submit bogus absentee ballots in Florida.

See Also: Webinar | Mythbusting MDR

University Notifies 25,000 of Incident

Salem State University in Massachusetts is notifying 25,000 current and former employees that their personal information may have been exposed as a result of a virus that affected the college's servers.

The university doesn't know if any of the information was inappropriately used, the Newbury Port Daily News reports. And it's not confirming the information that was exposed.

Affected individuals are being offered one year of free credit monitoring services. The university also has established a call center for those who received notification letters.

Hacker Generated Absentee Ballot Requests

A report by a Miami-Dade County grand jury in Florida on issues in an Aug. 14, 2012, primary election claims a hacker was able to develop a program to submit bogus absentee ballots.

The report states that someone was able to develop a computer program that "automatically, systematically and rapidly submitted to the County's Department of Elections numerous bogus on-line requests for absentee ballots." CNN was the first to report on the grand jury's findings.

In total, 2,500 fraudulent requests were submitted, the grand jury report states.

The report indicated that the security for the online absentee ballot request system was "very low," due to the fact that there were no user-specific log-ins or passwords required by the voter requesting a ballot.

A vendor hired to monitor the online registration system noticed an "extraordinary number of absentee ballot requests" coming in and became suspicious, according to the grand jury report. Their suspicion stemmed from the fact that the requests appeared to be coming from the same group of computers and were being submitted at a rapid rate.

Law enforcement officials determined that the IP addresses were tracked to anonymizers located overseas. Anonymizers make the location of the computers making the requests anonymous. Officials were unable to determine who was committing these crimes, according to the grand jury report.

AT&T Hacker Gets Prison Time

Andrew Auernheimer was sentenced March 18 to 41 months in prison for breaching AT&T servers and stealing e-mail addresses and other personal information belonging to about 120,000 Apple iPad users.

At a district court in Newark, New Jersey, Auernheimer was ordered to pay more than $73,000 in damages to AT&T and to serve three years supervised probation after his release.

Auernheimer was convicted on Nov. 20, 2012 (see: Man Convicted of Hacking AT&T Servers).

As head of a self-described "security research" hacking group called Goatse Security, Auernheimer disclosed the stolen information to an Internet magazine, U.S. Attorney Paul J. Fishman said in a press release.

AT&T automatically linked an iPad 3G user's e-mail address to an Integrated Circuit Card Identifier, a number unique to the user's iPad, when a user registered, the release notes. Every time a user accessed the AT&T site, the ICC-ID was recognized and the e-mail address was automatically populated for faster access on the site.

In 2010, when an iPad 3G communicated with the AT&T site, the ICC-ID was automatically displayed in the URL in plain text. Seeing this, hackers wrote a script called "iPad 3G Account Slurper" that harvested the ICC-ID/e-mail address pairings, the press release said.

Auernheimer was convicted on two counts, including conspiracy to access AT&T servers without authorization and disclosing that information to a reporter at Gawker magazine, and possession and transfer of a means of identification for more than 120,000 iPad users.

Cyber-Attack Reported in South Korea

Malicious code is suspected to be the cause of a cyber-attack in South Korea March 20 that affected computer systems at two major banks and three broadcasters, among others.

South Korean officials formed a crisis center to investigate the incident, with some believing North Korea may be to blame for the attack, according to the Los Angeles Times.

On March 21, telecom regulators said the code used for the attackers came from a Chinese IP address, according to the BBC.

About 32,000 computers in South Korea were affected, the BBC says.

During the attack, computer screens showed images of skulls with red eyes that glowed. The Times reports that some banking operations were paralyzed by the incident.

The series of attacks on March 20 impacted broadcasting companies' computers, shutting down editing screens. They also shuttered Internet banking, and some ATMs went offline, news reports said.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.