In a development that I can only characterize as completely and totally awesome, UCLA’s computer system was hacked in October 2005, and administrators didn’t discover it until now, giving the hackers 14 months to steal personal information from as many as 800,000 Bruins. (I know that seems like a big number, but you should see the class sizes at UCLA. The student-to-teacher ratio is only slightly higher than the student-to-identify-thief ratio.)
Current and former students, faculty and administrators were all affected, meaning Mike Tran may have unknowingly purchased a “girl robot” by now, and Karl Dorrell could potentially be on the hook for a $1,500 leather bustier. (”It lifts and separates!”) To which I can only say: “Shoot. Yeah. Shoot.”
But of course I’m just speculating. According to university officials, “there is no evidence that any data has been misused.” Well, that’s a relief! I’m sure the hackers were just messing around. It’s not like names, Social Security numbers and birth dates — all of which were available for the taking — are “the trifecta for identity thieves” or anything. Oh, wait…
The good news is, I think we can all rest easy that Luc Richard Mbah a Moute’s identity is safe. Because really, nobody except Luc Richard Mbah a Moute could possibly pass as Luc Richard Mbah a Moute.
Anyway, I was kidding about the “completely and totally awesome” thing… sorta. I mean, it sucks for everybody who’s affected, and I do feel kinda bad for them, even if they are Bruins. But at the same time, well, if they had gone to USC instead of UCLA, they wouldn’t be poring over their credit-card statements right now, asking their wives questions like, “Honey, did you go to the spa while I was on that business trip last month?” That’s all I’m saying. :)
Here’s the L.A. Times article about what’s being called “one of the largest computer security breaches ever at an American university.” Excerpt:
Besides names, Social Security numbers and birth dates of those affected, the database includes home addresses and contact information, officials said. It does not contain driver’s license numbers or credit card or banking information.
Jim Davis, UCLA’s associate vice chancellor for information technology, described the attack as sophisticated, saying it used a program designed to exploit a flaw in a single software application among the many hundreds used throughout the Westwood campus.
“An attacker found one small vulnerability and was able to exploit it, and then cover their tracks,” Davis said. [Heh. “Small vulnerabilty,” my arse. -ed.]
He said the problem was spotted when computer security technicians noticed an unusually high number of suspicious queries to the database. It took several days for investigators to be sure that it was an attack and to learn that Social Security numbers were the target, he said.
Davis said the investigation was continuing, but that university officials had decided to notify potential victims now.
“UCLA and its community are the victims of this, and despite the great deal of effort we put into security, this really is a breach of trust with our community,” he said. “Given that we saw intent in this, we needed to let people know.”
UCLA has established a website to provide information and answer questions about the incident at http://www.identityalert.ucla.edu a toll-free call center, (877) 533-8082.
Laura Eimiller, spokeswoman for the FBI’s Los Angeles office, said the agency was investigating the breach, but said she could not comment further.
Although Eimiller would not elaborate, a source in her office added that the FBI is tracking the movements of a certain poodle who has become a prime suspect because, until earlier this month — shortly after the hack attack was halted — “he always seemed to have UCLA’s number.”
The source added that the bureau believes a “Trojan horse” may have been involved. Traveler VII could not be reached for comment.
;)
Okay, okay, I’m clearly having way too much fun with this, and I need to get back to work. First, though, a disclaimer: in case any humorless libel lawyers are reading this, please note that the two preceding paragraphs (prior to the smiley face) are jokes; I’m just kidding. Also, I don’t think a horse can sue for libel, or anything else for that matter, so you may want to find a new client.
(Hat tip: Dane. No hat tip to Mike Tran, who told me about this story a few minutes too late. Hmm, do you think Dane hacked into Mike’s computer and stole the idea from him?)
P.S. One other thing from that FBI source… Karl Dorrell has been ruled out as a suspect after investigators realized they had misinterpreted earlier intelligence that seemed to suggest he might be responsible. The intercepted communications, investigators now realize, referred to Dorrell as a “hack,” not as a “hacker.” They realized their mistake when said chatter mysteriously died down starting on the evening of December 2.
December 13th, 2006 at 12:17:46 am
I want to know when they got it to you because i sent a tip as well :P
December 13th, 2006 at 12:31:24 am
LOL, me too! Only I prefaced mine with “I’m sure 5 people have already told you this, but…”
December 13th, 2006 at 12:58:14 am
Heh. Actually David, your e-mail got caught by my spam filter for some reason — stupid Internet gnomes/leprechauns strike again! — so I didn’t actually see it till you mentioned it just now, and I looked for it. (I’ve now whitelisted you, so hopefully this won’t happen again!) But Dane would have gotten the hat tip anyway:
Dane’s e-mail: 8:03 PM
David’s e-mail: 8:36 PM
Mike’s IM: 8:48 PM
Kristin’s e-mail: 10:36 PM
So, Kristin, you were off by three. :)
December 13th, 2006 at 1:24:37 am
Yeah, well, i call east coast bias. I was at work and didn’t see the story but it was clearly evening on the East coast so Dane was of course free to e-mail you. Man if only i had just posted the damn thing instead, oh well i was hungry and wanted dinner!
December 13th, 2006 at 5:49:07 am
Brendan,
I find your tone to be very inappropiate.
December 13th, 2006 at 6:52:17 am
Anonymous, please. “Very inappropriate”? It’s not like someone died. I’m not sure if you’re being serious, but if you are… look, obviously, identity theft is terrible and this is a serious issue, but lots of things are serious issues and people still joke about them. I fail to see how this issue, in particular, is so gravely and overwhelmingly serious that having some obviously silly fun with it is somehow off-limits. I would expect the same from UCLA or ND fans if it was USC that this was happening to. Heck, I get sh*t from my friends about the Mark Sanchez rape scandal, and alleged rape is much more serious than stealing SSNs. The same goes, tenfold, for O.J. Simpson and that whole double-murder thing… remember all the ND fans holding up pictures of O.J. when the USC bus arrived at ND Stadium last October? Was that also “very inappropriate”? How about the “Catholics vs. Convicts” shirts when the Irish play one of the Florida schools, an obvious reference to some rather serious troubles they’ve had over the years at those institutions? In short, lighten up. I find your lack of a sense of humor to be very inappropriate. Er, unless of course you’re just kidding, in which case I guess I find my own lack of a sense of humor to be very inappropriate…
December 13th, 2006 at 11:22:25 am
RSS news readers rule… or make one entirely too nerdy. But I’ve got too much stuff to keep track of for work to keep track of websites any other way.
December 13th, 2006 at 3:44:40 pm
This didn’t just affect UCLA students and alums…it affected applicants too. I got that e-mail from UCLA because I had applied there 6 years ago and they still had my info. How long do they need to keep that information…seriously…why didn’t they erase it after I rejected them and came to ND instead.
December 13th, 2006 at 4:06:29 pm
I believe they is probable some sort of federal law some place that says they have to keep all applications for at least 7 years to make them easier to sue for discrimination.