Campus Web site hacked

[William Knowles <wk () c4i org>]

http://www.idsnews.com/story.php?id=20854

By Michael Zennie 
January 27, 2004

Five hours after this year's biggest snowstorm had stopped, IU was put
under an emergency alert, thanks to a student hacker who manipulated
the campus warning Web site.

IU spokeswoman Jane Jankowski said the server of the emergency Web
site did not have adequate security and that it had been breached from
the outside by a student on the IU campus.

Students visiting the Web site, http://emergency.iub.edu, between 1:30
and 8 a.m. were greeted with the incorrect emergency alert and a plea
to "call up your congressman and suggest the educational process at
Indiana University be suspended on Monday."

The site also directed students to the National Weather Service and
the Drudge Report Web sites "for details."

Jankowski said the incorrect information was fixed just after 8 a.m.  
Monday when University Information Technology Services staff showed up
for work. She said since then, the hole in security has been fixed,
and the site is no longer vulnerable to such unauthorized access.

Jankowski said the student hacker has been caught and referred to the
dean of students for reprimand. Forcibly gaining unauthorized access
to a Web site is not only against IU policy, but also against Indiana
state law. Jankowski declined to give the name of the student in
question.

Senior Matt Haas saw the site with the incorrect information and
thought it was suspicious.

"It seemed most odd that it had a link to DrudgeReport.com," he said.  
"However, it was also very strange that this official IU Web page
directed students to call their congressman to cancel school."

IU's emergency automated hotline kept the correct information
throughout the night, IU was under normal conditions. In the event of
an emergency, IU President Adam Herbert has the final say in class
cancelations, and congressmen have no input in the process.

The University uses the Web site, which is maintained by the Office of
Risk Management, to alert IU students, faculty and staff to terrorist
threats, weather-related closings and other emergencies, said Larry
Stephens, director of the Office of Risk Management.

Freshman Arnav Patel also saw the compromised site and questioned the
security of the IU network.

"I thought it was unusual that someone was able to hack into what
should be the most secure site on campus."

-- Contact staff writer Michael Zennie at mzennie () indiana edu.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.