clock menu more-arrow no yes

Filed under:

Exposed Bruins?

New, 4 comments

I decided to take the advice of Homebruin and take a hiatus from reading Bruins Nation, which has left a powder-blue and gold void in my life: what are those wacky Bruins up to these days? Suffering identity theft (not funny) and running around in their skivvies (hooray!).

Fortunately, my source of most news, Boing Boing was able to help out with a little tale of database hacking at UCLA which resulted in SSN data for 800,000 people being stolen. Working as I do for a Beltway Bandit that undertakes, inter alia, managed IT security for clients, this caught my attention.

Now, lest you be inclined to snigger, USC has suffered a similar attack, just not on the same scale, according to the LA Times article:

Foley and others interviewed said that although there was no evidence of any fraudulent or illegal use of the information, the UCLA breach, in the sheer number of people affected, appeared to be among the largest at an American college or university.

"To my knowledge, it's absolutely one of the largest," said Rodney Petersen, security task force coordinator for Educause, a nonprofit higher education association that focuses on technology issues. He said most problems at universities have involved breaches of departmental or other, smaller databases.

Comprehensive statistics on computer break-ins at colleges do not exist. But in the first six months of this year alone, there were at least 29 security failures at colleges nationwide, jeopardizing the records of 845,000 people. Both private and public institutions have been hit. In 2005, a database at USC was hacked, exposing the records of 270,000 individuals.

Not content with heisting 800,000 people's identifying information, apparently the miscreant also did a really good job:

Jim Davis, UCLA's associate vice chancellor for information technology, described the attack as sophisticated, saying it used a program designed to exploit a flaw in a single software application among the many hundreds used throughout the Westwood campus.

"An attacker found one small vulnerability and was able to exploit it, and then cover their tracks," Davis said.

He said the problem was spotted when computer security technicians noticed an unusually high number of suspicious queries to the database. It took several days for investigators to be sure that it was an attack and to learn that Social Security numbers were the target, he said.

Davis said the investigation was continuing, but that university officials had decided to notify potential victims now.

Props to the UCLA administration for trying to do the right thing, unlike say Citibank last summer when Russian hackers were running amok stealing customer data left, right, and center.

On a happier note for the Bruins, there's some good old fashioned exhibitionism on tap around Westwood High, thanks to the work of a pioneering student several years ago:

UCLA's Undie Run stands apart for its size, even though it has no formal leaders, except perhaps the runners at the head of the pack.

Word spreads via online social networking sites, e-mail and old-fashioned word of mouth. At midnight, students gather at the northernmost corner of Gayley and Landfair avenues. The half-mile route goes from Gayley through the courtyard of UCLA's De Neve residential suites and down the main campus thoroughfare, known as Bruin Walk. The event is not university-sanctioned, though it is monitored by administrators and UCLA police.

I'm sure that Flickr has more to offer visually, but since I am at work I'm sticking with "official sources." The LA Times only provided the one photograph...

...but it's enough to make me sad that USC students probably wouldn't take up the same tradition - not so much due to modesty but rather because running around campus or the neighborhood in your altogether is not the act of a rational person. Alas.

Update [2006-12-14 11:17:13 by DC Trojan]: Click here for some Flickr goodness on the most recent Undie Run. Marginally NSFW, depending on the latitude of your corporate overlords.