Information Security in Academic Institutions
Did You Know . . .

Student breaches:
  • In March of 2003, a 20-year-old University of Texas student hacked into the network and stole information on the 55,000 students
    and faculty in on e the biggest breaches in a university ever. The student used millions of randomly generated Social Security
    numbers to request records from the school’s database.  According to the Washington Post, the student turned himself into Secret
    Service on March 14.   Agents found the information on the student’s home computer. The student could face as much as five years
    in prison and be forced to pay $500,000 in restitution.  (Source: http://news.com.com/2100-1002-992732.html)
  • A 2003 Emory University survey of 13 major U.S. universities found that 80% agreed that network security policies are very
    important, but only half of them are taking steps to combat the growing flood of security breaches.  Staffing and budgeting were
    cited as the main obstacles.  (Source: http://www.nwfusion.com/news/2003/0707education.html.

Organized crime and terrorists:
  • The volume of computing power on a university campus makes it a rich target for predators. In August 2004, SecurityFocus
    reported that the FBI arrested a “Massachusettes businessman who allegedly paid members of the computer underground to
    launch organized, crippling distributed-denial-of-service (DDoS) attacks against three of his competitors, in what federal officials
    are calling the first criminal case to arise from a DDoS-for-hire scheme.”  (Source: http://www.securityfocus.com/news/9411)

Critical infrastructure incidents:
  • As reported by George Archibald in the Washington Times on April 16, 2003, “Presidents and chancellors of the nation's 62 largest
    research universities cautioned against excessive security procedures in the war on terrorism that could hurt the country's ability
    to attract the best minds from around the world for U.S. science, engineering and medical research programs.” (Source: http://www.
    aau.edu/publications/Wrapup4.18.03.pdf).
  • While this debate continues within academia, we all may be left vulnerable to attacks that originate within university networks,
    leverage its wealth of computing power and attack our critical infrastructure.  
For more information:
contact@infosecurityresearch.org
(917) 783 – 8496
(646) 365-3148 (fax)

This project is supported by Grant No. 2004-IJ-CX-0045 awarded by the National Institute of Justice, Office of Justice Programs, US Department of Justice. Points of view in
this document are those of the author and do not necessarily represent the official position or policies of the US Department of Justice.