NYT: Hacker Hits [UC Berkeley] Computer

Wed Oct 20 2004 00:00:00 GMT+0000 (Coordinated Universal Time)

system

George Strait, a university spokesman, confirmed the school's computer system had been penetrated in what he believed was the most significant hacking job the university had experienced.

The university detected its computer system had been broken into at the end of August, but did not notify the state until Sept. 27 after the school had done its own investigation with the FBI, Strait said.

I want to know more. How did this attack happen? Was there any fault on behalf of the researcher?

UPDATE [Thu Oct 21 11:44:53 PDT 2004]:

I posted to IP on this here... More from Doug here:

The media has been full of stories about the break-in and theft of personal data at UC Berkeley. However, the accounts have left some important details out.

The machine that was broken into was a personal computer - not a computer being managed by the Berkeley IT staff. (It was, however, hooked up to the Berkeley network.) The machine was compromised by one of the worms circulating, the worm left a backdoor in the machine. It is not clear that the backdoor was ever actually used.

I don't understand how such confidential information could end up on a personal machine in the first place (that certainly seems against the spirit, if not the text, of Berkeley's IT rules) but perhaps since the owner of the computer was a visiting scholar from Connecticut College (named in this article as Associate Professor Candace Howes) , she was simply unaware of Berkeley's IT rules.

But the moral of this is: we all need to stay on top of patches for our machines.