[unisog] FWD: [CIO] Secret Service probe of computers [ keystroke loggers installed on PCs in public areas at US Universities ]
William D. Colburn (aka Schlake)
wcolburn at nmt.edu
Wed Jun 19 21:38:46 GMT 2002
Hmmmm. Technically, what you have sent is "junk mail", since you aren't
the authoritative source for this information. Is there a way we can
reference this with the secret service to tell if it is real?
On Wed, Jun 19, 2002 at 04:37:14PM -0400, H. Morrow Long wrote:
> >I am posting this to the list to make sure the higher education is briefed
> >on what is happening at a few schools. ASU has been working with law
> >enforcement and here is a notice that we have been provided by the secret
> >service. They have asked me to get this out to as many higher ed
> >institutions as possible.
> >The US Secret Service has the responsibility to conduct Federal
> >investigations that focus primarily on offenses against the laws of the
> >United States relating to government securities, credit and debit card
> >fraud, false identification crimes, fraudulent schemes and other organized
> >crime that impacts access to computer and telecommunications systems.
> >During a recent investigation the Secret Service identified an individual
> >who installed commercially available computer system administration tools
> >on campus terminals in public areas. These installations were
> >accomplished through physical access to a removable data storage drive
> >however, the same executable files could be delivered as an email
> >attachment. The programs consisted of key stroke logging programs and
> >remote administration tools.
> >The US Secret Service is requesting that Chief Information Officers ensure
> >that their system administrators and/or system security personnel review
> >existing networks for the following files or programs: "Starr Commander
> >Pro", "STARRCMD.EXE", "RADMIN", and "ISPYNOW." The software has been
> >found in the route path of "C:\WINNT\SYSTEM32\KREC32", but may be found in
> >other areas of a network.
> >If unauthorized installations of the above files are located or if log
> >routers for authorized installs have been altered, please contact your
> >local Secret Service office. You may also contact these offices with
> >questions regarding this request.
> >For colleges and universities in Arizona, please contact Ken Huffer,
> >Assistant Special Agent in Charge, 602/640-5580.
> >William E. Lewis, Ph.D.
> >Vice Provost for Information Technology
> >Professor of Computer Science
> >Arizona State University
> >E-Mail: william.lewis at asu.edu
> >Phone: (480) 965-9059
> >Fax: (480) 965-7933
> > -----Original Message-----
> >From: Andrea Foster
> >[<mailto:andrea.foster at CHRONICLE.COM>mailto:andrea.foster at CHRONICLE.COM]
> >Sent: Wednesday, June 19, 2002 11:04 AM
> >To: CIO at LISTSERV.EDUCAUSE.EDU
> >Subject: [CIO] Secret Service probe of computers
> >Hi All:
> >I understand the Secret Service is investigating whether computers at
> >colleges in Arizona, California, Texas, and Florida have had keystroke
> >software installed in them by intruders -- possibly the Russian mafia.
> >Apparently, the intruders want to obtain student credit card numbers and
> >other personal information.
> >If your campus is affected by this, please contact me.
> >Andrea Foster
> >Assistant Editor
> >Chronicle of Higher Education
> >andrea.foster at chronicle.com
> >Participation and subscription information for this EDUCAUSE Constituent
> >Group discussion list can be found at
William Colburn, "Sysprog" <wcolburn at nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
More information about the unisog