[unisog] FWD: [CIO] Secret Service probe of computers [ keystroke loggers installed on PCs in public areas at US Universities ]

Jordan K Wiens jwiens at nersp.nerdc.ufl.edu
Thu Jun 20 01:39:37 GMT 2002


My first suggestion would be to call the phone number of the Agent listed
on the forward tomorrow during business hours and speak with him or your
local secret service office.

The information at least appears to be correct (see below), though I must
admit the email did slightly have the ring of "make sure you delete this
evil file before you become infected" that the typical meta-virus has.

From: http://www.ustreas.gov/usss/field_offices.shtml
ARIZONA
PHOENIX 602-640-5580
3200 NORTH CENTRAL AVENUE, PHOENIX, AZ 85012




-- 
Jordan Wiens
UF Network Incident Response Team
(352)392-2061

On Wed, 19 Jun 2002, William D. Colburn (aka Schlake) wrote:

> Hmmmm.  Technically, what you have sent is "junk mail", since you aren't
> the authoritative source for this information.  Is there a way we can
> reference this with the secret service to tell if it is real?
>
> On Wed, Jun 19, 2002 at 04:37:14PM -0400, H. Morrow Long wrote:
> > >I am posting this to the list to make sure the higher education is briefed
> > >on what is happening at a few schools.  ASU has been working with law
> > >enforcement and here is a notice that we have been provided by the secret
> > >service.  They have asked me to get this out to as many higher ed
> > >institutions as possible.
> > >
> > >
> > >****************
> > >
> > >The US Secret Service has the responsibility to conduct Federal
> > >investigations that focus primarily on offenses against the laws of the
> > >United States relating to government securities, credit and debit card
> > >fraud, false identification crimes, fraudulent schemes and other organized
> > >crime that impacts access to computer and telecommunications systems.
> > >
> > >During a recent investigation the Secret Service identified an individual
> > >who installed commercially available computer system administration tools
> > >on campus terminals in public areas.  These installations were
> > >accomplished through physical access to a removable data storage drive
> > >however, the same executable files could be delivered as an email
> > >attachment.  The programs consisted of key stroke logging programs and
> > >remote administration tools.
> > >
> > >The US Secret Service is requesting that Chief Information Officers ensure
> > >that their system administrators and/or system security personnel review
> > >existing networks for the following files or programs: "Starr Commander
> > >Pro", "STARRCMD.EXE", "RADMIN", and "ISPYNOW."  The software has been
> > >found in the route path of "C:\WINNT\SYSTEM32\KREC32", but may be found in
> > >other areas of a network.
> > >
> > >If unauthorized installations of the above files are located or if log
> > >routers for authorized installs have been altered, please contact your
> > >local Secret Service office.  You may also contact these offices with
> > >questions regarding this request.
> > >
> > >For colleges and universities in Arizona, please contact Ken Huffer,
> > >Assistant Special Agent in Charge, 602/640-5580.
> > >
> > >****************
> > >
> > >Bill
> > >
> > >William E. Lewis, Ph.D.
> > >Vice Provost for Information Technology
> > >Professor of Computer Science
> > >Arizona State University
> > >E-Mail:    william.lewis at asu.edu
> > >Phone:    (480) 965-9059
> > >Fax:        (480) 965-7933
> > >
> > >  -----Original Message-----
> > >From:   Andrea Foster
> > >[<mailto:andrea.foster at CHRONICLE.COM>mailto:andrea.foster at CHRONICLE.COM]
> > >Sent:   Wednesday, June 19, 2002 11:04 AM
> > >To:     CIO at LISTSERV.EDUCAUSE.EDU
> > >Subject:        [CIO] Secret Service probe of computers
> > >
> > >Hi All:
> > >
> > >I understand the Secret Service is investigating whether computers at
> > >colleges in Arizona, California, Texas, and Florida have had keystroke
> > >software installed in them by intruders -- possibly the Russian mafia.
> > >
> > >Apparently, the intruders want to obtain student credit card numbers and
> > >other personal information.
> > >
> > >If your campus is affected by this, please contact me.
> > >
> > >Thanks,
> > >
> > >Andrea Foster
> > >Assistant Editor
> > >Chronicle of Higher Education
> > >202-466-1740
> > >andrea.foster at chronicle.com
> > >
> > >**********
> > >Participation and subscription information for this EDUCAUSE Constituent
> > >Group discussion list can be found at
> > ><http://www.educause.edu/memdir/cg/cg.html>http://www.educause.edu/memdir/cg/cg.html.
>
> --
> William Colburn, "Sysprog" <wcolburn at nmt.edu>
> Computer Center, New Mexico Institute of Mining and Technology
> http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn
>



More information about the unisog mailing list