FWD: [CIO] Secret Service probe of computers [ keystroke loggers installed on PCs in public areas at US Universities ]

H. Morrow Long morrow.long at yale.edu
Wed Jun 19 20:37:14 GMT 2002

>From:         William Lewis <William.Lewis at ASU.EDU>
>Subject:      Re: [CIO] Secret Service probe of computers
>Return-Path: owner-cio at LISTSERV.EDUCAUSE.EDU
>X-OriginalArrivalTime: 19 Jun 2002 20:01:12.0336 (UTC) 
>I am posting this to the list to make sure the higher education is briefed 
>on what is happening at a few schools.  ASU has been working with law 
>enforcement and here is a notice that we have been provided by the secret 
>service.  They have asked me to get this out to as many higher ed 
>institutions as possible.
>The US Secret Service has the responsibility to conduct Federal 
>investigations that focus primarily on offenses against the laws of the 
>United States relating to government securities, credit and debit card 
>fraud, false identification crimes, fraudulent schemes and other organized 
>crime that impacts access to computer and telecommunications systems.
>During a recent investigation the Secret Service identified an individual 
>who installed commercially available computer system administration tools 
>on campus terminals in public areas.  These installations were 
>accomplished through physical access to a removable data storage drive 
>however, the same executable files could be delivered as an email 
>attachment.  The programs consisted of key stroke logging programs and 
>remote administration tools.
>The US Secret Service is requesting that Chief Information Officers ensure 
>that their system administrators and/or system security personnel review 
>existing networks for the following files or programs: "Starr Commander 
>Pro", "STARRCMD.EXE", "RADMIN", and "ISPYNOW."  The software has been 
>found in the route path of "C:\WINNT\SYSTEM32\KREC32", but may be found in 
>other areas of a network.
>If unauthorized installations of the above files are located or if log 
>routers for authorized installs have been altered, please contact your 
>local Secret Service office.  You may also contact these offices with 
>questions regarding this request.
>For colleges and universities in Arizona, please contact Ken Huffer, 
>Assistant Special Agent in Charge, 602/640-5580.
>William E. Lewis, Ph.D.
>Vice Provost for Information Technology
>Professor of Computer Science
>Arizona State University
>E-Mail:    william.lewis at asu.edu
>Phone:    (480) 965-9059
>Fax:        (480) 965-7933
>  -----Original Message-----
>From:   Andrea Foster 
>[<mailto:andrea.foster at CHRONICLE.COM>mailto:andrea.foster at CHRONICLE.COM]
>Sent:   Wednesday, June 19, 2002 11:04 AM
>Subject:        [CIO] Secret Service probe of computers
>Hi All:
>I understand the Secret Service is investigating whether computers at
>colleges in Arizona, California, Texas, and Florida have had keystroke
>software installed in them by intruders -- possibly the Russian mafia.
>Apparently, the intruders want to obtain student credit card numbers and
>other personal information.
>If your campus is affected by this, please contact me.
>Andrea Foster
>Assistant Editor
>Chronicle of Higher Education
>andrea.foster at chronicle.com
>Participation and subscription information for this EDUCAUSE Constituent 
>Group discussion list can be found at 

More information about the unisog mailing list