[unisog] FWD: [CIO] Secret Service probe of computers [ keystroke loggers installed on PCs in public areas at US Universities ]

William D. Colburn (aka Schlake) wcolburn at nmt.edu
Wed Jun 19 21:38:46 GMT 2002

Hmmmm.  Technically, what you have sent is "junk mail", since you aren't
the authoritative source for this information.  Is there a way we can
reference this with the secret service to tell if it is real?

On Wed, Jun 19, 2002 at 04:37:14PM -0400, H. Morrow Long wrote:
> >I am posting this to the list to make sure the higher education is briefed 
> >on what is happening at a few schools.  ASU has been working with law 
> >enforcement and here is a notice that we have been provided by the secret 
> >service.  They have asked me to get this out to as many higher ed 
> >institutions as possible.
> >
> >
> >****************
> >
> >The US Secret Service has the responsibility to conduct Federal 
> >investigations that focus primarily on offenses against the laws of the 
> >United States relating to government securities, credit and debit card 
> >fraud, false identification crimes, fraudulent schemes and other organized 
> >crime that impacts access to computer and telecommunications systems.
> >
> >During a recent investigation the Secret Service identified an individual 
> >who installed commercially available computer system administration tools 
> >on campus terminals in public areas.  These installations were 
> >accomplished through physical access to a removable data storage drive 
> >however, the same executable files could be delivered as an email 
> >attachment.  The programs consisted of key stroke logging programs and 
> >remote administration tools.
> >
> >The US Secret Service is requesting that Chief Information Officers ensure 
> >that their system administrators and/or system security personnel review 
> >existing networks for the following files or programs: "Starr Commander 
> >Pro", "STARRCMD.EXE", "RADMIN", and "ISPYNOW."  The software has been 
> >found in the route path of "C:\WINNT\SYSTEM32\KREC32", but may be found in 
> >other areas of a network.
> >
> >If unauthorized installations of the above files are located or if log 
> >routers for authorized installs have been altered, please contact your 
> >local Secret Service office.  You may also contact these offices with 
> >questions regarding this request.
> >
> >For colleges and universities in Arizona, please contact Ken Huffer, 
> >Assistant Special Agent in Charge, 602/640-5580.
> >
> >****************
> >
> >Bill
> >
> >William E. Lewis, Ph.D.
> >Vice Provost for Information Technology
> >Professor of Computer Science
> >Arizona State University
> >E-Mail:    william.lewis at asu.edu
> >Phone:    (480) 965-9059
> >Fax:        (480) 965-7933
> >
> >  -----Original Message-----
> >From:   Andrea Foster 
> >[<mailto:andrea.foster at CHRONICLE.COM>mailto:andrea.foster at CHRONICLE.COM]
> >Sent:   Wednesday, June 19, 2002 11:04 AM
> >Subject:        [CIO] Secret Service probe of computers
> >
> >Hi All:
> >
> >I understand the Secret Service is investigating whether computers at
> >colleges in Arizona, California, Texas, and Florida have had keystroke
> >software installed in them by intruders -- possibly the Russian mafia.
> >
> >Apparently, the intruders want to obtain student credit card numbers and
> >other personal information.
> >
> >If your campus is affected by this, please contact me.
> >
> >Thanks,
> >
> >Andrea Foster
> >Assistant Editor
> >Chronicle of Higher Education
> >202-466-1740
> >andrea.foster at chronicle.com
> >
> >**********
> >Participation and subscription information for this EDUCAUSE Constituent 
> >Group discussion list can be found at 
> ><http://www.educause.edu/memdir/cg/cg.html>http://www.educause.edu/memdir/cg/cg.html.

William Colburn, "Sysprog" <wcolburn at nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

More information about the unisog mailing list