[unisog] FWD: [CIO] Secret Service probe of computers [ keystroke loggers installed on PCs in public areas at US Universities ]

H. Morrow Long morrow.long at yale.edu
Thu Jun 20 03:45:25 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"William D. Colburn (aka Schlake)" :

   I've had first hand knowledge of this particular Secret Service 
   investigation for awhile, even though I forwarded UniSog a quoted
   list message from the EDUCAUSE CIO list a few times removed (which
   is basically a reply to a Chronicle of Higher Ed reporter in the list).

   I'm not going to go into the how and why and when (note: my employer
   was not involved) but now that the story has been made public news
   by others and the media I'll just confirm for you that the gist of
   the public posting from ASU is correct as to content.

   Note: cutting the attribution line of the ASU posting (as seen below)
   makes it appear that I am saying what the ASU VP for IT posted. To
   view the originals of the list messages see:

	http://listserv.educause.edu/cgi-bin/wa.exe?A1=ind0206&L=cio#16
	http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0206&L=cio&F=&S=&P=6135

H. Morrow Long
University Information Security Officer
Yale University, ITS, Dir. InfoSec Office

"William D. Colburn (aka Schlake)" wrote:
> 
> Hmmmm.  Technically, what you have sent is "junk mail", since you aren't
> the authoritative source for this information.  Is there a way we can
> reference this with the secret service to tell if it is real?
> 
> On Wed, Jun 19, 2002 at 04:37:14PM -0400, H. Morrow Long wrote:
> > >I am posting this to the list to make sure the higher education is briefed
> > >on what is happening at a few schools.  ASU has been working with law
> > >enforcement and here is a notice that we have been provided by the secret
> > >service.  They have asked me to get this out to as many higher ed
> > >institutions as possible.
> > >
> > >
> > >****************
> > >
> > >The US Secret Service has the responsibility to conduct Federal
> > >investigations that focus primarily on offenses against the laws of the
> > >United States relating to government securities, credit and debit card
> > >fraud, false identification crimes, fraudulent schemes and other organized
> > >crime that impacts access to computer and telecommunications systems.
> > >
> > >During a recent investigation the Secret Service identified an individual
> > >who installed commercially available computer system administration tools
> > >on campus terminals in public areas.  These installations were
> > >accomplished through physical access to a removable data storage drive
> > >however, the same executable files could be delivered as an email
> > >attachment.  The programs consisted of key stroke logging programs and
> > >remote administration tools.
> > >
> > >The US Secret Service is requesting that Chief Information Officers ensure
> > >that their system administrators and/or system security personnel review
> > >existing networks for the following files or programs: "Starr Commander
> > >Pro", "STARRCMD.EXE", "RADMIN", and "ISPYNOW."  The software has been
> > >found in the route path of "C:\WINNT\SYSTEM32\KREC32", but may be found in
> > >other areas of a network.
> > >
> > >If unauthorized installations of the above files are located or if log
> > >routers for authorized installs have been altered, please contact your
> > >local Secret Service office.  You may also contact these offices with
> > >questions regarding this request.
> > >
> > >For colleges and universities in Arizona, please contact Ken Huffer,
> > >Assistant Special Agent in Charge, 602/640-5580.
> > >
> > >****************
> > >
> > >Bill
> > >
> > >William E. Lewis, Ph.D.
> > >Vice Provost for Information Technology
> > >Professor of Computer Science
> > >Arizona State University
> > >E-Mail:    william.lewis at asu.edu
> > >Phone:    (480) 965-9059
> > >Fax:        (480) 965-7933
> > >
> > >  -----Original Message-----
> > >From:   Andrea Foster
> > >[<mailto:andrea.foster at CHRONICLE.COM>mailto:andrea.foster at CHRONICLE.COM]
> > >Sent:   Wednesday, June 19, 2002 11:04 AM
> > >To:     CIO at LISTSERV.EDUCAUSE.EDU
> > >Subject:        [CIO] Secret Service probe of computers
> > >
> > >Hi All:
> > >
> > >I understand the Secret Service is investigating whether computers at
> > >colleges in Arizona, California, Texas, and Florida have had keystroke
> > >software installed in them by intruders -- possibly the Russian mafia.
> > >
> > >Apparently, the intruders want to obtain student credit card numbers and
> > >other personal information.
> > >
> > >If your campus is affected by this, please contact me.
> > >
> > >Thanks,
> > >
> > >Andrea Foster
> > >Assistant Editor
> > >Chronicle of Higher Education
> > >202-466-1740
> > >andrea.foster at chronicle.com
> > >
> > >**********
> > >Participation and subscription information for this EDUCAUSE Constituent
> > >Group discussion list can be found at
> > ><http://www.educause.edu/memdir/cg/cg.html>http://www.educause.edu/memdir/cg/cg.html.
> 
> --
> William Colburn, "Sysprog" <wcolburn at nmt.edu>
> Computer Center, New Mexico Institute of Mining and Technology
> http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA/AwUBPRFPUTkrggk30C2xEQJ37QCgtkTdwaHMjp8gEqaTDtDlLYBQFfsAoNIn
b9SSG6BHkLvxF6+PowXYdIxW
=O9ze
-----END PGP SIGNATURE-----



More information about the unisog mailing list