Tuesday, December 12, 2006

Consequences of the Information Age

So in the past 12 hours since becoming aware of the UCLA security breach, I've called UCLA confirming my info was in the compromised database, set a fraud alert with Experian, emailed every UCLA yahoogroup I'm on, and spent about an hour w/my roommate to set up a facebook support group. I guess it's all an effort to feel empowered when you feel helpless. Oh well, if I'm going to freak out, I'm going to make sure everyone I know freaks out with me.

Well not exactly. While the initial shock of knowing my information is floating around there with some stranger, it doesn't surprise me that this would eventually happen. The digital age has allowed us to store the records of millions, and potentially TRILLIONS, of people in just one centralized server with ease. Unfortunately that ease is afforded to all, regardless of one's intentions. And no security system is completely secure; the hacker that got into UCLA's database didn't actually BEAT the security, but went AROUND it. So with the UCLA security compromised, potentially the information of 800,000 people has been exposed, and while that number seems gigantic, in this digital age, where the difference between storing 1 GB and 10,000 GB is only a few thousand dollars, that number could easily be a lot bigger.

But it's not like our information is out there already. Hell, my generation has practically EMBRACED the idea of information sharing. They had us at the start, when Napster let us share "free" music. After that, the snowball just raged down the hill and never let up: music sharing became file sharing, and now with devices like friendster, myspace, facebook, livejournal, xanga, and blogger, we're now into PEOPLE sharing, starting with OURSELVES. We put up pictures for everyone to see. We put up all the ways outsiders can find us: phone numbers, email, AIM, addresses, profile links. It's become an obsession, as if we NEED the world to see us, lest we be forgotten. And we've accepted the risks, or have just been oblivious to them. After last night, UCLA is certainly oblivious no longer.

With this rude awakening, Pandora's Box has been opened for about 800,000 people, with millions watching in horror, and there's nothing we can do to go back. We might as well accept the fact that NOBODY's personal information is truly secure, and with that, focus on how we can prevent that information from being used against us. The dam has broke, and while cursing the dam feels appropriate, it'd be more prudent to learn to stay afloat.

UCLA Personal Information Hacked

Between the tasing, admission dilemmas, football upsets, the men's basketball team, and this, you'd think UCLA was the center of the whole friggin' universe. (article from LA Times website)

Major breach of UCLA's computer files

Personal information on thousands is exposed in one of the largest security break-ins ever at a U.S. university.
By Rebecca Trounson, Times Staff Writer
10:04 PM PST, December 11, 2006

Exposed
click to enlarge

In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university's current and former students, faculty and staff members, among others.

UCLA officials said the attack on a central campus database exposed records containing the names, Social Security numbers and birth dates — the key elements of identity theft — for at least some of those affected. The attempts to break into the database began in October of 2005 and ended Nov. 21, when the suspicious activity was detected and blocked, the officials said.

In a letter scheduled to be sent today to potential victims of the breach, acting Chancellor Norman Abrams said that although some Social Security numbers were obtained by the hackers, the university had no evidence that any of the information had been misused.

"We take our responsibility to safeguard personal information very seriously," Abrams said in the letter, which was scheduled to be mailed or e-mailed overnight to those whose records were compromised. "My primary concern is to make sure this does not happen again" and to provide information to try to minimize the risk of identity theft for those affected, he said.

Abrams urged those whose records might have been accessed to monitor their consumer credit files and consider fraud alerts and other precautions.

The UCLA incident is the latest in a series of computer security breaches affecting private organizations, financial institutions, government agencies and other large employers. Partly because of their tradition of openness, universities are proving to be a favorite — and often vulnerable — target, several experts in the field said Monday.

"Universities tend to have a lot of information floating around in a lot of different places," said Jay Foley, executive director of the Identity Theft Resource Center, a San Diego-based nonprofit. "They are places we send our children to share ideas, and it's hard to mix the open sharing of ideas with the need to tighten down on security."

In 2003, for example, a hacker at San Diego State used an outdated computer network in the drama department to find a way into the financial aid system. The Social Security numbers of more than 200,000 people were exposed.

Foley and others interviewed said that although there was no evidence of any fraudulent or illegal use of the information, the UCLA breach, in the sheer number of people affected, appeared to be among the largest at an American college or university.

"To my knowledge, it's absolutely one of the largest," said Rodney Petersen, security task force coordinator for Educause, a nonprofit higher education association that focuses on technology issues. He said most problems at universities have involved breaches of departmental or other, smaller databases.

Comprehensive statistics on computer break-ins at colleges do not exist. But in the first six months of this year alone, there were at least 29 security failures at colleges nationwide, jeopardizing the records of 845,000 people. Both private and public institutions have been hit. In 2005, a database at USC was hacked, exposing the records of 270,000 individuals.

Petersen said that in a survey released by Educause in October, about a quarter of 400 colleges said that over the previous 12 months, they had experienced a security incident in which confidential information was compromised.

At UCLA, officials said Monday that the targeted database included records for the university's current and former students, faculty and staff, in some cases dating to the early 1990s. Others potentially affected included some applicants during the last five years who did not enroll at the university, as well as some parents of students or applicants who had applied for financial aid.

About 3,200 of those being notified are current or former staff and faculty of UC Merced and current or former staff of UC's Oakland headquarters. UCLA handles administrative processing for both groups.

Besides names, Social Security numbers and birth dates of those affected, the database includes home addresses and contact information, officials said. It does not contain driver's license numbers or credit card or banking information.

Jim Davis, UCLA's associate vice chancellor for information technology, described the attack as sophisticated, saying it used a program designed to exploit a flaw in a single software application among the many hundreds used throughout the Westwood campus.

"An attacker found one small vulnerability and was able to exploit it, and then cover their tracks," Davis said.

He said the problem was spotted when computer security technicians noticed an unusually high number of suspicious queries to the database. It took several days for investigators to be sure that it was an attack and to learn that Social Security numbers were the target, he said.

Davis said the investigation was continuing, but that university officials had decided to notify potential victims now.

"UCLA and its community are the victims of this, and despite the great deal of effort we put into security, this really is a breach of trust with our community," he said. "Given that we saw intent in this, we needed to let people know."

UCLA has established a website to provide information and answer questions about the incident at www.identityalert.ucla.edu,+and a toll-free call center, (877) 533-8082.

Laura Eimiller, spokeswoman for the FBI's Los Angeles office, said the agency was investigating the breach, but said she could not comment further.

rebecca.trounson@latimes.com

Thursday, December 07, 2006

And the News Just Gets Better

After UCLA's heroic triumph on Saturday, the USC Condoms continued to fail into Sunday, as Cal broke their men's water polo team, 7-6, for the national championship!

Do you hear that sweet music? It's a Trojan crying. Go Bruins!

Sunday, December 03, 2006

Maybe It Was the Fans...

UCLA football's 13-9 shocker over USC might have caught the nation by surprise, but that doesn't mean they didn't want to see this happen.

Let's count how many people were rooting for each team:

USC: Everyone in Los Angeles OUTSIDE of Westwood, Pac-10 Officials, the architects of the BCS
UCLA: Westwood, EVERYONE in the SEC (Florida), EVERYONE in the Big 10 (Michigan & Ohio St.), and ALL Notre Dame fans

Count the score, or count the fans. The result is the same. We win.

Go Bruins!

Saturday, December 02, 2006

SC's Road To the National Championship...

...ended here.



And guess who was there?




For six years, I imagined how sweet this would feel...

Now I know...

And the reality is SO MUCH SWEETER!!! Go Bruins!!!