The FBI is investigating an attack on a University of Kansas computer system that agents are calling the most serious and potentially dangerous hacking crime in the Midwest.
A week ago, someone downloaded personal information on 1,450 international students at KU. Birth dates, Social Security numbers and passport information were in a database collected as part of national security measures implemented following the 2001 terrorist attacks.
Officials say the information could be used to create false identities for people to covertly travel between the United States and other countries.
“We’re working as quickly as possible to find out who did this,” said FBI spokesman Jeff Lanza. “We want to determine how sinister the hacker’s motives are.”
University officials notified the Immigration and Naturalization Service, which alerted U.S. ports of entry by adding information from the crime onto the immigration service computer system.
“I thought I’d seen it all,” said Mike Heston, director of the immigration service office in Kansas City. “I’ve never heard of something at this scale. We’re concerned about this. It has fraudulent implications for national security.”
KU officials held a news conference Thursday afternoon at the student union to discuss the crime.
Marilu Goodyear, vice provost for information services, said officials discovered Tuesday the records had been downloaded Jan. 17 from a computer in the Academic Training Center. Officials said it was possible between 10 and 20 records were those of native US students, attributable to clerical coding errors.
Goodyear said there was a glitch in the computer’s security system at the time of the incident, which would have allowed someone with a moderate level of computer experience to break into it. She attributed the problem to a Microsoft server.
She said the same hacker might have used that same computer four previous times since Jan. 6 to distribute copyrighted movies and pornography. Lanza said it was too early to determine whether it was the same person.
In a statement released by the university, KU Chancellor Robert Hemenway called the crime “a matter of grave concern.”
“While no one can guarantee the absolute security of electronic data, I am confident that we have closed the temporary `hole’ in our system, which occurred while we were enhancing our computer security,” he said.
The computer, which students were never allowed to access, held files for what will be an immigration service Student and Exchange Visitor Information System. Starting this August in response to the 2001 terrorist attacks, U.S. universities will be required to transmit information on international students to the immigration service.