Lessons from the UCLA Hack Attack

Up to 800,000 of the school's students, faculty and alumni may be vulnerable to identity theft. What went wrong, and what can be done about it?

University letters to students and alumni are usually cheerful. But the University of California at Los Angeles (UCLA) [ucla.org] is now composing 800,000 embarrassing ones. The university announced Tuesday that it's notifying nearly a million members of its community — including students, faculty and alumni — that a hacker gained access to their Social Security numbers, dates of birth, home addresses and contact information. UCLA computer security technicians noticed a suspicious number of database queries on Nov. 21, and after a quick investigation, discovered that a hacker had accessed records fraudulently all the way back to October of 2005. The university blocked further access to the private data and hired a consultant to help figure out how it happened. In a letter to those who may have been victimized, UCLA's Acting Chancellor Norman Abrams noted that the data does not include credit card or banking information, but apologized. "I deeply regret any concern or inconvenience this incident may cause you," Abrams wrote.

"This is huge," says Beth Givens, director of the Privacy Rights Clearinghouse [privacyrights.org], a nonprofit consumer advocacy group based in San Diego. "It affects almost everyone who has come into contact with UCLA, and puts them at risk for identity theft." A university representative told TIME.com that the compromised data stretches back as far as 12 to 15 years, so the hack attack could affect a significant number of people beyond those presently at the university, including those who attended UCLA or worked there in the 1990s, and possibly even those who simply applied for admission or financial aid. Givens says the combination of information accessed is valuable on the black market and likely to be sold. Buyers could use the data to fraudulently apply for cell phones or credit cards. Because Social Security numbers are almost never changed, hackers could also retain and resell the information for years to come. "I hope that incidents like this will be catalysts to get companies, universities and government agencies to examine their data collection and retention policies," Givens says. "Do they really need to store Social Security members for that long, especially given the threat of identity theft?"

Jim Davis, UCLA's Chief Information Officer, who is responsible for the university's computer security policy, says UCLA had already begun removing Social Security numbers from common usage, but that some numbers remain in the university database because of financial reporting requirements. "With 20/20 hindsight, the best way to deal with this kind of situation is not to have Social Security numbers there in the first place," Davis says. "The faster we move on that, the better off we will be." He says that while those at the university are "disconcerted," there is no indication thus far that identity thieves have used any stolen data, and that while the investigation is still in process, the actual number of those affected by the hacking may be just 5% or less of the 800,000 whose data was potentially vulnerable.

The FBI has launched its own investigation of the incident, but tracking down those responsible will be a challenge. In 2005, 8.9 million Americans suffered from some type of identity theft, according to a study done by Javelin Strategy & Research for the Better Business Bureau, and few of those cases are likely to be prosecuted. Many hackers work from remote locations overseas and assiduously cover their digital tracks, and Davis says that signs thus far suggest it was not perpetrated by someone on campus. The fact that UCLA didn't discover the hack until more than a year after it began demonstrates how carefully the digital intruder conducted the attack. "Universities are particularly leaky boats," says Givens. "Their systems are highly decentralized and easily accessible by students, staff, even alumni and contractors." That makes it harder to ensure tight security. "Out of hundreds of applications, they found a small vulnerability and found a way to exploit it," Davis says. "Now the question is how the university stands up and responds."

Sphere: Related Content

Will Gates Shake Up the Generals?


SALLY B. DONNELLY

Critics say the top ranks of commanders are filled with "Rumsfeld men." Now the man who replaced Rumsfeld, Robert Gates, must decide how many need to be replaced.

"We are now at war, fighting for our lives, and we cannot afford to confine Army appointments to persons who have excited no hostile comment in their career," British Prime Minister Winston Churchill said during the early years of World War II, There are a growing number of U.S. senior military officers who hope there is a little Winston Churchill in Robert Gates. The incoming Secretary of Defense will take over not only two grinding wars in Iraq and Afghanistan, but a top-level military brass that has, in the opinion of many officers, been too timid about demanding what was needed to win those wars.

The problem, say the uniformed and retired critics, is that outgoing Secretary of Defense Donald Rumsfeld hand-picked every four-star commander, personally interviewed every significant three-star appointment, and, in a break with his predecessors, even selected some two stars for a grilling. The result, many critics argue, is a group of generals who were too reluctant to stand up to Rumsfeld - or else face getting tossed aside like Army Chief of Staff Eric Shinseki, who was sidelined after saying that the Iraq war would require "hundreds of thousands" of troops.

A prime example of the "Rumsfeld man," in the opinion of citics, is Chairman of the Joint Chiefs of Staff, Gen. Peter Pace. The first Marine to hold the chairmanship and a decorated Vietnam veteran, Pace has the background of a courageous warrior. But active duty and retired officers contend that Pace, who was vice chairman before Rumsfeld backed him to take over the top post last year, has been blindly supportive of Rumsfeld, going out of his way to praise him.

Pace, like all chairmen, serves a two-year term, which expires next summer. Virtually all the chairmen have been reappointed for a second two-year term, but if Gates wants to send a sharp message to the brass that he wants generals who more willing to challenge him in private, he could replace Pace. A confidante of Gates told TIME two weeks ago that such a move was unlikely. "Replacing Pace is a very big move before next summer and I am not sure he wants to be that disruptive," said the friend of Gates. But rumors that Pace will be ousted are growing. One of the possible replacements: Marine General Jim Jones, a former Commandant of the Marine Corps and head of European Command. Jones is a savvy Washington political player who was quoted in Bob Woodward's book State of Denial warning his friend Pace not to be a "parrot" for the Bush Administration.

If Gates were to remove Pace, however, he would almost certainly have to also replace Adm. Ed Giambasitiani, the current vice chairman, who was Rumsfeld's military aide and is seen as even closer to the outgoing Secretary. Replacing both top military advisers so quickly might be too drastic a shakeup, since it would require two new top appointees to get up to speed quickly.

The Pentagon rumor mill is also abuzz with the question of whom Gates will choose to replace Army Gen. John Abizaid as chief of Central Command, the region that includes both Iraq and Afghanistan. Abizaid and Army Gen. George Casey, the ground commander in Iraq, have overseen the war for years and are drawing at least some of the blame for allowing Iraq to disinintegrate on their watch. As Douglas MacGregor, a retired Army Col. and military writer observed recently: "Tactical blunders have strategic consequences and the generals have blundered badly in Iraq. In war, military strategy is supposed to reduce the probability of armed conflict, to persuade those who might fight not to fight, and when necessary, to win at the least cost in lives and treasure. In Iraq, the top generals achieved the opposite outcome." Said one retired senior officer: "I'd like to see a war commander be more an asshole. They are fighting the war — they should be demanding every single thing they want, from troops to equipment, and getting it when they want it. The rest of the military should be bitching and moaning about them. But there is no sense of urgency."

Abizaid is expected to retire. Casey was long though to be in line for the job of Army Chief of Staff, but a former Administration official says that plan may now be dead. "It looked too much like Casey would be rewarded for the job he has done in Iraq, and that's not what Gates wants," says the source. The front runners for Abizaid and Casey's jobs include Army Lt. Gen. David Petreaus and Army Lt. Gen. Peter Chiarelli. Both have served in Iraq and both are seen as having focused on the "hearts and minds" aspect of the war in Iraq.

But some retired Marine officers argue that at least one of the two Army generals running CENTCOM should be replaced by a Marine, since traditionally the two services have switched off in the past. The three senior Marine generals with Iraq experience who are not seen as "Rumsfeld men" are Lt. Gen. John Sattler, who is currently the military's top policy maker in the Pentagon; Lt. Gen. James Mattis, who led the successful initial invasion of Iraq for the Marines; and Lt. Gen. Robert Blackman, who worked on the planning for the invasion, but is now at Joint Forces Command, one of the nine US combatant commands.

During his testimony in front of the Senate Armed Services Committee, Gates said he would listen to the advice and counsel of the military leadership. Now it's time to see who of those generals he will change.

Sphere: Related Content

Laying the Groundwork for a 'Cabinet Reshuffle' in Iraq

A flurry of meetings in Baghdad and Washington suggests Iraq may be about to see another regime change. But will it do any good?

Regardless of whether President Bush is more inclined to heed the recommendations of the Iraq Study Group or to listen to its skeptics, Iraqi politicians clearly sense that change is coming. And their frenzied jockeying for position suggests that power in Baghdad may soon once again be up for grabs — and the smart politicians are hedging their bets. The President's White House meeting with Sunni leader Tariq al-Hashemi on Tuesday will certainly add fuel to the speculation. Al-Hashemi, one of Iraq's two Vice Presidents, leads the Iraqi Islamic Party, the largest Sunni group in parliament. The White House was part of an ongoing effort to support the government of Prime Minister Nuri al-Maliki. But al-Hashemi has been a sharp critic of al-Maliki's government. His visit follows one last week from another sometime Maliki rival, the Shi'ite leader Abdulaziz al-Hakim, and has fueled speculation that Washington may be hedging its bets on Iraqi political leaders. Speculation will be intensified by the announcement that the speech in which Bush will outline his new thinking on Iraq, originally scheduled to be delivered before Christmas, will now be delayed until sometime in January.

It would certainly come as no surprise if, between now and that time, Iraq experienced its own traumatic version of what is known in the U.S. as a cabinet reshuffle. Despite being dubbed by Bush "the right guy for Iraq" after their meeting in Jordan two weeks ago, Prime Minister Nuri al-Maliki is plainly not delivering the progress Washington demands; there are doubts among Bush's top advisers over whether Maliki can disband the Shi'ite militias, rehabilitate former Baathists, indemnify insurgents and make other related concessions to give Sunnis a greater stake in power. A memo by National Security Adviser Stephen J. Hadley, reported by the New York Times two weeks ago, suggested that Maliki remains beholden to the radical Shi'ite leader Moqtada Sadr, whose Mahdi Army remains the largest of the militias and is involved in much of the sectarian killing of Sunnis. Hadley recommended trying to separate Maliki from the Shi'ite bloc and isolate Sadr, by building a rival coalition in parliament that could allow him to govern without Sadr's backing.

Enter Abdulaziz al-Hakim, leader of the Iran-backed Supreme Council for the Islamic Revolution in Iraq, the largest of the Shi'ite parties, whose own Badr Corps militia is also allegedly involved in sectarian killings. The turbaned cleric and Iran ally may seem an unlikely partner for President Bush, but his White House visit last week at Bush's invitation signaled that the U.S. may see him as a key element of a change in political tactics. Hakim is locked in a fierce and potentially deadly rivalry with Moqtada Sadr (their militias have been known to exchange fire), and his closeness to the regime in Tehran did not prevent him from serving on the U.S.-appointed Iraqi Governing Council, before two democratic elections cemented his place at the head of the largest single party in Iraq.

Skeptics of the Baker-Hamilton recommendation that the U.S. talk to Iran ask why anyone thinks Tehran would be inclined to help Washington, and the same question could just as easily be asked of Hakim. But the real question to ask is how that cooperation might help further his own ambitions.

Right now, Hakim plays the lesser role in the Shi'ite coalition in which the Maliki-Sadr alliance holds sway. But Maliki's paralysis and the U.S. desire to isolate Sadr presents Hakim with an opportunity: he has the parliamentary muscle, potentially, to help install a new governing coalition. And a reported flurry of meetings in Baghdad between representatives of SCIRI with Sunni and Kurdish parties, as well as Hashemi's White House visit, suggest a political shift may indeed be underway. But if Hakim has no use for Sadr, he has no use for Maliki either — it was only Sadr's backing that gave Maliki the prime minister's job at the expense of Hakim's own candidate, current vice president Adel Abdul-Mahdi. If the object is to be rid of Sadr, then there may be no need to retain Maliki.

So what will happen next? The Prime Minister is expected to fiercely oppose whatever shift Bush's two most recent Iraqi visitors are cooking up, and so, obviously, will Sadr — and they will both work hard to get the leading Shi'ite religious authority, Grand Ayatollah Ali Sistani, to remind Hakim that Shi'ite unity is sacrosanct. Sadr could also be tempted to prevent such a power grab by launching a new confrontation with U.S. forces, in the hope that the heavy hand of a U.S. military crackdown in Shi'ite communities would undermine those, like Hakim, who may be ready to cooperate with the U.S. for their own reasons.

But even if the attempt to create a new ruling coalition with or without Maliki did succeed, it may amount to little more than a reassigning of roles among a cast of players who have — by the sum total of their own sectarian and ethnic political instincts — created Iraq's catastrophic political paralysis. Instead, the moves are more likely to reinforce an unprecedented air of political instability hanging over the Green Zone. In that respect, the more the U.S. tries to find a "way forward" in Iraq, the more it will be taking a step back.

Sphere: Related Content

Today in history - Dec. 13

Today is Wednesday, Dec. 13, the 347th day of 2006. There are 18 days left in the year.


Today's Highlight in History:


On Dec. 13, 1862, Union forces suffered a major defeat to the Confederates at the Battle of Fredericksburg.


On this date:


In 1642, Dutch navigator Abel Tasman sighted present-day New Zealand.


In 1769, Dartmouth College, in New Hampshire, received its charter.


In 1835, Phillips Brooks, the American Episcopal bishop who wrote the words to "O Little Town of Bethlehem," was born in Boston.


In 1918, President Wilson arrived in France, becoming the first chief executive to visit Europe while in office.


In 1928, George Gershwin's musical work "An American in Paris" had its premiere, at Carnegie Hall in New York...........

source

Tags: words | executive | BISHOP | becoming | arrived | Wilson | RALEIGH | president | Politics | Poland | Phillips | Philadelphia | Paris | New Zealand | New York | New Hampshire | Nashville | george | France | Europe | episcopal | DURHAM | Dec | Culture | Carolina | BROOKS | Boston | bethlehem | American

Sphere: Related Content

Today in history - Dec. 13


The Associated Press

Today is Wednesday, Dec. 13, the 347th day of 2006. There are 18 days left in the year.

Today's Highlight in History:

On Dec. 13, 1862, Union forces suffered a major defeat to the Confederates at the Battle of Fredericksburg.

On this date:

In 1642, Dutch navigator Abel Tasman sighted present-day New Zealand.

In 1769, Dartmouth College, in New Hampshire, received its charter.

In 1835, Phillips Brooks, the American Episcopal bishop who wrote the words to "O Little Town of Bethlehem," was born in Boston.

In 1918, President Wilson arrived in France, becoming the first chief executive to visit Europe while in office.

In 1928, George Gershwin's musical work "An American in Paris" had its premiere, at Carnegie Hall in New York.

In 1944, during World War II, the U.S. cruiser Nashville was badly damaged in a Japanese kamikaze attack that claimed more than 130 lives.

In 1978, the Philadelphia Mint began stamping the Susan B. Anthony dollar, which went into circulation in July 1979.

In 1981, authorities in Poland imposed martial law in a crackdown on the Solidarity labor movement. (Martial law formally ended in 1983.)

In 1994, an American Eagle commuter plane carrying 20 people crashed short of Raleigh-Durham International Airport in North Carolina, killing 15.

In 2003, Saddam Hussein was captured by U.S. forces while hiding in a hole under a farmhouse in Adwar, Iraq, near his hometown of Tikrit.

Ten years ago: President Clinton nominated Bill Daley to be commerce secretary and Bill Richardson to be United Nations ambassador. The U.N. Security Council chose Kofi Annan of Ghana to become the world body's seventh secretary-general. Trade ministers from 28 countries meeting in Singapore endorsed a U.S.-crafted trade pact to abolish import duties on computers, software and other high-tech products.

Five years ago: The Pentagon publicly released a captured videotape of Osama bin Laden in which the al-Qaida leader said the deaths and destruction achieved by the Sept. 11 attacks exceeded his "most optimistic" expectations. Five suspected Islamic militants killed nine people in an attack on India's parliament before being killed themselves. President Bush served formal notice that the United States was pulling out of the 1972 Anti-Ballistic Missile Treaty with Russia.

One year ago: Crips gang co-founder Stanley Tookie Williams, whose supporters argued he had redeemed himself inside prison, was executed in California for killing four people in robberies. Iraqis living abroad began voting in the country's parliamentary elections. American Red Cross President Marsha Evans announced her resignation.

Today's Birthdays: Former Secretary of State George P. Shultz is 86. Actor-comedian Dick Van Dyke is 81. Actor Christopher Plummer is 79. Actor Robert Prosky is 76. Country singer Buck White is 76. Music/film producer Lou Adler is 73. Movie producer Richard Zanuck is 72. Singer John Davidson is 65. Singer Ted Nugent is 58. Rock musician Jeff "Skunk" Baxter is 58. Country musician Ron Getman is 58. Actor Robert Lindsay is 57. Country singer-musician Randy Owen is 57. Actress Wendie Malick is 56. Country singer John Anderson is 52. Singer-songwriter Steve Forbert is 52. Singer-actor Morris Day is 50. Actor Steve Buscemi is 49. Actor Johnny Whitaker is 47. Actor-comedian Jamie Foxx is 39. Rock singer-musician Thomas Delonge is 31. Actress Chelsea Hertford is 25. Rock singer Amy Lee (Evanescence) is 25.

Thought for Today: "To know how to say what others only know how to think is what makes men poets or sages; and to dare to say what others only dare to think makes men martyrs or reformers — or both." — Elizabeth Charles, British writer (1828-1896).

Sphere: Related Content