UCLA’s Registrar’s Database is Hacked Again

A friend of mine at the registrar’s office told me a story yesterday which I could not resist from publishing it.

Roughly three days ago, on March 29th 2007, the second largest database security bridge of the year was reported by UCLA Registrar’s Office IT personnel. This database which contained student records was altered by a very sophisticated computer hacker who intentionally locked all administrator accounts, disabling them from accessing student records in any way. System Administrators have taken necessary steps to restore backups and bring up the system to the previous step, but according to an IT specialist who declined to state his name, the source of the attack is unknown and it seems that all backups are also infected with the virus or rootkit that hacker used to attack the systems. As a result, there is no way to bring the system back up to its operational state except performing a clean install on all systems located at registrar’s office. What this means is that all student records and course information apparently are lost and not modifiable, thus all of these information must be rebuilt and collected with the help of current and former students, faculty, and staff. The current system running URSA Online only holds the recent information for the spring quarter and some may be inaccurate so students are encouraged to frequently check their registration status.

UCLA’s Chancellor-elect, Dna Cube, said in a meeting that they are not going to address all the risks involved with the information bridge to the UCLA community, but this time they are going to take a more strategic way in handling such situation. Apparently, by accessing registrar’s database, other personal data can be pulled out from the records meaning that the hacker could have accessed student and faculty’s Social Security Number and addresses and telephone numbers, thus, introducing a big risk to the UCLA Community. “We think that our community has already notified their credit bureaus about the previous information security bridge which happened during last year. So, we are confident that there is no need to inform people about identity theft, and we are going to focus on how to get our information back,” Cube said.

But first things first, how they are going to retrieve the lost information? “We are going to introduce three methods for boosting the retrieval of the lost information. Students can either create a complete portfolio of their academic records or mail it to the registrar’s address by July 1st 2007, or professors can resubmit the final roster of the classes they have thought during past 12 years. As an alternative, we strongly recommend those who are interested to reapply to UCLA using UCLinks website and this time their admission is guaranteed, and the entire coursework must be repeated at the increased tuition fees,” Cube said.

Apparently FBI in a visit yesterday was able to trace the source of hacker to be from East Los Angeles near one of the most dangerous gangster neighborhoods. UCLA police department is going to issue a warning soon to notify the community to watch their neighborhood for any suspicious activity since the hackers group may attack individual trash cans and personal clothing. “The hacker’s intention for getting information and disabling the database is not clear yet. Despite issuing a warning soon, we also hired more officers from LAPD and replaced our ~100 Amp taser guns with ~200 Amp taser guns so that one shock will kill the person and thus there would be no after math or lawsuit of whatsoever regarding the usage of taser,” Sergeant Ching Chung Cho said in the same meeting, “we will kill those hacker bastards,” he added.

For more information about this issue feel free to email [email protected]