UTPA.edu compromised, restored

Usually UTPA.edu’s front page is filled with links and graphics displaying the newest upcoming events, but the page was hacked and left without that information Jan. 2.
A hacker (whose handle was not disclosed by UTPA) found vulnerability in the code of the front page and posted a simple message.

“This website was hacked by (undisclosed name).”

When University officials learned of the hack after various reports, they took the front page down at 1:21 p.m. Feb. 2. Afterwards, Information Technology officials and the information security officials ran a series of scans to locate the vulnerable codes and updated the system to prevent similar attacks before the front page was republished early the next morning.

“The code was a tool for someone to use against us,” said Victor Gonzalez, the University security engineer. “It is our job to make sure vulnerabilities are discovered and eliminated, and we don’t give the (hackers) time to do it.”

Joe Voje, the chief information security officer, did not want to release the handle of the hacker because he believed sharing the identity might encourage future problems.

“Some people want the notoriety and they want to brag about it,” Voje said. “That’s why we try to limit the names. We don’t want to feed into that and give people credit, which can give them the desire to do it more.”

SAFE DATA

Voje said the University has found no proof that data was stolen from the University during the attack because there is no student data tied to that web server, which is hardware that hosts a website.
“We’re still doing the analysis on what happened,” he said. “We really don’t believe that anything was stolen or taken. Some files were deleted but we’re analyzing what those were and what the impact was.”

Basically, only utpa.edu was affected. My.utpa.edu was not because the two websites are on different servers and my.utpa.edu is written in a different code that’s more secure, according to Voje.

The hack damaged code to the page, but University officials were able to restore it back to its full capabilities.

“This is like someone keying your car in the parking lot,” Voje said. “Someone has destroyed something that you own that’s nice, but you can get it fixed.”

WHO IS IT?

Gonzalez traced the hacker’s Internet protocol address, or the numerical label assigned to the device used for the attack, to Ankara, Turkey. But this doesn’t pinpoint the hacker exactly because they could have routed the hack through another IP address to avoid being caught.

There are three kinds of hackers: black hat, white hat and grey hat hackers. A white hat hacker hacks a system on behalf of its owner to find vulnerabilities, and a grey hat hacker is between the lines of a black hat and white hat hacker because they sometimes act legally and sometimes they don’t.

Voje considered a black hat hacker because the person attacked the website maliciously. He believed that the culprit wasn’t specifically targeting the University, but instead looking for a website with vulnerabilities and UTPA was most likely the first one to come up.

According to the Texas Administration Code, it is illegal to access a computer, computer network or computer system without the consent of the owner.

The penalty for hacking a computer can range from a Class B misdemeanor (up to 180 days in county jail and/or a $2,000 fine) to a first-degree felony (five to 99 years in a state prison and/or $10,000 fine).

Gonzalez believes the situation could have been a lot worse and is glad it wasn’t.

“They could have redirected the page to malware, displayed offensive words or images,” he said. “They could have done whatever they wanted.”