UGN Security
Posted By: Digital Geek Hacker hits arts agencies' Web sites - 05/23/05 04:26 PM
Someone over the weekend hacked into Web sites of various nonprofit Pittsburgh arts organizations hosted by Carnegie Mellon University's Center for Arts Management and Technology.

No confidential information was compromised because it is not kept on the server that was hacked into, Rob Brunskill, the center's system administrator, said Sunday evening.

Some of the local organizations whose Web sites were hacked into were the Pittsburgh Opera, Pittsburgh Ballet Theatre, Pittsburgh Flute Club, Pittsburgh Civic Light Opera, Pittsburgh New Music Ensemble, Pittsburgh Glass Center and Greater Pittsburgh Arts Alliance.

The hacking was a "blanket job" that only fouled up home pages of the various Web sites, Brunskill said.

"The database on the hacked server is purely used in databases open to the public -- basically a listing of events and calendars open for everyone to see," he said.

Brunskill said he did not know how many Web sites were hacked into. The center offers free Web hosting for about 200 nonprofit arts organizations across the nation.

"I've been working on it basically since 10 p.m. (Saturday). A number of the sites are back and running, it's just a matter of time before we get the rest fixed," Brunskill said.

Sensitive information, such as credit card numbers, is handled by servers solely operated by Verifone, a worldwide leader in secure online payment technology, he said.

Verifone's servers were not hacked into, Brunskill said.

"On the scale of things, this is pretty minor. I would call it more vandalism than hacking. It's nowhere near what happened at the business school," Brunskill said.

Last month, someone hacked into CMU computers and gained access to sensitive personal information, including Social Security numbers, of more than 5,000 applicants, graduate students and support staff at the Tepper School of Business.

Brunskill said the Computer Emergency Response Team Coordination Center, which helps the nation respond to Internet attacks, is investigating this weekend's incident.

Brunskill said this is the first time the server was hacked into since he started working there four years ago.

Margie Romero, spokeswoman for City Theatre, said the organization's employees realized the home page of their Web site had been tampered with around 4:30 p.m. Saturday.

"It really didn't affect us because all of our shows were sold out anyway over the weekend. So, fortunately, if people were trying to buy tickets, it really wouldn't have mattered," Romero said.

"We didn't call to find out what was going on because we didn't think that would help the matter," she said. "But if (the Web site) is not back by (today), we'll call and get to the bottom of it."

SOURCE
© UGN Security Forum