CIRT security administrator Jeff Gassaway said Wednesday that an unknown and unauthorized party outside of UNM accessed a list of the University's Linux NetIDs and encrypted passwords.
He said as many as 500 to 1,500 students use Linux, a flexible computer operating system, and urged all students to change their passwords.
"We haven't seen people getting cracked passwords, but we know this is a possibility and probably a likelihood," he said. "So, the guaranteed piece of insurance is if you change your password regularly, you don't have this problem."
Gassaway said unauthorized access occurs at most once each semester. He said this incident is the first of its kind this summer.
Suspicious activity by any user is tracked and investigated. Any authorized user can access the file containing the Linux passwords and NetIDs, he said.
It is unclear how extensively the security breach reaches, but many Linux users use the same password and ID for other applications, suggesting the intruder may have access to non-Linux services.
Get content from The Daily Lobo delivered to your inbox
Gassaway said an associate told him an unauthorized party used the NetIDs and passwords of a faculty member and a student to copy the password file.
He said the faculty member and the student denied accessing the file, and both accounts were frozen.
Gassaway said access to the file is routinely detected, but this case differs because the party used a collection of high-powered computers to do it.
A week after the incident, Gassaway said a cybersecurity coordinator from an Illinois university told him a high-powered collection of computers on that campus were hijacked. He said the perpetrator is likely the same person as UNM's suspect.
Because of the sensitive nature of an ongoing investigation, Gassaway declined to name the security coordinator. Federal agencies may also be involved in the investigation, he said.
Gassaway said a modern computer could crack a password in 30 days. This method, which he called a "brute-force crack," is accelerated when computers are linked together. He said perpetrators often hijack collections of computers at research universities to crack hundreds of passwords.
"UNM, in a way, is just a victim of the nature of how computing technology works," he said. "The resources these people have access to, instead of being a couple of desktop computers that you could run together, they have a cluster of 500 computers that are all linked together and are optimized to do just this kind of a job."
