Quick Facts

• Date: 9/9/2008
• Institution: Carleton University
• Type of Incident: Penetration
• Number Affected: 32
• Source: Pogo Was Right
• Abstract Source: Ottawa Citizen
• Update1 Source: CBC

Abstract
Carlton University staff members are trying to figure out how an unknown individual(s) gained access to server containing Campus Cards information. Last week someone mailed the university a list of 32 accounts along with the passwords to those accounts. The unknown individual(s) could have used this information to access e-mails, course registration, library records and personal financial information about student loans and scholarships, as well as any money the students put on their Campus Cards. The Campus Cards can be loaded with money and used at 500 different venues on campus. The individual(s) then sent an email to all 32 individuals claiming to be an undergraduate math major who obtained the information using a keystroke logging program. The university has launched an investigation into this incident and has contacted the 32 affected individuals asking them to change their passwords and pickup a new Campus Card.

Update1
Carlton University has identified the student responsible for the computer breach. Mansour Moufid, 20, a second-year math student, is currently facing a fine and other sanctions for breaking into a Carlton University server. Moufid has dropped out of Carlton and will not appeal that charges. According to Moufid, the meetings he has had with the university are "just completely bogus". Moufid is due in court on October 15 to face criminal charges for his actions.