Campus Web site hacked

Five hours after this year's biggest snowstorm had stopped, IU was put under an emergency alert, thanks to a student hacker who manipulated the campus warning Web site. \nIU spokeswoman Jane Jankowski said the server of the emergency Web site did not have adequate security and that it had been breached from the outside by a student on the IU campus.\nStudents visiting the Web site, http://emergency.iub.edu, between 1:30 and 8 a.m. were greeted with the incorrect emergency alert and a plea to "call up your congressman and suggest the educational process at Indiana University be suspended on Monday." \nThe site also directed students to the National Weather Service and the Drudge Report Web sites "for details."\nJankowski said the incorrect information was fixed just after 8 a.m. Monday when University Information Technology Services staff showed up for work. She said since then, the hole in security has been fixed, and the site is no longer vulnerable to such unauthorized access. \nJankowski said the student hacker has been caught and referred to the dean of students for reprimand. Forcibly gaining unauthorized access to a Web site is not only against IU policy, but also against Indiana state law. Jankowski declined to give the name of the student in question.\nSenior Matt Haas saw the site with the incorrect information and thought it was suspicious.\n"It seemed most odd that it had a link to DrudgeReport.com," he said. "However, it was also very strange that this official IU Web page directed students to call their congressman to cancel school."\nIU's emergency automated hotline kept the correct information throughout the night, IU was under normal conditions. In the event of an emergency, IU President Adam Herbert has the final say in class cancelations, and congressmen have no input in the process.\nThe University uses the Web site, which is maintained by the Office of Risk Management, to alert IU students, faculty and staff to terrorist threats, weather-related closings and other emergencies, said Larry Stephens, director of the Office of Risk Management.\nFreshman Arnav Patel also saw the compromised site and questioned the security of the IU network.\n "I thought it was unusual that someone was able to hack into what should be the most secure site on campus."\n-- Contact staff writer Michael Zennie at mzennie@indiana.edu.