DAU Courses Hacked

By Thomas Duffy / October 5, 2011 at 6:23 PM

The president of the Defense Acquisition University sent out a memo Monday explaining why some of the university's online courses have been inaccessible for the past few months. The problem is DAU was hacked over the summer and has been slowly restoring access to its courses ever since.

In her memo, Katharina McFarland laid out the problem:

A well-known group of computer hackers gained access to a vendor's system and stole both company information and the source code of the learning management system that DAU uses. While our system itself was not hacked, having source code available publicly made our system potentially vulnerable. We and the United States Cyber Command evaluated the risk level to our system based on the incident that occurred on the vendor's network and made a decision to secure our system.

The intrusion occurred on July 21, 2011, we suspended access to the DAU Virtual campus the next day and have been restoring service in a secure environment incrementally since then. No information was lost or compromised. Student records and progress information are intact, we are working with the vendor to mitigate future risk by implementing new source code, and we are taking steps to restore full access and functionality.

Many of the people working for the government's civilian agencies and defense contractors take online DAU courses. Mcfarland explained that on Set. 19, the university launched a Defense Department Common Access Card version of DAU's Virtual campus so the defense acquisition workforce could once again enroll in and complete courses.

DAU is working to strengthen username/password authentication encryption and policies so non-CAC holders could get back in th system. The target date to complete that is Oct. 31, McFarland wrote.