Hacker shuts down teachers' union Web site

By Bill Donovan
Staff Writer

GALLUP — An unknown hacker who managed to get into the Web site of the local teachers' union has forced the McKinley Federation of United School Employees to shut down that site.

Brian Bernard, president of the union, said the FBI is now involved in the case, which centers on one or more hackers using the union's Web site to send out thousands and possibly tens of thousands of e-mails in an effort to scam people out of money.

While it's impossible to determine just how many people fell for the scam, Bernard said none of the money came to McFUSE. Instead, the people behind the scam used the McFUSE Web site as a way to avoid detection any attempt by law enforcement to track down the origin of the e-mails would end up at McFUSE's Web site and that's where the trail would end.

Officials at Southwest Communications Systems (SCS Connect), who serviced McFUSE's Web site, said they could not comment on the situation. The FBI also has not commented.

Mixed up in this, said Bernard, and the main reason why McFUSE instructed SCS Connect to shut down its site, was a fear that the site may have been compromised locally and that SCS Connect may have given officials for the local school district the password to get into the site.

"Once they had the password," Bernard said, "they would be able to get into the site at will and make any changes they wanted to it."

The union and the school district have been at odds for years over a number of issues, including the union being given access to teachers for recruitment purposes.

Bernard said the whole situation regarding the Web site is "weird" and there are a number of things that have happened that are hard to explain.

He said he first learned of the problem on Oct. 27 when he was called to a meeting in the high school's principal office. SCS Connect officials were present at that meeting.

At that meeting, Bernard said, he felt he was treated as criminal. SCS officials told him at the meeting that their website had been under surveillance for the previous 21 days and that they doubted that a hacker could have gotten into it because the password was so "unique."

The password was a random collection of seven letters and numbers.

"I wasn't being treated as a customer at that time," said Bernard, who said that he was informed that using the Web site for a scam was a fourth degree felony.

That situation was apparently cleared up soon thereafter and authorities began viewing McFUSE as a victim and not a suspect.

But the word began getting out that there was something going on with the McFUSE Web site.

Bernard said he recently got an e-mail from people at eBay who also informed him that the Web site had been compromised and advised him to take it down and replace it with another site.

What's made this even more confusing, Bernard said, is the involvement of public school officials.

At the first meeting McFUSE officials had with SCS Connect, David Oakes, who works for the central office at Gallup-McKinley County Schools, was present. Oakes' wife, Jean, works for SCS.

Oakes was apparently there because the union's Web site is through Qwest and Qwest officials there originally thought McFUSE was connected with the school district, according to comments made by SCS officials.

On November 10, Adrian Sanchez, chief operations officer for SCS Connect, sent Bernard a letter telling him that the McFUSE Web site had been locked up at the request of "appropriate authorities."

He said the Web site has been released for viewing but for the next 90 days the union would not be able to go into the Web site to add things or make changes.

Within that memo, Sanchez noted the union's password to get into the site and at the end gave a notation that a copy of the letter was being sent to David Oakes.

This prompted a terse reply from Bernard, terminating the union's contract with SCS.

In his letter, Bernard said, SCS "shared our account access information with the public schools, i.e. David Oakes. This is a breach of confidentiality which we cannot overlook," he said.

He added that prohibiting the union access to the Web site for as long as 90 days could not be tolerated because it would keep union members in the dark about what was going on within the school district.

Bernard said Monday the union is looking at other servers for a new site. He said the local union has been in touch with the state union which is suggesting using a server out of Washington, D.C. that would provide the union the security it wants.

He said the union may have to go with a local provider because the SCS Web site contains seven years of materials and it may be very time consuming to switch that over to a more secured site.

As for e-mail, the union has switched that account to CNET, another local provider.

There has been no indication from SCS that any other customers' Web sites have been compromised, but if they have, neither SCS nor anyone else has made that public.

Bernard said that if hackers were able to get into their site through the back door, it's possible that they could use the same approach to compromise the Web sites of other SCS customers.

County Superintendent Karen White said late Monday that she was unaware of the situation with McFUSE and its Web site. She said she has seen no documents which lists the union's Web site password.

David Oakes said late Monday that he has never seen a copy of the letter from Sanchez to Bernard that included the password to the union's Web site. SCS officials also indicated that although the letter indicated a copy was being sent to Oakes, no copy was sent because of the confidential information that was included in the letter.

In any case, with McFUSE no longer a customer of SCS, the password is no longer valid.