UA officials caught a student hacking into the ILC computer network Friday, gaining access to passwords and e-mail accounts of all those using computers in the center.

The student was using a software program on his laptop to search the network for computers in use. In so doing, he had access to all information on the Integrated Learning Center network, said Mike Bernardo, a senior support systems analyst at the ILC.

The student's unauthorized software program shut down the network, alerting Center for Computing and Information Technology workers and library officials that there was a problem.

When school security officials arrived, the student was still at his laptop, illegally accessing the server, Bernardo said.

Library and CCIT staff members confiscated the laptop and held the student in a meeting room. It was there that the student admitted to using the illegal software that shut down the network, Bernardo added.

Bernardo was one of the staff members who walked in on the student.

"He was very calm when we caught him," he said. "We took him to another room and he explained what he was doing."

The student did not say why he was accessing the server and did not admit to anything more than "snooping."

UAPD was called in to take the student into custody. No charges have been filed because the police computer forensics department needs to continue their investigation of the student's laptop.

UAPD spokesman Sgt. Eugene Mejia said there is nothing to substantiate any claims until police discover the intentions of the student. Police are only saying that the student was using illegal software that crashed the ILC system.

"We don't know if this was something intentional on his part or whether it was part of the software that he was using," he said. "He was accessing the information and did not have the right to do so."

Because the investigation is ongoing, the student's name is being withheld.

This is the fourth time in the past month that UA networks have crashed in this fashion.

"While investigating these outages, we found this very strange activity in regards to Ethernet addresses and IP addresses on our network," said Ted Frohling, manager of the Security Incident Response Team.

Frohling was working at CCIT when the call came in from ILC staff Friday. He said the police were called because the activity was very suspicious and had the same signs of the previous network shutdowns.

"Typically, UAPD is not called unless there is something very egregious going on," he said. "This was something that was very egregious."

In all four cases, the people accessing the servers were using IP addresses on campus. While there is a firewall set up to protect the UA servers, those responsible were already on the safe side and not denied access.

The software that the student was using, according to Frohling and Bernardo, was designed to allow the person using it to scour the network to gain access to files in other computers. The person would have access to people's open e-mail accounts along with the passwords they had been using.

Software like this is readily available on the Internet, giving people the opportunity to steal encrypted information, Frohling said.

"It doesn't take a lot of expertise to use it," he said. "But (the software) does need some expertise to use it correctly."

Frohling said issues of network security are always a high priority, but with the recent crashes caused by outside individuals, CCIT may increase its efforts to stop them.

In the past, CCIT network administrators have waited for networks to crash before responding. Frohling said that will soon change.

"We'll try to be more vigilant about things like this and be a little more proactive, looking for signatures of this activity."

But as CCIT looks to improve security, it is faced with the reality that there are few preventative measures that can stop expert hackers.

"If (hackers) do their job correctly, they will be unnoticed," he said. "But typically they are not experts at what they're doing. They leave traces."

Library network security teams will also be on the lookout for unusual activity. Bernardo said it is unfair that students and staff have to worry about these issues. He added that hackers need to be stopped before incidents like the one on Friday become more serious.

"Hackers are constantly active and looking for vulnerabilities to exploit," he said. "We are always looking into ways to stop these vulnerabilities."