Computer experts are still trying to work out whether any damage has been done to important work, or whether valuable information might have been copied. They are also unsure if the hacker did the work from inside the university, or via the Internet.
"The potential damage is immense. All we know is that there are 10,000 users inside the university, but 10 million outside [on the Net]," said Richard Sibbs, head of user services at the university's computer services department.
Hackers favour academic institutions because their computer systems are configured to allow easy outside access, for sharing of academic data, but also often have "gateways" to more important information.
Cambridge University's network, for example, also connects to the Medical Research Council's molecular biology laboratory, the university's high- energy physics laboratory, and the Hitachi Microelectronic Research Centre.
The breach of security is being taken very seriously by the university, which will change all 10,000 passwords within a fortnight. "It's like people have got hold of the keys to a house," said Mr Sibbs. If caught and convicted, the perpetrator could be jailed for up to five years.
The hacker planted a "sniffer" program on the university's main network in February or March. The program monitored the first keystrokes of any user logging onto the electronic mail system, which has about 10,000 computers. Those letters are always the user's name and password, which the program stored. They could then be read by the hacker over the internal network or the Net.
The sniffer program has now been stopped, but staff at the UK university network, JANET, think it could have been running for up to four weeks.
However, Mr Sibbs does not expect academic organisations to restrict access from the Net. "This happens dozens of times a year around the world. We've been running open systems for 30 years. It wouldn't be in the nature of academic collaboration to close off outside access."Reuse content