Back when I was at university, when dinosaurs ruled the earth, computer security on the campus was not a concern for most of the students. Apart from having to remember your user name and password for the lab network in Comp. Sci class, there really wasn’t much to worry about.
These days, with wireless Internet access, students toting laptops to class, and web-based forms for everything, security has become a major issue on campus. According to statistics compiled in the United States based on media reports, there have been 29 major security failures on college campuses since January, which compromised information from as many as 845,000 students and staff. This represented 30 percent of all reported security breaches according to ChoicePoint, a data collection firm based out of Georgia. Ironically, ChoicePoint itself has been the victim of data theft in the past.
Of course, what these statistics don’t tell you is the number of security breaches that go unreported. Many large commercial firms, particularly financial institutions whose business could crumble in the face of public distrust in their security measures, often try to cover up major breaches. However, one thing almost everyone can agree upon is that university campuses are becoming attractive targets for hackers.
“There are so many examples within the last year demonstrating that these universities are just real, true, vulnerable targets,” said Michael C. Zweiback, an assistant U.S. attorney in Los Angeles who prosecutes hackers. “All of a sudden, it seemed like we were adding on another university every week to look into.”
Part of the reason for this is the fact that universities, by their very nature, tend to be centers where openness of information is encouraged, and convenience of access to this information is seen as a positive thing:
“Students want to be downloading MP3s. Professors want a system for general research,” FBI Special Agent Kenneth McGuire said. “Whenever you have such large portals to information open, you’re going to have vulnerability to attacks.”
Examples of security breaches abound. The University of Texas reported in April that hackers had downloaded the Social Security numbers of 197,000 students, alumni, and employees. Sacred Heart University in Connecticut reported that both Social Security and some credit card numbers for over 135,000 people had been illegally obtained. In March, an 18-year-old from New Jersey was convicted of breaking into a dozen systems at San Diego State, exposing 200,000 Social Security numbers.
So is this just a US-specific problem, or is it happening all over the world? To find out, I contacted a friend of mine, Richard Sullivan, who is in charge of server administration for the Department of Zoology at the University of British Columbia, home of the first ever Unix installation in Canada. He agreed that attacks were on the rise, but did not seem to think that widespread data theft was occurring:
“What I usually see are ssh probes, but those get cut off quickly. More than two-thirds of the incoming mail is rejected as spam with a few viruses thrown in for good measure. Keeping ahead of that is a never-ending task.
The university is also very quick to detect machines that are not patched correctly (say when someone is reinstalling Windows) or are virus infected. Most of the attention and effort is expended to protect the Windows environment.
One thing that I am concerned about is the recent capability for staff and faculty to self-maintain their payroll and benefits via a web-login.”
So for those currently attending university or who have children who are, is there any cause for concern? Despite the ominous-sounding statistics, it seems as if universities are adapting to a new security-conscious landscape, just as the rest of the world has been forced to do in recent years. Still, don’t forget to keep checking your credit card statements carefully.