Mission Improbable: Keeping Cyber Hackers Locked out of University Computers

| No Comments | No TrackBacks

Data Thieves Hit Georgetown University Students, FacultyStolen hard drive contains data on 38,000 individuals

An external hard drive containing the Social Security numbers of 38,000 Georgetown University students, faculty, and staff was stolen from the university's Office of Student Affairs, according to The Hoya, the university's student newspaper.

The hard drive contained billing information for student services, and included data on 7,700 current students -- over half the current student body -- as well as information on alumni from 1998 to 2006 and many faculty members.

The hard drive, which turned up missing Jan. 3, was kept in the office of Lynn Hirschfield, senior business manager for student affairs, The Hoya said. It said the hard drive was not encrypted.

David Lambert, the university's vice-president and chief information officer for its Information Services department, said that he could not confirm if the drive had been password protected as well. More

Fending off Digital Thieves

Within 10 hours on Jan. 9 -- midnight to 10 a.m. -- computer hackers lurking in cyberspace scanned Virginia Tech's computer networks 15,000 times, looking for a way to reach information, such as credit card or Social Security numbers, contained in some of the cabinet's drawers.

That keeps people such as Randy Marchany busy, competing a fast- paced race colleges run with hackers -- some tied to organized crime -- to safeguard information.

Many are falling behind.

As director of Tech's information security Relevant Products/Services lab, Marchany spends his time monitoring the university's vast computer networks, hunting for potential break-ins, updating software, patching system holes and educating people about the best ways to protect their information online.

"Every time somebody comes up with a new hole and you find a fix for the attack, somebody comes up with a countermeasure," Marchany said. "It's always very fluid."

And some protective steps, such as cutting off the university community's access to certain Web sites or computer programs, aren't acceptable solutions.

"Because we're a university, and you're maybe doing research, I'm not going to get in the way of you doing your job," Marchany said. "In a university environment, we have to be open."

But that doesn't mean information isn't protected.

Tech -- and most schools -- use tools such as firewalls and encryption Relevant Products/Services to keep unwanted people from viewing their data.

An Appealing Target

Because of the intricate web of information stored in computers across college campuses, they are increasingly becoming targets for hackers, said Walter Conway, a private consultant with Walter Conway Associates who works with colleges to help protect their payment systems.

College campuses offer multiple wireless access points and each department typically has its own information technology department that handles data differently, things that make the system as a whole vulnerable.

In 2007, the nation's schools, including Virginia Tech, put 1.2 million sensitive records at risk, according to the Identity Theft Resource Center.

Stolen, leaked or publicly accessible Social Security numbers, credit card digits and student and staff addresses are the kind of data that can lead to identify theft in the wrong hands.

The ITRC tracked 111 of 448 security breaches in 2007 to schools. In September, a dozen or more of those documents that contained students' Social Security numbers or partial numbers came from Blacksburg computer systems. But no evidence exists that anyone's identity was stolen, according to the center. (continued...)

Here are some tips (and warnings) to keep in mind...
Students Beware: Identity thieves are studying you!

No TrackBacks

TrackBack URL: http://www.givemebackmycredit.com/cgi-bin/mt/mt-tb.cgi/110

Leave a comment

A memoir exposing the steep price consumers pay when facing mortgage servicing errors, inaccurate credit reporting, illegal debt collection practices, identity theft and weak consumer protection laws. THE BOOK » DENISE'S STORY »