Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


HACKERS TEACHING COLLEGES A LESSON

Source: Los Angeles Times

Posted on June 20, 2006

      Computer systems at universities across the nation are becoming favorite targets of hackers, and rising numbers of security breaches have exposed the personal information of thousands of students, alumni, employees and even college applicants.

      Since January, at least 845,000 people have had sensitive information jeopardized in 29 security failures at colleges nationwide. In these cases, compiled by identity theft experts who monitor media reports, hackers have gained access to Social Security numbers and, in some cases, medical records.

      "There are so many examples within the last year demonstrating that these universities are just real, true, vulnerable targets," said Michael C. Zweiback, an assistant U.S. attorney in Los Angeles who prosecutes hackers. "All of a sudden, it seemed like we were adding on another university every week to look into."

      Although comprehensive statistics on breaches of college computer systems aren't collected by a single entity, industry experts agree that the situation is growing worse.

      Cyber security officials say hackers are realizing that colleges hold many of the same records as banks. But why hack a bank, one official asked, "when colleges are easier to get into?"

      Colleges accounted for the largest percentage, roughly 30 percent, of computer security breaches reported in the media last year, according to ChoicePoint, a consumer data-collecting firm in Georgia.

      FBI Special Agent Kenneth McGuire said that five years ago, his cyber crime unit in Los Angeles worked on one to three college hacking cases at a time. On a recent afternoon, his team was working with six colleges whose systems had been hacked.

      Arif Alikhan, who oversees computer hacking cases for the U.S. attorney in Washington, said that when he was chief of cyber crime in Los Angeles between 2001 and 2005, his caseload doubled.

      And for the first time in seven years, colleges identified security as the most critical issue facing their computer systems, according to a survey of about 600 colleges released last month by Educause, a non-profit group that promotes information technology use. In a 2000 survey, security wasn't even among the top five concerns.

      Hackers are drawn to colleges for various reasons. In March, 41 Stanford University applicants hacked into the admissions system to see whether they had been accepted. A man accused of hacking into the University of Southern California's admissions system last year said he was only trying to prove that it was vulnerable.

      In December, hackers appear to have broken into a system at the University of Washington to find a place to store their music files.

      The openness that's rooted in the nature of academic institutions is partly to blame.

      "Students want to be downloading MP3s. Professors want a system for general research," McGuire said. "Whenever you have such large portals to information open, you're going to have vulnerability to attacks."

      Erich Kreidler, who teaches an engineering class at the University of Southern California, said he posts everything online, including grades and final exams. "It's about convenience," he said.

      But convenience can have a price:

      - In April, the University of Texas discovered illegal access to 197,000 Social Security numbers of students, alumni and employees.

      - Ohio University has confirmed its third security breach since April, together compromising 360,000 personal records and a number of patented data and intellectual property files.

      - Sacred Heart University in Connecticut reported that a security breach has compromised the Social Security numbers and some credit card numbers of 135,000 people some of whom never applied to, worked at or attended the university.

      - In March, an 18-year-old New Jersey man was convicted of breaking into a dozen systems at San Diego State. He was sentenced to three years' probation and must pay the school $20,000 in restitution. The hacker wiggled his way through an outdated system in the drama department to reach the financial aid system.

      Finding the money to pay for security upgrades has been a major challenge for several schools.

      "A university is fighting for every dollar to maintain a good education standard," said Rick Jones, an information security consultant in Los Angeles. "It doesn't necessarily allocate a security budget at least not until it gets hit a couple times."

      San Diego State doubled its computer security staff after the disastrous hack of 2003. Other colleges now require students to download anti-virus and firewall software before connecting to campus systems.

      At Purdue University, which reported two security breaches last year and two this year, students must change their passwords monthly to access class schedules, grades and e-mail.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.