Hack U – How secure is your student data?
TechnologyDownload a new single, order that pair of sneakers you’ve been eyeing, IM your best friend, pay your cell phone bill, check your midterm, and chat with your philosophy classmates all at once. . Life as a college student wouldn’t be complete without the pleasures and conveniences of modern high-speed technology, available on virtually every campus in the country.
In fact, online life has become such an integral part of college life that many students don’t think twice about regularly entering credit card numbers, Social Security numbers, and other personal information on websites. Nor do they take security measures. really. Unfortunately, your university’s computer network may not be as secure and fail-safe as you think. Take a look at the amount of information students give out online and the people who may be spying on, and potentially using that information against you.
The reality of risk
Don’t you think hacking could happen in your school? An alarming number of major universities, including the University of Nevada (Las Vegas, NV) and the University of Connecticut (Storrs-Mansfield, CT) reported hacking incidents in 2005 alone. For these and other schools, servers containing data personal information (Social Security numbers, dates of birth, phone numbers and addresses) were illegally infiltrated.
But just because a school isn’t aware of security breaches doesn’t mean they haven’t happened. “I don’t think any school can say without a doubt that they’ve never had an instance of unauthorized access,” says Jason Wallace, director of information security at Norwich University (Northfield, VT). “Higher education is a very different situation than the corporate world: it is much more difficult to deal with security in a college or university.”
Open…
Why is it so much harder to protect a university than a corporation or a personal computer? “The whole concept of higher education is about openness and the availability of resources,” explains Wallace. “I can’t imagine a university anywhere that has a website filter.”
Creativity and exploration are highly encouraged in academia, and as a result, there is greater potential for hackers to find loopholes in a network that may not be ideally designed. In fact, most universities still need to increase their security against rapidly advancing virus and hacker technologies.
“Schools are trying to catch up,” explains Dave Grant, director of product marketing for Watchfire, a company that makes Internet security software. “I’d say half of college websites are exploitable today, and about 75 percent of the attacks that happen are because the sites aren’t protected as well as they should be. The average web developer doesn’t necessarily know much about security, so sites are created with flaws.
a human error
Despite the “open” nature of colleges, sometimes people just make mistakes and the situation is simply out of your control. More than 300 City University of New York (CUNY) students were shocked and alarmed to discover that their personal information, including Social Security numbers, loan information and amounts, and direct deposit information, was freely available online. According to CUNY spokesman Michael Arena, the student information was made available due to human error. A school worker had accidentally placed the file outside of the school’s protected firewall, making it accessible to anyone. The private data even surfaced through Google.com, the massively popular search engine.
What can you do?
If you’ve ever lost a wallet, you know the stress of having to cancel your credit cards, get a new ATM card, apply for a new Social Security card, and rebuild the life you carried so conveniently in your pocket or purse. Now imagine if all that information wasn’t simply lost, but deliberately stolen and then exploited.
“Just for the last five years we’ve been using the Internet to buy things, order products, enter personal information,” explains Grant. “We have good reason to do so, but it has become easy for hackers to steal personal information as we bring more and more of our lives to the Web.”
Whether they break into databases maintained by colleges online or your own personal computer, hackers have a variety of ways to obtain your personal information.
Protect your PC
To prevent this and other cases of identity theft from occurring, there are several precautionary steps you can take.
“The important thing for students to understand is that protecting themselves from things like identity theft is very much up to them,” says Matt Curtain, author of Brute force: breaking the data encryption standard (Springer, 2005) and a frequent professor at The Ohio State University (Columbus, OH). “Keep personal information private. On campuses you’ll find people with tables set up trying to offer you free credit cards or cell phones, and demanding you give them your Social Security number, don’t. The only time you need to give it out for tax purposes or when dealing with the Social Security Administration.
Also, take the time to configure your personal computer to be as resistant to hackers as possible. “Using common name passwords (your girlfriend’s or boyfriend’s name, no combination of numbers and letters) is a big deal,” says Grant. “They’re easy to crack because hackers have programs that run millions of simple login names looking for a match.”
Up-to-date antivirus protection is also a must. “There’s a lot of free antivirus and antispyware software out there,” she adds. “Download it and keep it up to date. Software that is a month old is useless, because new viruses are constantly appearing.”
a job inside
So these hackers are big, mean cyber bad guys who have nothing better to do than steal your personal information, right? Actually, sometimes the culprits are your peers.
In March 2005, approximately 150 applicants to six of the nation’s top business schools exploited a security vulnerability in a widely used admissions database for universities and improperly accessed the site. Schools invaded included Dartmouth College (Hanover, NH), Carnegie Mellon University (Pittsburgh, PA), Duke University (Durham, NC), Massachusetts Institute of Technology (Cambridge, MA), and last but not least Harvard University. (Cambridge, MA), which wins this year’s most enthusiastic applicants award, with 119 trespassers. All the schools except Dartmouth refused to admit any of the students, calling the infiltration a serious breach of ethics.
hacking 101
For those of us who think “encryption” is something you’d see in a horror movie, here’s a breakdown of some of the ways tech thieves can access your assets.
1. Forced Browsing: Suppose you are on a website and the URL in the top browser window ends with the digits “444”. Sometimes by simply altering the digits to a different number, like “445”, for example, a hacker can access other pages on the network.
2. Hole Testing: A more advanced form of hacking is by creating mini-applications that poke and poke to find holes in computer systems. Once the slightest breach in security is found, the system can be improperly accessed.
3. Phishing: Hackers sometimes create websites that look exactly like the real thing to trick users into entering personal information. For example, a hacker could create a site that looks like Hotmail, Bank of America, or eBay. Users then enter email addresses, passwords, credit card information, and other personal data, which hackers can use.