Twitter
Facebook
Reddit
Digg
Tell us what you think!Send a letter to the editor about this or any other article in The Maine Campus.
With the number of hackers targeting university networks increasing, University of Maine officials say the probability of unauthorized access to servers is low. That has not stopped students from expressing concern about the distribution of their personal information.
Students’ fear of illegal access to personal information is justified – a Swedish computer user accessed the bursar’s computer at Indiana University in January, and took the names and Social Security numbers of more than 3,000 students. The security lapse occurred not because Indiana University, considered the most wired campus by Yahoo! Internet Life magazine, took ineffective measures to prevent such an attack, but because technology still cannot overcome human error. According to the school paper, the Indiana Daily Student, the usual employee in charge of the computer was sick and another employee attempted to bring the computer back on-line but forgot a step that left it exposed.
Indiana University joins Louisiana State University, where hackers changed grades earlier this year; the University of South Florida and Stanford University as other targeted networks. Technical analysts say this list underscores the reason why hackers target university computers.
“College and university systems are a natural target for hackers,” Ken Dunham, senior analyst at Security Focus, told the online newsletter, WiredNews. “They are large systems, often include public-use labs, so the identity of a computer cracker can often be easily concealed within the system.”
There are more than 100 servers on the University of Maine network, which hold specific departmental information. Information Technologies is responsible for 15-20 servers, among them the UMaine Web page, FirstClass and WebCt servers.
John Gregory, the executive director for IT, says that software scans the servers several times a day to detect forced access.
Unauthorized access to UMaine machines is usually not serious, in terms of compromised student or employee information, said Jerry Dube, director of UNET Technology Services and associate professor of computer science. But he said that people getting into the network is the problem.
“It is serious in the sense of abused resources,” said Dube. “Student data is on protected machines, but we have to be on top and jump very quickly to close any penetration.”
UMaine student information, payroll and human resources databases are behind two security layers, each requiring a password for access, said Gregory. The software that runs the student database, ISIS, is IBM Virtual Machine; a difficult program to hack, he said.
Most of the unauthorized network access occurs through academic department machines and through the residence hall network, especially through computers that use Microsoft and Unix operating systems, Dube said.
“Outside access of data is through passwords that are left accessible,” Dube said. “They are unchanged from the blank factory settings.”
The exposure of the Indiana University student information, accessed in January, was not discovered until the middle of February. The information, thus far unused, can be used to open credit cards and access bank accounts before the individual has any knowledge of it, Kurt Richter, an affected graduate student, told the Daily Student. With the information floating around the Internet, it could be months or years before someone, anywhere in the world, uses it.
What can be done with Social Security numbers was shown last week when a New York busboy used other people’s numbers and the Internet to steal millions of dollars from Steven Spielberg and Oprah Winfrey, among other celebrities. The Associated Press reported that Abraham Abdallah gained access to online credit reports for members of Forbes magazine’s list of richest people and opened credit card accounts in their names.
At UMaine, Social Security numbers double as student identification numbers. They are also used to access money on MaineCards when ordering pizza or when going to the dining commons without the card. Although university officials deny that the information can be accessed by outside sources, Samuel Bosse, a first-year student, feels Social Security numbers should not be used so carelessly.
“I hear stories of people hacking into other people’s computer,” he said. “I am not exactly sure what you could do with a Social Security number online, but either way, another number should be assigned for a student identification.”
Bangor Daily News