Hackers breach Widtsoe security

67

By Brandon Wells

More than 600 students? identities and personal information are in jeopardy due to a program illegally installed onto computers in the Widtsoe Building computer lab.

BYU?s Information Technology officials have not fully pinpointed the source of the program.

?We?ve turned some information over to the campus police and they are conducting an investigation,? said Rex Franson, managing director of operations and customer support at the Office of Information Technology.

On April 4, a program that records keystrokes was installed onto four computer workstations in the Widtsoe Building computer lab. The program tracks keystrokes typed by users, which are then sent to the installer, allowing access to confidential passwords and other identification such as Net IDs, bank account numbers and Social Security numbers.

The installer configured the tracking program to be invisible. A lab attendant discovered the tracking agent last Thursday when an unusual icon appeared as a visible indicator of the program on a lab computer desktop.

Franson said the university is taking the incident seriously.

?Due to the ubiquitous nature of computing and technology, it?s possible for people to access personal information and steal (other?s) identities,? said Franson. ?It is a criminal offense and we are treating it as such.?

Along with an investigation by the police, the university is correcting the security crisis by expiring the victims? Net ID passwords and informing them of the situation. Compromised students have also been informed as to what necessary precautions they should take.

Students have been advised to watch for unusual activity in their bank, e-mail, messenger, commerce and other personal accounts.

Brian Elledge, a junior biology major from Bakersville, Calif., said he received the warning from the university via e-mail. Elledge changed passwords on all of his personal accounts that may have been accessed, including two bank accounts, two e-mail accounts, his Route Y ID, and his BYU Idaho login.

?I?m sure I?ll look a little more closely when my statements come,? Elledge said.

BYU is implementing further measures to protect students by configuring workstations, expiring administrator passwords and installing video surveillance systems, but Franson says the best security is for individuals to protect themselves.

?It?s impossible to say that we can be one hundred percent sure of this not happening again,? Franson said. ?Individuals should take precaution to protect their personal identities.?

Some students are uncomfortable with having personal information available on university databases because of the potential for identity theft.

One preventative measure BYU has taken was implementing the new nine-digit student ID numbers in the summer of 2002. The student ID numbers replaced Social Security numbers as the primary means of identification on ID cards.

?I don?t think any schools should use that information [Social Security numbers] at all,? said Brian Skene, a senior finance major from Salt Lake City. ?My brother applied to MBA School at UC Berkeley and they required him to give his social security number and other personal information. Someone hacked into the system and got a hold of all of the files of MBA applicants and their personal information. Schools should stop doing it, period.?

Skene, one of the students affected by the security breech, confirmed having received a security notice from the university.

?It happens a lot in today?s society. I wasn?t happy about it, but it?s not like I can blame the school,? Skene said. ?It?s a big deal in the country in general. I think students are pretty ignorant about it. I always shred everything that has personal information, and even with all the precautionary measures it?s still possible for that information to be taken.?

Identity theft is an increasingly serious issue both locally and nationwide.

Steve Albrecht, associate dean of the Marriott School and an expert on identity theft, believes all individuals need to be aware of the threat.

?Every person should do three things,? said Albrecht. ?One, shred all documents with personal information on it; two, never set your garbage out until the truck comes because there?s lots of dumpster diving going on; and three, check your credit rating often.?

Albrecht?s fourth suggestion was to simply use common sense.

?Never leave your purse or wallet lying around,? advises Albrecht. ?You can never eliminate identity theft, you just kind of have to take the porcupine effect. You have to make it harder to get you than it is to get your neighbor, because they?re going to get someone.?

Print Friendly, PDF & Email