SF college tries to estimate damage from 12 uninterrupted years of virus infection

Infection started in 1999 may have affected 100,000 students and staff

By  

Colleges and universities are notoriously porous– to the point servers owned by them are often used even by non-student hackers as proxies to hide their origins, storage locations for stolen data and as broadcast facilities for malware mailings.

And that's in addition to hacking done both to and from University systems by hackers-in-training who actually are enrolled in the university.

City College of San Francisco had particularly bad security, according to Hotchkiss, who took over as CTO in July of 2010.

Shortly before Hotchkiss arrived, the IT staff installed a firewall that cut off access to porn sites – until faculty members complained that students needed access to porn sites for research.

Access to the porn sites, and the viruses they often distribute, was returned.

The rest of City College's security wasn't anything to brag about, either. The cash-strapped school rarely had any money to spare for antivirus software, or any other type of security according to IEEE Spectrum.

A set of rigid policies that made it difficult to decide to make changes to security, let alone implement them, made it difficult to adapt security in even the most basic ways.

"When I found out they hadn't changed passwords in over 10 years, I hit the roof," Hotchkiss told the Chronicle.

Even after months of logging and analyzing data from the viruses already identified, Hotchkiss and the City College IT crew are no closer to cleaning out or securing the network.

They're going through the College's 17 computer systems one by one to identify where the infections are and what types of information they had stolen and are preparing to notify, in accordance with state law, everyone whose personal information might have been stolen through City College sites.

Hotchkiss, the City College IT department and external service provider that identified the infection in the first place haven't even identified everyone who might be at risk or identified other potential areas in which the school's systems may have been penetrated.

Photo Credit: 

City College of San Francisco

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness