Friday, January 13, 2012

Computer Viruses Stole User Data...for Years

I saw an article in today's San Francisco Chronicle describing how the computers at City College may have been infected with a number of viruses. The situation is not good. The devices were sending personal data to addresses in Russia, China, and other places, and the IPs in some cases were known criminal operations. You can read about it here, and it is not pretty reading.

It isn't surprising that general purpose workstations are used by students for all kinds of purposes, including research. In visiting a lot of sites and checking assorted social networking sites, the machines can become infected. In many cases, this would be just annoying since the most that any bad guys might get would be your course schedule. But things are not that simple.

Your students (and faculty and staff and ...) also use those machines to do home banking, check credit card accounts, and do all kinds of other stuff where their credentials can be stolen and shipped off to badguys.com. And that appears to be what happened here.

Oh, by the way, it looks like it has been happening for years. That's not a typo. Years. And "tens of thousands of students."

There is a lesson here. PCI requirements for anti-virus and other protections should apply across the board. Users should be warned that the person before them may have inadvertently downloaded a virus or other malware, so don't do anything confidential or financial. We live in a dangerous world, and the Internet is a very dangerous place.

I don't know how all this will work out for City College, which is a fantastic institution. I've taken a few courses there, and the faculty is great. The big thing on this Friday 13th is to learn a lesson about the need to protect the systems your students, faculty, and staff use.

No comments:

Post a Comment