Skip to Content, Navigation, or Footer.
Friday, July 17
The Indiana Daily Student

Internet security remains a priority at IU

USC, UConn, Boston College also compromised

IU's not the only university frequented by hackers.\nOfficials at University of Southern California are contacting roughly 270,000 people with some bad news: a hacker may have had access to their files. \nThe security flaw, which left personal information of everyone who had applied to the school in the past eight years vulnerable, was discovered by a hacker last June, who reported the error and is not believed to have used the information maliciously.\nThe breach in security, however, is not a new problem for college networks. Similar incidents have recently occurred at the University of Connecticut, Boston College and University of California Berkeley, in addition to several other campuses nation-wide. \nAlthough IU has seen its share of security issues, faculty and staff say they have been working hard to prevent system-wide security breaches and raise awareness about a new type of security threat. \n"IU likely has more people working on security issues than any other college or university," said Mark Bruhn, chief IT security and policy officer for UITS, in a recent e-mail. \nAfter an incident in 1997, in which personal information about faculty was discovered and posted on a public Web site, the University IT Policy and Security Offices were formed in order to increase security. Two incidents in 2001, which left student information exposed, prompted the board of trustees to pass a resolution that gave UITS authority to enhance security campus-wide. \nWith the implementation of PeopleSoft, IU also replaced social security numbers with student ID numbers, a move which leaves less personal information vulnerable to breaches. \nIn addition, Bruhn said, IU is actively promoting IT security through other means, such as their Web site, www.ren-isac.net, which provides security information to other colleges and universities.\nBruhn pointed out that impenetrable security, however, does not exist.\n"Even as we layer security on these central computers and databases, security cannot be 100 percent," he said. "We will never be immune from security breaches, though we have taken steps to minimize the chances." \nIU informatics faculty Filippo Menczer and Markus Jakobsson are working to raise awareness about another security issue -- an attack known as "phishing." In a controversial study conducted through one of Menczer's courses last semester, Menczer's students used publicly available information to trick other students into clicking on a link -- spoofing the e-mail address of a friend, for example, so the e-mail appeared to be from someone close. \nAccording to Menczer, 72 percent of IU students clicked on the link, which did not harm their computers, when the e-mail appeared to be from someone they knew. \nWhile many students were upset that they were included in the experiment without giving consent, Jakobsson said it was a necessary in order to obtain results and ultimately find a solution to the problem of phishing.\n"We're not doing this to harm people, but in order to tell people, legislatures, technical people and citizens, that this is a very ugly situation that is going to unfold and we need to do something," he said. \nJakobsson said phishers can do worse than imitate a friend, however; they can pretend to be your bank.\n"Everyone thinks their mother's maiden name is something they tell to people at their bank in order to verify who they are, and no one else could guess it," he said. "My student and I downloaded a huge amount of information, and we have derived over 4 million mother's maiden names for people born in Texas." \nUsing public records, phishers can profit by obtaining bank account information from unsuspecting users who believe e-mails from their banks that provide personal information, such as their mothers' maiden name, must be legitimate. \nJakobsson said the best defense against phishers is staying one step ahead. \n"It's like a game of chess," he said. "You think of the best move for the opponent and then you think of a countermove. We're both the evil guys and the good guys at the same time, which makes it kind of interesting"

Get stories like this in your inbox
Subscribe