Skip to Content, Navigation, or Footer.
Saturday, Feb. 24
The Indiana Daily Student


Bloomington Faculty Council members discuss IU cybersecurity

Provost and Executive Vice President Lauren Robel speaks during the Bloomington Faculty Council meeting held in Presidents Hall Tuesday afternoon.

Hacking is a huge problem around the world, especially at IU. Professor Brad Wheeler gave a cybersecurity report at the Bloomington Faculty Council meeting Tuesday. In the report, Wheeler discussed the security surrounding IU websites and internet.

In the spring, thousands of IU users were sent phishing messages. These were emails that looked as though they were urgent messages sent by the University, but they had been sent by other individuals.

The messages contained links that would take users to a site where they would enter their usernames and passwords. From there, the hackers could access their information and redirect their paychecks.

“This isn’t somebody in their basement,” Wheeler said. “There are sweatshops that decide they want to focus on IU.”

The mail was blocked by administrators, but any evidence of hacking could not be determined if the link was not clicked while on IU internet. Approximately 800 users had given up their names and credentials before the hack was discovered.

Wheeler said of the 2.6 to 2.8 billion email messages that circulate through the IU server each year, 83 percent is known spam. Filters killed 2.1 billion messages last year. While most emails are killed before they reach the server, there are still messages that can get through.

“It’s an unending game of Whack-A-Mole,” Wheeler said.

Professor Bruce Solomon shared his experience with phishing. He said he woke up to 5,000 emails one day while his account was being accessed.

“I had no idea this was a new kind of attack,” Solomon said. “They just attempt to spam you with so much email that you don’t notice your bank account warning you.”

New security measures have been made since then. Duo, or Duo Mobile for devices, has the user authenticate through a second source. This process is called two-factor authentication.

Wheeler also talked about the Central Authentication System redesign. The username and password fields dynamically adjust height and color to make it harder for hackers to spoof the CAS login page, Wheeler said.

“We are in for a very long run of problems here,” Wheeler said. “The bad guys are running at a pace that outpaces the good guys.”

With the new procedures, Wheeler said he hopes future events like this can be 

“Any type of approach we take is always going to have some little weakness in it,” Wheeler said.

In other business, the council discussed a proposed change in the BFC bylaws that affects representatives for different school policy committees and listened to a report of the Budgetary Affairs Committee.

Get stories like this in your inbox