Download a hot new single, order that pair of sneakers you’ve been eyeing, send your best friend an IM, pay your cell phone bill, check your midterm grade, and chat it up with your philosophy classmates — all at once. Life as a college student wouldn’t be complete without the pleasures and conveniences of high-speed, modern-day technology, available on virtually every campus nationwide.
In fact, cyber-centric living has become such an integral part of the college lifestyle that many students don’t think twice about entering credit card numbers, Social Security numbers, and other personal information on Web sites regularly, nor do they take safety measures seriously. Unfortunately, your college’s computer network may not be as secure and fail-safe as you think. Take a look at just how much information students give out online, and the people who may be peeking in — and potentially using that information against you.
The Reality of Risk
Don’t think hacking could happen at your school? An alarming number of major universities, including University of Nevada (Las Vegas, NV) and the University of Connecticut (Storrs-Mansfield, CT) have reported hacking incidents in 2005 alone. For these and other schools, servers containing personal data — Social Security numbers, dates of birth, phone numbers, and addresses — were illegally infiltrated.
But just because a school is unaware of any security breaches doesn’t mean they haven’t happened. “I don’t think any school can say beyond a shadow of a doubt they’ve never had an instance of unauthorized access,” says Jason Wallace, chief information security officer at Norwich University (Northfield, VT). “Higher education is a very different situation than the corporate world — it’s much more difficult to deal with security at a college or university.”
Why is a university so much more difficult to protect than a corporation or a home computer? “The whole concept of higher education is about openness and the availability of resources,” Wallace explains. “I can’t imagine a college anywhere that’s running a Web site filter.”
Creativity and exploration are highly encouraged in the academic world, and as a result, there is more potential for hackers to find loopholes in a network that may not be ideally designed. In fact, most colleges still need to step up their security to the rapidly advancing hacker and virus technologies.
“Schools are trying to play catch up,” explains Dave Grant, director of product marketing at Watchfire, a company that produces Internet security software. “I’d say half of college Web sites are exploitable today, and about 75 percent of the hacks that occur are happening because the sites aren’t secured as well as they could be. The average Web developer doesn’t necessarily know much about security, so the sites get created with flaws.”
A Human Error
Beyond the “open” nature of colleges, sometimes people just make mistakes and the situation is simply out of your control. More than 300 City University of New York (CUNY) students were shocked and alarmed to discover that personal information of theirs — including Social Security numbers, loan information and amounts, and direct-deposit information — was freely available on the Internet. According to CUNY spokesman Michael Arena, the student info was made available due to a human error. A worker at the school had accidentally placed the file outside the school’s protected firewall, making it accessible to anyone. The private data even appeared via Google.com, the massively popular search engine.
What Can You Do?
If you’ve ever lost a wallet, you know the stress of having to cancel your credit cards, get a new ATM card, order a new Social Security card, and reconstruct the life that you so conveniently carried around in your pocket or purse. Now imagine if all that information was not merely lost, but deliberately stolen from you, and then exploited.
“It’s only been during the past five or so years that we’ve been using the Internet for buying things, ordering products, entering personal information,” explains Grant. “We have good reasons for doing it, but it’s gotten easy for hackers to steal personal information as we’re pushing more and more of our lives onto the Web.”
Whether infiltrating the databases that colleges keep online, or your own personal computer, hackers have a variety of ways to obtain personal information from you.
Protect Your PC
In order to prevent this and other cases of identity theft from occurring, there are several precautionary steps you can take.
“The important thing for students to understand is that protecting themselves from things like identity theft is largely dependent on them,” says Matt Curtain, author of Brute Force: Cracking the Data Encryption Standard (Springer, 2005) and frequent lecturer at Ohio State University (Columbus, OH). “Keep personal information personal. On campuses you’ll find people with tables set up trying to offer you credit cards or free cell phones, and requiring that you give them your Social Security number — don’t do it. The only time you ever need to give that out is for tax purposes or when dealing with the Social Security Administration.”
Also, take the time to set up your personal computer to be as hacker-proof as possible. “Using common name passwords — your girlfriend’s or boyfriend’s name, no combination of numbers and letters — is a big problem,” explains Grant. “They are easy to crack because hackers have programs that run through millions of simple login names looking for a match.”
Updated virus protection is a must as well. “There’s plenty of free anti-virus and anti-spyware software out there,” he adds. “Download it, and keep it current. Software that is a month old is useless, because new viruses are constantly popping up.”
An Inside Job
So these hackers are big bad cyber-meanies with nothing better to do than steal your personal info, right? Actually, sometimes the culprits are your peers.
In March of 2005, approximately 150 applicants to six of the country’s top business schools took advantage of a security vulnerability on a widely used admissions database for colleges and wrongfully accessed the site. The schools invaded included Dartmouth College (Hanover, NH), Carnegie Mellon University (Pittsburgh, PA), Duke University (Durham, NC), Massachusetts Institute of Technology (Cambridge, MA), and, last but certainly not least, Harvard University (Cambridge, MA) — which wins the prize for this year’s Most Over-Zealous Applicants, with 119 intruders. Every school but Dartmouth refused to admit any of the students, calling the infiltration a serious breach of ethics.
For those of us who think “encryption” is something you’d see in a horror film, here’s a breakdown of some of the ways tech thieves can get at your goods.
1. Forceful browsing: Let’s say you’re on a Web site and the URL address in the browser’s top window ends in the digits “444.” Sometimes, just by altering the digits to a different number — like “445,” for example — a hacker can access other pages on the network.
2. Testing for holes: A more advanced way to hack is by creating mini applications that poke and prod to find gaps in computer systems. Once the slightest breach in security is found, the system can be wrongfully accessed.
3. Phishing: Sometimes hackers create Web sites that look exactly like authentic sites to trick users into entering personal information. For example, a hacker might create a site that resembles Hotmail, or Bank of America, or eBay. Users then enter e-mail addresses, passwords, credit card information, and other personal data, which the hackers can then use.