Slashdot Mirror
Viruses Stole City College of S.F. Data For Years
An anonymous reader sends this quote from an article at the San Francisco Chronicle:
"Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called 'an infestation' of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble."
"students and faculty have used college computers to do their banking"
That's the main problem. Using sensitive data through public locations such as a college computer is not, in any way, safe.
no surprise, considering the institution
The article really doesn't clarify whether these are viruses that are detected by anti-virus software on the market, or something novel and malicious that could only be detected recently. However, the tone of the article suggests poor management and an utter lack of protection from assault, rather than some incredibly creative black hats at work:
I can see the need for some sociology or psychology students to access porn, but only a very few on very specific projects. Methinks some faculty spanking material was the greater concern than student access to "research data" which could have been addressed by granting specific machines a bypass in the firewall configurations.
I do not fail; I succeed at finding out what does not work.
Article says they've had viruses lurking since 1999. What kind of network could possibly contain equipment that old? Also, not exactly a detailed story we've got there.
From what I've seen community college IT Tends to be pretty horrible. One of them out here had a server password of "password" and remoting on. Others tend to use a generic password on everything such as Mascot1 or gomascot1
10 years and not one single person in the entire IT department noticed? Uh why not? And how much money and info have these thieves gotten away with? Not sure about anyone else but if I had been or am currently a student there I would really be worried about what info the scammer's had/have. I'm gonna go with, this is just a little bit scary. And what do they mean they MIGHT need to bring in the FBI? At this point that is pretty much a given. Well I wish all of those whose info went south, good luck.
But enforcing laws on bad security should reign supreme on the likes of SOPA and friends.
FTA: "It's likely that personal computers belonging to anyone who used a flash drive during the past decade to carry information home were also affected." The college has a CS department providing courses for "seasoned IT professionals" (as per ccsf.edu) and nobody notices viruses on their flash drives (etc) over the past 10 years? Unlikely.
This is not the first time this has happened. It is just the first time we have heard about a virus being in place for a decade and not being detected.
I am sure there are more colleges and government agencies that are compromised like this.
As an added bonus. This is why you should post AC when posting from College.
vi +
Who, other than me, thinks that this would be a non-story if it weren't able to be blamed on THOSE EVIL FOREIGNERS. This story would be buried otherwise.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
when the college's data security monitoring service finally detected an unusual pattern of computer traffic. . .
FTFY.
Marco. Paging Marco Polo. You need to go settle your debt with that China character. That is not Uncle Sam's debt. Marco. You were supposed to settle all of that a long time ago.
Amerigo. Amerigo Vespucci. You're in debt. Your hip is dropping into the well. You need to go wrestle on that hill like Jacob did.
"Eh. No way. Tell Colombus to get in the box and he'll cough one up when he gets back."
Amerigo von Spratt (could eat no lean) wanted his name on something--he got two big ones. The really rich say that Chris was the lucky one because he put his name on the small country.
the NPG electrode was replaced with carbon blac
So, exactly what viruses were installed on these machines? Were they internet common, or something more targeted?
Is this simply a failure to install some decent anti-virus software, or something more involved?
I am John Hurt.
What's right is to rely on the US justice system, which requires that there be evidence of criminal activity prior to most searches and seizures. Further, judges need to be involved in adjudicating what constitutes probable cause. That is the way forward. Technology brings new challenges to law enforcement, but it also provides new tools. It is, as always, the job of the legal community to keep learning and stay abreast of technology, same as it is for everyone else. And when corporations or individuals want to pursue charges of copyright infringement, they must do so relying on the proper judicial structures as established. Copyright infringement is not some special crime which somehow doesn't require proper due process.
From TFA you quoted:
So you KNOW that you'll be going to sites KNOWN for "viruses".
Wouldn't you limit that kind of access to only a segment of the machines AND firewall them from the other machines so they cannot infect everyone AND erase the drives on a regular basis?
And, just for fun, give the computer science people access to the drive contents to that they can use the viruses found as examples in their classes. Under similar, controlled, conditions.
I think that every university network is completely compromised, including the major ivy league and top tier tech universities too. To see for yourselves how bad the problem is, just type the following searches into Google:
buy viagra cialis site:stanford.edu
buy viagra cialis site:harvard.edu
buy viagra cialis site:yale.edu
buy viagra cialis site:princeton.edu
buy viagra cialis site:columbia.edu
buy viagra cialis site:caltech.edu
buy viagra cialis site:mit.edu
Can anyone from these institutions' IT departments explain how they can process students' personal information on networks that have obviously been hacked and are hosting such criminal content? Don't the IT people scan the files on their servers once in a while and see this? Don't they ever check their access logs and see that people are being referred to their servers from google looking to buy drugs?
Are the IT people totally incompetent or are they putting up these sites themselves to earn a little extra money?
Where are the university presidents and the boards of governors? Why are they allowing their networks to be used for this?
What does this say about your CS degree @ UCSF?
JOb Interview...
me: So what college did you go to learn computers?
applicant: UCSF
me: did you notice anything while you attended there?
applicant: nope not a thing, it was a wonderful place, I had a great time and got an A+
me: I'm sorry, this job is important, I don't think you are right for this company.
I see corruption and failure in damn near everything now, Federal, State, Local.
Hilarious. carmenwiki FTW ;)
It DOESN'T go without saying, except here.
Relentlessly remind people that viruses are largely a consequence of running a "virus farm" OS.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
It is now a basic technique of any "respectable" virus to inject itself into the windows kernel and assure any access to infected executables or other components of the virus is being masked.
So scanning an already infected system is a very, very pointless endeavour. Actually it will lull you in a false sense of security. And believe, even the best virus scanner can't do anything against that. You would have to boot your own WinPE or something from that USB stick to stand any chance against modern viruses.
If you can boot, then boot into something like DSL (damn small linux) or knoppix. Checking an existing windows system is a waste of time - it is safe to assume it is already penetrated by several viruses.
In a school / research area porn blocker just end block stuff like breast cancer research and other stuff Even more so in a med lab.
clueless managers and some time even techs I thing that terry child's even saw some install viruses on the severs maybe even the same ones.
It's good that he did not give up the password over speaker phone in a room full on managers no telling how much they would of F* stuff up.
And there is a lot that is can be / is best learned on the job.
A 4 year CS is to long and is missing alot stuff that you can learn in a 2 year tech school.
But I say you take the 2 year tech school and make it in a rage from 1.5-3 year mixed class room / apprenticeship / on the job training. also have DROP IN on going education as part of it.
in IT there is the book / cert test setups and the real world filled old software / lots different 3rd party vender / software setups / hack jobs and so on that you can only get a feel for by doing the real work. Also DROP IN on going education is some there a tech school can do where a university is a very poor setup for.
Also the university has lot's of filler and fluff classes that in the same time can be better filled in tech class out side of your core area. Let's say need to fill a class
out side of your core IT area what is better tech school visual basic or a university art history? also a tech school can have hobby / not full time classes as some
filler / out side of the main core area stuff. Where a university can take stuff like Underwater Basket Weaving and find a way to make in to full time class.
The founding fathers would have wanted it this way.
NOT TRUE!!! They believed very strongly in the separation of Church and Shite
is to write a check, stuff it in an envelope, and drop it into the US Mail to pay your bills. Offline. Making withdrawals means drive to the bank, use your passbook, withdraw cash. If there's any computer viruses involved in those, it won't be YOUR fault and should be protected by FDIC insurance. Hopefully.
You are barely literate.