Slashdot Mirror

← Back to Stories (view on slashdot.org)

Viruses Stole City College of S.F. Data For Years

Posted by Soulskill on from the measuring-failure-in-decades dept.

An anonymous reader sends this quote from an article at the San Francisco Chronicle: "Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called 'an infestation' of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble."

13 of 93 comments (clear)

  1. Human failure by Anonymous Coward · · Score: 4, Insightful

    "students and faculty have used college computers to do their banking"

    That's the main problem. Using sensitive data through public locations such as a college computer is not, in any way, safe.

    1. Re:Human failure by betterunixthanunix · · Score: 5, Insightful

      After years of explaining this to people, I have come to the conclusion that no matter what people are going to do it. Simply put, if banks allow people to log in to their accounts from random computers, people are going to do so without any regard for security. It is convenient, and the one thing you can expect people to do is something that is convenient.

      --
      Palm trees and 8
    2. Re:Human failure by Anonymous Coward · · Score: 4, Funny

      write only thumbdrive

      That sounds pretty useless

    3. Re:Human failure by Khyber · · Score: 4, Funny

      No! It's a GREAT layer of security! You can't load into memory what you can't read!

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    4. Re:Human failure by tlhIngan · · Score: 3, Informative

      After years of explaining this to people, I have come to the conclusion that no matter what people are going to do it. Simply put, if banks allow people to log in to their accounts from random computers, people are going to do so without any regard for security. It is convenient, and the one thing you can expect people to do is something that is convenient.

      It's called Dancing Pigs. A user will most likely pick convenience over security.

      And any bank that prevents logging in from public computers will be laughed out of business - people expect to be able to bank anywhere and everywhere. Even on their cellphones (they can't wait to go home and do it then...).

      No way around it, unfortunately, and educating the user is a pointless exercise because they'll just go back to their old ways.

      Perhaps if the bank issued them special keypad calculators that could compute transaction hashes (for two-factor authorization) things would help. But no.

      And given banks already use Wish It Was Two-Factor, things won't be improving at all.

  2. Since 1999? by Anonymous Coward · · Score: 3, Insightful

    Article says they've had viruses lurking since 1999. What kind of network could possibly contain equipment that old? Also, not exactly a detailed story we've got there.

    1. Re:Since 1999? by FoolishOwl · · Score: 4, Insightful

      A network that is heavily used by a chronically underfunded institution -- that's what kind.

  3. Not surprising by Niris · · Score: 3, Funny

    From what I've seen community college IT Tends to be pretty horrible. One of them out here had a server password of "password" and remoting on. Others tend to use a generic password on everything such as Mascot1 or gomascot1

  4. CS Dept by Mannfred · · Score: 3, Interesting

    FTA: "It's likely that personal computers belonging to anyone who used a flash drive during the past decade to carry information home were also affected." The college has a CS department providing courses for "seasoned IT professionals" (as per ccsf.edu) and nobody notices viruses on their flash drives (etc) over the past 10 years? Unlikely.

    1. Re:CS Dept by ArundelCastle · · Score: 3, Interesting

      The college has a CS department providing courses for "seasoned IT professionals" (as per ccsf.edu) and nobody notices viruses on their flash drives (etc) over the past 10 years? Unlikely.

      I don't think we're talking about the era of Stoned on a boot sector anymore. If this is a decade of organised crime, it's going to be a bit more sophisticated.

      You might want to check out Stuxnet before you presume any amount of caution or aptitude can so easily subvert a sufficiently developed worm. Whatever someone might think about how people "over there" do things, I feel it's a safe assumption that the professionals working at a middle-east nuclear plant would also be qualified to work at a San Francisco college.

  5. Correction by dtmos · · Score: 3, Insightful

    when the college's data security monitoring service finally detected an unusual pattern of computer traffic. . .

    FTFY.

  6. Re:Missing details by Anonymous Coward · · Score: 4, Informative

    I don't know WTF porn sites you guys are visiting, but there are PLENTY of them out there that have no popups, no viruses, and fewer ads than MSNBC. Serioiusly. Porn sites with viruses are NOT porn sites. They are VIRUS sites that use porn to attract virus clickers. Did you learn nothing from Anna Kournikova?

  7. Re:Missing details by Corbets · · Score: 3, Funny

    Damn good point. I've never caught a virus from a porn site in 20+ years.

    In fact, they've only fired the anti-virus on REGULAR sites that had drive-by malware ad-banners hosted by GOOGLE of all places!

    In fact, porn has probably helped me not catch many a virus from the local gentleman's establishment...