When colleges drop the ball on computer security, it’s not only their own students and staff members who suffer. At Framingham State College, a security hole allowed interlopers to gain control of college e-mail system accounts and send threatening messages all over the country.
The messages were “essentially threatening someone in exchange for money,” Patrick Laughran, the college’s chief information technology officer, told the MetroWest Daily News this weekend. He did not give further details about the messages.
The breach was discovered on March 8 and promptly repaired, he said. Additional layers of security have been added to campus servers and students have been asked to strengthen their passwords—this usually means making them more complex—to reduce vulnerability.
Mr. Laughran said he did not know how many of the threatening messages were sent, but the college got at least 50 telephone complaints from people who did receive them. The Federal Bureau of Investigation is now involved, and the Internet addresses of the hijackers have been traced back to China, Russia, and Sudan.
Colleges have acquired a well-deserved reputation for vulnerable computer systems, and many students’ Social Security numbers have been exposed to identity thieves. This is an escalation, however. With the advent of malware such as bot-nets—networks created when viral software enslaves remote computers, forcing them to do things like sending out threatening e-mail messages—colleges and other organizations with porous security can harm people with absolutely no connection to the institution.
—Josh Fischman, The Wired Campus