Viruses Stole City College of S.F. Data For Years 93
An anonymous reader sends this quote from an article at the San Francisco Chronicle:
"Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called 'an infestation' of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble."
Human failure (Score:4, Insightful)
"students and faculty have used college computers to do their banking"
That's the main problem. Using sensitive data through public locations such as a college computer is not, in any way, safe.
Re:Human failure (Score:5, Insightful)
Re: (Score:3)
Yeah, that's not something that I ever do. I logged into my email one time from a random computer, but that's the only time. I did change my password shortly thereafter and didn't have any trouble.
These days what I do is run a virus scan from a write only thumbdrive before I do anything at all on a strange computer. (If anybody is curious, I'm using a kanguru flashblu 2 with a portable antivirurs program and it works just great for that)
Re:Human failure (Score:4, Funny)
write only thumbdrive
That sounds pretty useless
Re:Human failure (Score:5, Funny)
No! It's a GREAT layer of security! You can't load into memory what you can't read!
Re: (Score:1)
These days what I do is run a virus scan from a write only thumbdrive before I do anything at all on a strange computer. (If anybody is curious, I'm using a kanguru flashblu 2 with a portable antivirurs program and it works just great for that)
If you're making the effort, you could just as well keep an Ubuntu live-boot USB key.
Your only security worry then would be hardware keyloggers, and you'd get the considerable bonus of not having to suffer a strange computer's browser - few things are more horrifying than IE with only half the window's real-estate usable for plugins.
Re: (Score:2)
The only problem with that is that you're not necessarily going to be able to get online in that fashion. True it is more secure, but by the same token if one needs to go online one is going to have to take some risks.
And since it wasn't clear, I don't personally visit banking sites like that nor do I log into sites where I don't have a OTP as part of the log in requirements.
Re: (Score:1)
Re: (Score:2)
It depends what you're doing. I shouldn't have implied that I'd be typing in passwords to such a machine because you are indeed correct about that. I also shouldn't have implied that I would be logging into a banking site like that. I load up my own web browser and don't log into any site where I'm not using an OTP as part of the set up.
I'm mostly worried about viruses on the odd occasion where I'm needing to check email at a cyber cafe.
Viruses Conceal Themselves - SOP (Score:1)
It is now a basic technique of any "respectable" virus to inject itself into the windows kernel and assure any access to infected executables or other components of the virus is being masked.
So scanning an already infected system is a very, very pointless endeavour. Actually it will lull you in a false sense of security. And believe, even the best virus scanner can't do anything against that. You would have to boot your own WinPE or something from that USB stick to stand any chance against modern viruses.
If
Re: (Score:2)
Even if you boot from trusted media to run the malware scan, there is no guarantee that the system won't be infected with a piece of malware for which your scanner has no signature.
A better approach, although obviously not foolproof...
Boot from the thumbdrive, and then use that OS to access the internet...
Make sure the OS has an on screen keyboard or a non standard key mapping so as to confuse any potential hardware keylogger.
Re: (Score:2)
Re: (Score:2)
You should boot from the USB drive and then scan. Kaspersky has one.
Re: (Score:2)
Yeah in a small town library several days ago I saw people doing their banking on public computers.
Re: (Score:1)
That happens a lot I am sure, there is no security, I bet the computers were running Windows XP. The local library I visit sometimes has Windows XP computers with SP2, in 2012! There needs to be a better default operating system we could deploy in these circumstances that would do a better job of security. But if there is a hardware keylogger hidden behind the machine, then the most secure OS in the world will not protect you.
I can not manage my website on their computers as I need to use port 2083 to conne
Re: (Score:2)
The library here has a 50/50 mix of imacs and xp boxes, the imacs tend to be in use while the xp boxes sit idle...
Re:Human failure (Score:4, Informative)
It's called Dancing Pigs [wikipedia.org]. A user will most likely pick convenience over security.
And any bank that prevents logging in from public computers will be laughed out of business - people expect to be able to bank anywhere and everywhere. Even on their cellphones (they can't wait to go home and do it then...).
No way around it, unfortunately, and educating the user is a pointless exercise because they'll just go back to their old ways.
Perhaps if the bank issued them special keypad calculators that could compute transaction hashes (for two-factor authorization) things would help. But no.
And given banks already use Wish It Was Two-Factor [thedailywtf.com], things won't be improving at all.
Re: (Score:2)
Perhaps if the banks had better opening hours, people could actually go to the branch when they were out and about instead of having to use the cybercafe next door.
Re: (Score:2)
Perhaps if the banks had better opening hours, people could actually go to the branch when they were out and about instead of having to use the cybercafe next door.
I've only gone into a physical bank in recent years to pay in accumulated bags of coins.. Apart from having ATMs I really don't know why they bother having branches any more.
Re: (Score:2)
Perhaps if the bank issued them special keypad calculators that could compute transaction hashes (for two-factor authorization) things would help. But no.
My bank kinda does. HSBC gives you a little red keypad thing which generates a code you need to log in with. Once in you can repeat actions you have done in the past, e.g. paying off a bill, but if you want to do something new like set up a money transfer to an account you have never sent money to before then you have to enter another code.
Re: (Score:2)
People doing taking care of private affairs during work hours is a old story.
Re: (Score:1)
Re: (Score:2)
The worst thing is, assuming you trust the staff, a college computer lab is managed by paid staff who you would assume have some level of competence...
The average home computer on the other hand is not.
The difference from a hacker's perspective is that the average home computer, while horrendously insecure and usually not managed by someone with an IT background, only has one user to steal bank details from... A lab computer may have several.
A lab computer is also more likely to have a shared authentication
Re: (Score:2)
"students and faculty have used college computers to do their banking"
That's the main problem. Using sensitive data through public locations such as a college computer is not, in any way, safe.
So let's just get rid of internet banking entirely, as it can never be 100% secure?
Missing details (Score:3, Interesting)
The article really doesn't clarify whether these are viruses that are detected by anti-virus software on the market, or something novel and malicious that could only be detected recently. However, the tone of the article suggests poor management and an utter lack of protection from assault, rather than some incredibly creative black hats at work:
I can see the need for some sociology or psychology students to access porn, but only a very few on very specific projects. Methinks some faculty spanking material was the greater concern than student access to "research data" which could have been addressed by granting specific machines a bypass in the firewall configurations.
Re: (Score:3)
I can see the need for some sociology or psychology students to access porn, but only a very few on very specific projects. Methinks some faculty spanking material was the greater concern than student access to "research data" which could have been addressed by granting specific machines a bypass in the firewall configurations.
Methinks the porn blocker was probably overzealous*, and blocked way to much.
* In general, those blockers come in two variations: The overzealous type, which gets in the way of normal usage, or the useless type, that blocks next to nothing.
Re: (Score:2)
>Methinks the porn blocker was probably overzealous*, and blocked way to much.
This is the problem with filters. They don't block enough of the "bad" material and they block too much of the "legitimate" material.
For instance, I am currently in the library down the road from my house, and the filter blocks scribd of all things. But getting around the filter is as simple as going to a proxy. Access to porn is as simple as just finding something that isn't in the filter, which is surprisingly easy, like si
Re: (Score:2)
It's usually a matter of poor management when these things happen. There are malware programs popping up all the time that aren't detectable, but those tend not to remain undetectable for years.
Firewall from the inside. Erase after. (Score:2)
From TFA you quoted:
So you KNOW that you'll be going to sites KNOWN for "viruses".
Wouldn't you limit that kind of access to only a segment of the machines AND firewall them from the other machines so they cannot infect everyone AND erase the drives on a regular basis?
And, just for fun, give the computer science people access to the drive contents to that they can use the viruses found as examples in their
Re: (Score:3)
No, I'd suggest loading a VM for surfing questionable sites, and nuking it after you're done.
Re:Missing details (Score:4, Informative)
I don't know WTF porn sites you guys are visiting, but there are PLENTY of them out there that have no popups, no viruses, and fewer ads than MSNBC. Serioiusly. Porn sites with viruses are NOT porn sites. They are VIRUS sites that use porn to attract virus clickers. Did you learn nothing from Anna Kournikova?
Re: (Score:2)
Damn good point. I've never caught a virus from a porn site in 20+ years.
In fact, they've only fired the anti-virus on REGULAR sites that had drive-by malware ad-banners hosted by GOOGLE of all places!
Re:Missing details (Score:4, Funny)
Damn good point. I've never caught a virus from a porn site in 20+ years.
In fact, they've only fired the anti-virus on REGULAR sites that had drive-by malware ad-banners hosted by GOOGLE of all places!
In fact, porn has probably helped me not catch many a virus from the local gentleman's establishment...
Re: (Score:2)
And porn sites are blocked by many filters, therefore reducing the potential targets for a malware spreader...
Web distributed malware these days tends to come from legit sites, or legit banner hosts etc that have been hacked... When you have thousands of infected workstations running keyloggers it's not hard to capture a webmaster logging in to his site and then you can follow him in and add your malicious code to his genuine site.
Re: (Score:2)
Did you learn nothing from Anna Kournikova?
Yes, that appearance trumps talent nowadays.
Try blocking breast cancer research as breast (Score:3)
In a school / research area porn blocker just end block stuff like breast cancer research and other stuff Even more so in a med lab.
Since 1999? (Score:3, Insightful)
Article says they've had viruses lurking since 1999. What kind of network could possibly contain equipment that old? Also, not exactly a detailed story we've got there.
Re: (Score:2)
it still occasionally spits out a report of its config to one of my email accounts
And that email account is in Russia? ;)
Re:Since 1999? (Score:5, Insightful)
A network that is heavily used by a chronically underfunded institution -- that's what kind.
Re: (Score:2)
Why yes, it must be the under-funding. It couldn't be anything from clueless IT, clueless administrators, or bean-counters with too much power over the IT department.
Re: (Score:2)
All those things could have contributed to a security oversight. But I was answering the question of why the network would have ten-year-old equipment. CCSF has had several rounds of layoffs and course cancellations, and has had to completely drop summer courses. So under those conditions, old equipment may stick around for a while.
Re: (Score:2)
Do you have evidence of those assertions? Just what is it about the fact "a computer from 1999 is still running somewhere" automatically implies cluelessness? Hell, there's still computers out there from the *1950s* still running...are their operators clueless too?
Re: (Score:1)
Re: (Score:2)
That's an "old" educational system? What's a "new" educational system? What you describe seems fairly common to me (regardless of the size of the school or its age, as I've seen both in hundred+ year institutions with under 2,000 students as well as in modern for-profit educational organizations with tens of thousands (and everything in between). I know that many, many universities still do this.
Re: (Score:2)
Re: (Score:2)
I was talking about layoffs of instructors and support staff such as counselors, not about the retirement of administrators.
Re: (Score:2)
Virtualization may do that. Someone virtualizes an old machine with malware, and voila, there you go. You've just perpetuated the problem indefinitely.
If they're using, say, Symantec products, it's really not difficult to see this problem being perpetuated, is it? Something from 1999 may not have had AV on it originally, but they realized later down the line it was necessary but thought it too old to be problematic... voila, instant perpetual malware vector.
I recently found a machine which had malware on it
Not surprising (Score:4, Funny)
Re: (Score:1)
Re: (Score:2, Informative)
From what I've seen community college IT Tends to be pretty horrible. One of them out here had a server password of "password" and remoting on. Others tend to use a generic password on everything such as Mascot1 or gomascot1
IT Dunce A: Crap! Someone out there knows our password "gomascot1"!
IT Dunce B: No worries, I'll go ahead and change it to "gotigers1".
IT Dunce A: Phew!
Same IT full of clueless managersthat terry childs (Score:2)
clueless managers and some time even techs I thing that terry child's even saw some install viruses on the severs maybe even the same ones.
It's good that he did not give up the password over speaker phone in a room full on managers no telling how much they would of F* stuff up.
Semi related drunk opinion here (Score:1)
Re: (Score:2)
CS Dept (Score:3, Interesting)
Re: (Score:3)
It depends upon which classes you take, of course. CCSF has a couple of smaller labs used by CS and CNIT students. The big computer labs seemed to be used primarily by students watching movies, secondarily by students writing essays or doing other sorts of homework.
I have to admit that one time, after using a flash drive on a Windows PC in the main computer lab at CCSF, and later using that flash drive on a Linux box, I noticed there was some sort of malware on my flash drive that would autoexecute on a Win
Re: (Score:2)
Judging by the intellectual capacity and knowledge of their CS/IT graduates, not fucking likely. I'm surprised they're able to remain accredited.
Re:CS Dept (Score:4, Interesting)
The college has a CS department providing courses for "seasoned IT professionals" (as per ccsf.edu) and nobody notices viruses on their flash drives (etc) over the past 10 years? Unlikely.
I don't think we're talking about the era of Stoned on a boot sector anymore. If this is a decade of organised crime, it's going to be a bit more sophisticated.
You might want to check out Stuxnet [wikipedia.org] before you presume any amount of caution or aptitude can so easily subvert a sufficiently developed worm. Whatever someone might think about how people "over there" do things, I feel it's a safe assumption that the professionals working at a middle-east nuclear plant would also be qualified to work at a San Francisco college.
Re: (Score:2)
...
I don't think we're talking about the era of Stoned on a boot sector anymore. ...
oh the memories, my first infection. At the time, i was stoned, and my computer booted up and told me it was stoned, and I was like, sweet, dude...
Then i realized something wasn't right, and proceeded to infect a few more disks.
Good times!
Also, I'm am currently stoned right now. =)
Re: (Score:1)
Good times indeed! Where would we be without our Vitamin M? :-)
Not the first time (Score:2)
This is not the first time this has happened. It is just the first time we have heard about a virus being in place for a decade and not being detected.
I am sure there are more colleges and government agencies that are compromised like this.
As an added bonus. This is why you should post AC when posting from College.
Blame the foreigners (Score:1, Insightful)
Correction (Score:4, Insightful)
when the college's data security monitoring service finally detected an unusual pattern of computer traffic. . .
FTFY.
Marco (Score:1)
Marco. Paging Marco Polo. You need to go settle your debt with that China character. That is not Uncle Sam's debt. Marco. You were supposed to settle all of that a long time ago.
Amerigo. Amerigo Vespucci. You're in debt. Your hip is dropping into the well. You need to go wrestle on that hill like Jacob did.
"Eh. No way. Tell Colombus to get in the box and he'll cough one up when he gets back."
Amerigo von Spratt (could eat no lean) wanted his name on something--he got two big ones. The really rich
Okay... (Score:2)
So, exactly what viruses were installed on these machines? Were they internet common, or something more targeted?
Is this simply a failure to install some decent anti-virus software, or something more involved?
What's right is... (Score:1)
What's right is to rely on the US justice system, which requires that there be evidence of criminal activity prior to most searches and seizures. Further, judges need to be involved in adjudicating what constitutes probable cause. That is the way forward. Technology brings new challenges to law enforcement, but it also provides new tools. It is, as always, the job of the legal community to keep learning and stay abreast of technology, same as it is for everyone else. And when corporations or individuals wan
Re: (Score:2)
Yes, that is exactly what the government is doing right now in regards to proper due process.
Re: (Score:2)
WTF? How did my comment get appended to this topic? I thought I attached it to a different one. Sorry, folks.
Re: (Score:3)
The article is about CCSF (a community college).
university CS = high level theory tech school = IT (Score:2)
And there is a lot that is can be / is best learned on the job.
A 4 year CS is to long and is missing alot stuff that you can learn in a 2 year tech school.
But I say you take the 2 year tech school and make it in a rage from 1.5-3 year mixed class room / apprenticeship / on the job training. also have DROP IN on going education as part of it.
in IT there is the book / cert test setups and the real world filled old software / lots different 3rd party vender / software setups / hack jobs and so on that you can
Windows viruses (Score:2)
It DOESN'T go without saying, except here.
Relentlessly remind people that viruses are largely a consequence of running a "virus farm" OS.
Re: (Score:1)
The Only Real Way (Score:1)
is to write a check, stuff it in an envelope, and drop it into the US Mail to pay your bills. Offline. Making withdrawals means drive to the bank, use your passbook, withdraw cash. If there's any computer viruses involved in those, it won't be YOUR fault and should be protected by FDIC insurance. Hopefully.