On July 29, 2008, a student at Georgia Highlands College was charged with hacking into his school’s computer system to change grades and steal other students’ and professors’ passwords. According to police authorities, Christopher Fowler used the login credentials of one of the school’s professors to access the school’s computer network. He also allegedly hacked the school’s VoIP (Voice over Internet Protocol) telephone system. Police investigators determined that Fowler obtained a password from a math professor by setting up a keystroke logger on the professor’s computer.
On November 17, 2008, Kentucky law enforcement authorities arrested Sungkook Kim, a college student at the University of the Cumberlands, for allegedly hacking into his fellow students’ email accounts and attempting to blackmail them with personal information he obtained in this way. Police investigators were able to determine that Kim pirated another person’s wireless router to send the threatening emails and that he had installed spyware on college library computers to capture logon IDs and passwords for students and faculty.
As usage of wireless networks increases in universities (60.1% of public universities, 70% of private research universities, and almost 45% of community colleges have such networks), these types of cyber-offenses have become common occurrences on college campuses across the country. Research on such offenses is conducted by the Campus Computing Project, a top-tier research entity that provides data regarding information technology (IT) on U.S. colleges, and Educational Security Incidents (ESI), an online research repository that collects data on security incidents in higher educational institutions. The number of losses and unauthorized disclosures of data has increased dramatically along with the number of colleges and universities affected, with larger universities becoming bigger targets of cyber-offenses due to their massive output of computer-generated information. The total number of reported cyber-related offenses rose 67.5% to 139 incidents in 2007, affecting 112 college campuses across the coun-try–a 72.3% jump from 2006. Physical theft of computers is also on the rise. Incidents of stolen computers were reported by 17.1% of college campuses, an increase from 13.5% in 2005.
The most common types of cyber-related offenses at college campuses tend to involve the release of information to unknown or unauthorized individuals, specifically from university IT personnel, with hacker-related offenses declining in the last several years. In fact, university employees are responsible for 47% of these types of cyber-related incidents, outnumbering outside hacker-style breaches by about 2 to 1. Although 2006-07 data shows that cyber-offenses involving social networking sites such as Facebook continue to increase annually (13%), network security is considered to be one of the greatest challenges facing college campuses across the United States. Personal information data, including names, addresses, birth dates, and Social Security numbers, from students and faculty members alike are the target of many of the breaches. More than 1 million numbers were disclosed, stolen, or lost in 103 separate cyber-related incidents on college campuses in 2007, according to the ESI. The largest increase came in disclosures of “educational” data, such as grades, which were involved in 30 cyber-related incidents in 2007 compared to only one in 2006.
To combat cyber-related offenses, legislation such as the Cyber Crime Act of 2007 and the Former Vice President Protection Act of 2008 has been enacted. The provisions of the Cyber Crime Act criminalize any threat to damage a computer network or disclose confidential information illegally obtained from a network; criminalize online conduct that causes damage to a large number of computers; prohibit the creation of a botnet, which a criminal could use to attack online businesses and other computer networks; permit law enforcement to seize computer equipment and other property used to perpetrate computer crimes; and authorize the U.S. Sentencing Commission to update its guidelines to reflect the severity of Internet crimes.
College campuses across the United States have also begun increasing their own cyber-security efforts in an effort to protect their networks from virtual threats. More than 44% of college campuses have a plan for network disaster recovery, according to the Campus Computing Project. Sixty-three percent of institutions had assessed their campus IT security risk in 2005, compared to 58% last year. Almost 60% have a plan for responding to hackers or data losses to the campus network infrastructure. In fact, 82.9% of college campuses have policies that discourage or discipline students who illegally download music and 29.1% use blocking technology of some kind.
- Campus Computing Project. (n.d.). Retrieved from http://www.campuscomputing.net/
- Guess, A. (2008). Data breaches hit more campuses. Retrieved from http://www.insidehighered.com/news/2008/02/12/breach
How ready are IT managers for a crisis. (2007). Retrieved from http://www.insidehighered.com/news/2007/10/24/computing