Computer crime on rise as U-M, others try to keep IT safe

University of Colorado staff on July 21 faced the unenviable task of telling nearly 43,000 people via e-mail that their personal information had been compromised, as two university servers had been hacked.

It was a timely reminder of the importance of computer system security, as two weeks later and 1,130 miles away, U-M's year-old Information Technology (IT) Security Council and IT Security Services Office convened the "Security for U-M IT (SUMIT) 2005."

In the daylong symposium Aug. 4 at Hale Auditorium in the Stephen M. Ross School of Business, more than 150 staff members and guests heard about current trends in computer crime, including phishing—the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information. More than 200 participants viewed the presentations via a live Webcast.

Paul Howell, chief U-M information technologies security officer, said nearly all University staff and faculty are deeply reliant on computers, even those in disciplines seemingly removed from computers and technology.

"When you think of English or poetry classes using Course Tools, here's a class that may not have any tie to computers in a traditional sense," he said, as English or language skills are not dependent on technical computer know-how. "Yet, they're using it (a computer) as a tool and an aid in their academic program; we see this throughout the University."

And growing reliance on computers worldwide has been followed by a rise in computer crime. Howell said one trendy scam involves hacking into personal computers and making them part of a bot network. A bot is a software program that imitates the behavior of a human, by querying search engines or participating in chat rooms or Internet relay chat discussions.

"People will break into your computer and install a program that is very difficult for you to detect. It allows the intruder to remotely control your computer," he said. Howell said a clue that a personal computer has been compromised could be that it runs slower than normal, or runs slowly at the same time each day.

"You should alert your IT support person and give as much information as you can. Make sure you pick a strong password," said Howell, who previously coordinated security for Michigan Administrative Information Services. "Try to make sure it's as non-guessable as possible. I think it's better to have a random password than an easy-to-remember password.

"While the security is getting better, it's still not good enough to prevent these types of attacks from succeeding," he added. "That's why education and awareness are so important to get that message out." Howell urges writing down a complex password and keeping it in one's wallet—but don't stick it to the computer screen.

"We've been asked, 'Why not firewall all the bad stuff on the Internet and allow only the good stuff?' It's not all that easy," he said. Howell said part of the challenge for staff is determining where to best focus security efforts, as the University has finite resources and is unable to blanket all computer operations with security programs.

Besides initiating annual symposia on computer network security, the IT Security Services Office plans smaller ongoing presentations geared to staff and students. "We're getting material for a new employee orientation program, and we've created a computer security course for non-IT managers," Howell said.

Along with Howell, symposium presenters included FBI criminal computer expert Erkan Chase. "If you look at the history of computer crimes, they typically start out with a juvenile hacker," he said. Chase added these juveniles typically compete with hacker friends for bragging rights.

Asked what types of computer crimes he's seen directed at universities, Chase said, "For the most part it's the personal and financial data; identity theft—Social Security numbers that are being sold. It's very, very valuable."

Chase said one common trend in computer crimes involves eastern European hackers targeting e-commerce sites. They demonstrate to the e-business that they have hacked their files, and seek money to keep their files from being sold. "And they've already sold them," Chase said.

In his presentation "Google Hacking," wireless security enthusiast Joshua Brashars demonstrated the relative ease by which hackers can perform "Search engine black ops" on Google—the hacking of company files which contain personal information of clients and customers.

The IT Security Council, appointed by Provost Paul N. Courant, comprises deans, faculty, administrators and IT systems administrators across all three campuses and the Health System. The council ensures that policies, practices and standards exist that will provide safeguards to secure the IT systems and data collected by the University.

More Stories

• U-M pitches in to help Hurricane Katrina victims
• Variety of plans, Web enrollment available during selection period
• Genotyper could identify new flu in less than two hours
• Day of CHANGE to celebrate diversity
• Gramlich named interim provost, takes post Sept. 1
• Spotlight: Serving students
• University mentoring program helps girls build confidence
• Stearns exotic instruments await their day for display
• Student-led team shines in North American Solar Challenge
• UMHS professor joins biosecurity advisory board
• Computer crime on rise as U-M, others try to keep IT safe
• 'Cool' solution could save the metalworking industry billions
• Research Notes
• Proposed changes to regents' bylaws
• Giving fellow students space
• AATA Link service resumes Aug. 29; combines with U-M Oxford/Trotter Shuttle
• Campus and community benefit from successful MRide program
• Turtle eggs healthy sign at U-M-Dearborn
• Professor nominated for Nobel Prize
• New chief takes over UMHS surgical slot
• Traffic, parking to change during students' return
• Don't Miss
• Photo: Arb acquisition to aid access
• Photo: Stamp act
• Photo: Japan delegation visits alumni, students
• Photo: Best wishes for Provost Courant