Information on Security Compromise in Computer Labs
Document Date: February 15, 2006
What Happened?
In late January 2006, keylogger software was discovered on the
computers in the Chemistry Lab in Temple 3307. This software
records all keystrokes entered by the user into a log file, which
includes user IDs, passwords, PINs and other potentially confidential
information. The technical staff investigated the problem
and determined that this program was installed by an unknown person who
had access to the lab computers. The program was installed on
these computers in November 2005.
In February 2006, it was discovered that the same keylogger software
was also on all the computers in the Biology Lab in 125 of the Trani
Life Sciences Building. Again, the program was installed by an
unknown person who had access to this lab.
University IT staff have examined the computers in all other computer
labs on all the campuses and have determined that they are free of this
software and are secure to use. Several steps have been
taken to improve the security of all computer labs and public computers
on all the campuses in order to prevent security problems from
occurring again.
Who is Affected?
The computer users affected are anybody who used the computers in the
Chemistry Computer Lab in
Temple 3307 from November 23, 2005 through January 26, 2006 or in the
Biology Computer Lab in 125 of the Trani Life Sciences
Building from January 17, 2006 through February 2, 2006 and accessed
accounts requiring logon credentials such as your University accounts
or your personal bank or credit card account accounts.
If you used the lab computers during the periods specified above to access any of your University accounts or personal accounts in which you entered a user login credentials, you should do the following:
- If you used a University account in which you entered
your eID and password (VCU MailAnywhere, Blackboard, VCUCard, etc.),
you should change your eID password as soon as possible. You can
change your eID password here: http://eidmanager.vcu.edu/
If you used your VCU eServices account, you should change your PIN as soon as possible. You can change your PIN in the "Personal Info" Option here: https://iserver.adm.vcu.edu/AIS/STU/S_ESERV_HOME.html
If you entered your SSN to access your eServices account, it is recommended that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You may call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. All three credit reports will be sent to you, free of charge, for your review. You should review your credit reports periodically. If you find suspicious activity on your credit reports or have reason to believe your information is being misused, please contact the VCU Police at 804/828-1196 to file a report:
- Equifax - 800/525-6285
- Experian - 888/397-3742
- TransUnionCorp - 800/680-7289
- Please report any suspected activity in your University accounts (e.g., VCU MailAnywhere, eServices, Blackboard, VCUCard) to the VCU Information Security Officer at iso@vcu.edu.
If you really want to be safe, avoid typing your credit card number or any other financial or otherwise sensitive information into a public computer. Here are some additional tips:
Five Safety Tips for Using a Public Computer.
Tips for Working Securely from Wireless Hotspots
How to Use Wireless Hotspots
FAQs
Here are some "Frequently Asked Questions" that hopefully will answer your most of your questions. If you have any additional questions, please contact the VCU Information Security Officer at iso@vcu.edu.
Q. After this incident, I'm concerned about computer security at VCU. Is it safe to use lab and public computers on campus and what are we doing to make our computers and servers safe from compromise?
A. Several steps have been taken to ensure that these public machines are secure and safe to use. A security standard for computer labs has been published, and all campus computer labs are required to abide by the standard which will help to ensure that the computers are secure to use. The public computers such as the computer kiosks are secure to use; however, it's important to take precautions when using any public or lab computer. See the above section on How to Protect Yourself When Using Public Computers. Many steps have been taken and continue to be taken to safeguard the servers and workstations on the VCU Network including updated anti-virus software that catches keylogger malware, a more secure network architecture that will provide levels of security for all the machines, etc.
Q. What actions did VCU take to find out who compromised the lab computers?
A. The University Computer Security Incident Response Team was notified when the compromise was discovered. Technical staff then closed the labs involved and examined the computers and logs. VCU Police was informed and they conferred with the Richmond Police. The investigation is continuing to find the person who installed the malicious software in the labs. Under the new security standard for computer labs, users will have to authenticate in order to use the computers, which will ensure that the lab manager is able to identify anyone who attempts to install malware.
Q. If the security compromise was discovered in late January, why did you wait until February to notify the computer lab users?
A. We first needed to determine the nature of the compromise and its extent. Checking all the other computer labs took time, and we wanted to be sure we found all the computers that were affected. When we were certain that only the two labs were involved, it was decided to notify the entire VCU community since it was possible that computer users other than Chemistry and Biology students had used these labs.
Q. Who on campus should I notify if I think my identity has been stolen?
A. If you have evidence of identity theft, please contact the VCU Police at 827-0528 to file a police report. Also, see the above section on placing a fraud alert that is under "If Affected, What Should You Do?" Also see the section below on Identity Theft.
Q. Was my credit card or banking information exposed in these labs?
A. If you used these lab computers to make purchases with your credit card or do online banking, it is possible that your information has been exposed. You can check with your credit card or banking organization about steps you should take. Additional information is available on the Federal Trade Commission website.
Q. How can we be sure that this type of problem won't recur?
A. We have taken several steps to improve the security of computer labs including a method to prevent the installation of malicious software. The computer lab security standard mandates several security procedures that must be in place in these labs including user authentication, control of software installation, physical security and improved desktop management.
Q. When was the compromise discovered?
A. The first compromised computers were discovered on January 26, 2006. The second computer lab compromise was discovered February 2, 2006.
Q. Will putting a fraud alert on my credit bureau records interfere with the use of my credit card?
A. Your credit card transactions should not be affected by the fraud alert. The fraud alert provides you with notification if somebody tries to change the credit card limit on your account or attempts some other unusual activities.
Q. I am receiving messages from banks regarding security. Should I be opening these messages?
A. These messages are almost always fakes. They often use the name of an established company like Citibank or PayPal and ask you to click on a link to check on a "problem" with your account. This type of scam is called "phishing" and is meant to trick you into providing personal information. Do not ever click on the links in the email message or provide the information requested. If you think the request could be legitimate, call your bank or credit company to check. For more information about "phishing" see How Not to Get Hooked by a Phishing Scam.
Further Information
Identity Theft - Identity theft occurs when your personal information such as your name, Social Security Number, credit card number or other identifying information is used without your permission to commit fraud or other crimes.
