Letter: University lacks protection; officials need training
April 23, 2014
Serious questions about the recent security breach need to be addressed before the topic slides from view. Every news article posted thus far has yet to state what exactly the hackers used to gain access, when the first unauthorized access happened, why the Synology storage devices were holding critical personal information and, most importantly, how long this has been happening. Of course, we will probably never learn the actual answers since the administrators themselves are probably just as clueless as the law enforcement they contacted.
A quick Google search of “Synology vulnerabilities” finds that the devices affected probably didn’t change their default passwords of “12345,” allowed telnet over the network and most likely ran services that did not need to be running. The line “Iowa State has always taken information security very seriously” is a complete joke.
All of these things should’ve thrown red flags for any information technology team. It’s certainly reassuring that the security team is taking precautions after the fact. #SarcasmOff.
The best question of all is what our Social Security numbers have to do with which classes we take. Do we not already have ID numbers to uniquely identify students? How in this day and age is anything but the last four digits of our Social Security numbers exposed to anything but financial aid?
Whoever is in charge of security protocols and standards, if any, needs to be replaced, and the IT administrators desperately need security training.
And just like every security breach in history, the first number of those affected never stands true.