University Book Store guarded from hackers
June 8, 2005
Although the network at the University of Iowa’s book store was hacked into last month, officials expressed doubt a similar incident could happen at Iowa State.
“I am confident in the university’s network and the IT staff’s commitment to protecting private information for the entire campus,” said Lynette Seymour, general manger of the Iowa State University Book Store.
Computers at the University of Iowa’s book store, which may have contained up to 30,000 credit card numbers, were accessed improperly from outside the university’s network in May.
She said the Iowa State University Book Store has never been hacked into and is protected by the ISU network system and is regularly overseen by Academic Information Technology security staff to ensure security and confidentiality of any information on customers.
Customer information and information on how the book store prevents unauthorized access are kept secret in order to prevent providing clues to hackers.
David Grady, assistant vice president and director of university life centers at the University of Iowa, said the university has been working with two private computer security firms to investigate the matter and prevent future incidents.
“Analysis indicates this particular system was not specifically targeted, rather this breach was the result of a random Internet attack designed to place unauthorized programs on the system,” Grady said.
Open network environments, also employed at Iowa State, are vulnerable to brute force attacks — computer programs designed to randomly detect possible computer password combinations.
“It’s like a burglar checking doorknobs to see if a home has been left unlocked,” said Steve Parrott, director of university relations for the University of Iowa.
He said the University of Iowa is under as many as 100,000 similar attacks each day.
“We are investigating methods to improve or implement additional controls on the system and network to limit its access to the Internet,” Grady said.
Iowa State has more than 25,000 students, and every student’s computer could be improperly accessed, whether accidentally or as a specific target.
Michael Bowman, assistant director of academic information technologies, said poor passwords on computer accounts and un-patched operating or application programs are what hackers try to exploit.
“Any machine connected to the network could become a hacking target,” he said. “That is why the owners of networked machines need to take appropriate steps to keep their systems secure.”
Iowa State offers students and faculty various resources, such as training and software, to prevent unauthorized intrusions on the network.
Bowman said security on individual machines should be up-to-date and it is central to the prevention of any inappropriate computer breaches.
“Networks are probed regularly for vulnerable machines,” he said. “Information technology is a continuing process.”