Skip to Navigation
University of Pittsburgh
Print This Page Print this pages

May 12, 2005

CSSD tackles identity theft and other cyber threats

Do you have a predictable computer login password such as “Pittsburgh” or “Steelers?” Has your computer been updated with the latest security update? Such issues have become as important as having your credit cards tucked away in a safe place.

Record numbers of hackers and scammers are breaking into the computer systems of universities and colleges nationwide. Identity theft is among the chief concerns arising from these intrusions.

Recently, more than a dozen colleges and universities, including Carnegie Mellon, have reported computer break-ins by hackers, compromising the personal information of faculty, students, alumni and others, according to The Chronicle of Higher Education.

Identity theft is the fastest growing crime in the world with 9.9 million Americans victimized in 2004, according to the Federal Trade Commission. Thieves can acquire Social Security numbers, credit card numbers and other sensitive financial information in a variety of ways including breaking into data banks through the Internet, luring victims to give out personal information through e-mail or phone calls, and “Dumpster diving” for discarded correspondence containing personal information.

According to Jinx Walton, director of the University’s Computing Services and Systems Development (CSSD), Pitt has fought off computer system attacks that have “escalated substantially” over the past two years. For example, Walton said that the number of viruses blocked by the University’s spam and virus filters has increased by more than 250 percent over the past three months.

“Pitt, similar to other universities and companies with a large computer environment, faces numerous computer security threats, including computer hackers from the Internet and viruses and worms attached to e-mails that spread across workstations,” she said.

New threats are posed by spyware (cyber barnacles that attach to a user’s computer to record web visits and other information) and “phishing” (web sites or e-mail that try to entice users to give up personal information.)

To date, hackers and other Internet intrusions, according to Walton, have not tapped into sensitive information at Pitt.

“The risk is present, however, that sensitive information can be compromised if University departments independently managing their individual computer systems fail to follow the University’s security policies and guidelines published on the web site,” she said. “Individual computer users also are at risk if they divulge their own personal information on Internet web sites or through e-mail without taking appropriate precautions.” (See sidebar for tips on protecting your computer.)

Unlike private businesses that can be restrictive with information, institutions of higher education are attractive targets for hackers because of the ease of access to campus computer systems, which allows the exchange of information freely among faculty, staff and colleagues around the world, according to Walton.

CSSD has implemented a number of security controls over the last year, a result of a comprehensive security plan that significantly tightens data and network security, according to Walton. Increased security efforts include: virus filters for all University e-mail, software update service for security patches and use of anti-spyware software. Additionally, CSSD implemented departmental and enterprise network firewalls and network security monitoring.

—Mary Ann Thomas

Leave a Reply