Computers and servers of the City College of San Francisco have been discovered to be infected with a myriad of computer viruses and information-stealing malware, and some of the infections can be traced as far back as the last century, reports the SFGate.
The widely spread compromise of college computers was unearthed by David Hotchkiss, the college’s chief technology officer who was hired in July 2010.
He first spotted something being wrong with a single lab computer at Cloud Hall on the Phelan Avenue campus, but further investigating the matter he discovered an infestation of viruses that compromised a great number of servers and desktop computers across the college district’s administrative, instructional and wireless networks.
The suspicious behavior that triggered the discovery consisted of viruses starting its data-collecting mission each night around 10 p.m. and sending it out to sites in Russia, China and other countries. In fact, at least 723 IP addresses of those sites can be traced to the infamous Russian Business Network, a cyber organization stealing and dealing with personal and financial information.
It is still unknown which particular data was stolen over the years, but it is thought to be mostly personal information belonging to students, faculty and administrators of the college, and perhaps financial data of those who used college computers for online banking.
So far, it seems that at least the students’ and staff’s medical information has not been compromised, but the college’s payroll, admissions and accounting systems have not yet been analyzed for evidence of infection. Since the existence of the infection was first spotted before Thanksgiving, I wonder what are they waiting for.
But the reason for the lack of promptness might be the same one that created the fertile ground for the infection: lack of adequate funds and general computer security awareness.
Hotchkiss says that when he began his work at the college he found porous computer systems and appalling security practices: passwords that weren’t changed for over 10 years, poor network design, outdated technology, and technophobic staff and college leaders. This last thing might also be part of the reason why some of the detected viruses are believed to have lingered on computers since 1999.
No cases of identify theft have yet been linked to the compromise, but the investigation is still at the beginning, and the FBI is likely to get involved.