By Cassady Jeremias
On-line Forty-Niner

Cal State Long Beach strives to maintain security on its more than 4,000 computer terminals on campus. Despite money and efforts spent trying to deter hackers and identity thieves, some say the precautions can never be infallible.
 
In March, when hackers got into the Texas A&M University computer system, they got hold of 55,000 social security numbers of students, former students and employees. Those taking the blame for the breach were quoted as saying it could have been prevented by the use of firewalls and password protection.
 
Steve La, director of network services at CSULB said the university’s computer system has a number of roadblocks, including password protection, encryption and firewalls, but it is still possible for someone to break into the system at any of the public terminals on campus.
 
La works to maintain a user-friendly system while still making it difficult for people to hack into the system.
 
“Nobody wants to use a 100-character-long password even if it deters thieves,” he said.
 
Another continuous dilemma he faces is the issue of the right to information versus protecting the privacy of students.
 
“This is an educational environment,” he said. “We open up the world, but at the same time we have to protect the students. We don’t want to close off any doors. That’s why hackers love the universities, because they are so open.”
 
Even with precautions in place, and more on the way, thanks to a recent audit by the California Bureau of State Audits, some feel that no matter how much protection there is, criminals will always find a way to take advantage of people, sometimes just by simple oversights.
 
“I can go digging in a dumpster in the back of the dorms for an hour and walk away with a ton of stuff,” said Brian Murnahan of the California Office of Privacy Protection. He said the key to identity theft is the social security number, and they are easy to find. Once someone gets hold of one, it can be sold to anyone who wants to take the identity of someone else.
 
“They are sold to people who aren’t allowed to work in a certain industry, like child molesters not allowed to work with kids,” he said.
 
A new identity would allow them to work with kids. Murnahan said another obvious example is an illegal immigrant who wants to work in this country.
 
Even though numbers can be found in places as accessible as dumpsters and garbage cans, Murnahan said that exposing information to the smallest amount of people reduces the likelihood of being victimized.
 
Identity theft is the fastest growing crime in the United States according to the Federal Trade Commission, who reported an 88 percent increase in complaints over one year.
 
La said as it is now, with the more than 4,000 terminals on campus, there are usually one to two cases per day that have some abnormal activity. He said most of it is unfair use of bandwidth from downloading things off Kazaa, a newer form of Napster.
 
One way hackers can breach security is through a program called the “dictionary attack,” where a hacker submits a program that uses every word in the dictionary to try to find a password match.
 
La said a simple fix for this is to make it more difficult by adding numerals to the password. Another way is what he called taking a snapshot of a computer screen, or recording its movements by capturing keystrokes. If a hacker were to walk into the University Library and sit down, install this program and leave, the next person to sit down would be submitting everything he or she saw on the computer screen to the hacker.
 
La said precautions are in place to prevent that from happening by the people who manage the labs and limit the user access and allow students installations to be good only for the duration that they are at the computer. But, he said, if a hacker does get in, it can be difficult to trace it back to him.
 
“The system can track all the way back to the point of entry, but how can you tell who is behind the computer?” he said. “The burden of proof is on the person who has to prove it.”
 
Last December, Sen. Debra Bowen, D- Redondo Beach, introduced legislation that would prohibit state and local agencies, including Cal State Long Beach, from publishing or posting on display, an individual’s social security number.
 
The bill prevents these agencies from embedding or recording a social security number on a card or document including using a bar code.
 
Bowen has also been a proponent of freedom of information legislation that opens records to the public. She said there needs to be a balance between providing public access to information and the need to allow people to protect their privacy.
 
According to Melanie Butcher, spokeswoman for Senator Bowen, reducing the exposure of the numbers would lessen the chances of them being taken advantage of.
 
“What it’s about is stopping colleges from forcing students to wave their social security numbers around every time they use their student ID card,” Butcher said. “Schools don’t use the social security number as a student ID number because they have to, they do it because it is convenient for them. Unfortunately, every student on campus pays for that ‘convenience’ in that the school is making it easier for them to become an identity theft victim.”
 
Until recently, students have used social security numbers as an identifier at CSULB on financial aid applications, to vote in Associated Students elections, on SAT tests, report cards, transcripts and other data.
 
After the recent audit by the California Bureau of State Audits that found security of the Common Management System “troubling,” Chancellor Charles Reed proposed to address the shortcomings and tighten up the number of people who have access to student and employee information. One change will require those with access to go through a review and certification by the campus president or vice president. More changes are in progress.
 
Identity theft became a felony a few years ago, but it has had very little effect on deterring people from committing the crime. According to Butcher, identity thieves often go unnoticed and the vast majority of identity theft crimes go unsolved.
 
“A thief doesn’t need a gun or a getaway car. All they really need is a computer with internet access so they can take hundreds of people to the cleaners, all without having to leave their living room,” she said.

Calendar

Display Ads