[BreachExchange] Potential hacking devices found on Carleton University computers

Inga Goddijn inga at riskbasedsecurity.com
Wed Mar 29 18:44:31 EDT 2017


https://www.thestar.com/news/canada/2017/03/28/potential-hacking-devices-found-on-carleton-university-computers.html

Carleton University is urging caution among staff and students after
discovering potential hacking tools on a handful of classroom computers.

The university says it discovered USB key-logging devices on six classroom
computers across three university buildings.

Carleton says staff discovered the devices last week during what it called
a routine classroom inspection, but did not indicate how long they had been
in place.

Keystroke-loggers capture information typed into a computer and can record
usernames and passwords people use to log into various websites and
programs.

The university says it will inspect classroom computers every morning and
throughout the day, adding it’s taking additional steps to strengthen
classroom security.

Carleton says it’s not aware of anyone having their personal information
breached because of the devices, but urges people to change passwords all
the same.

“These computers are used solely for instructional purposes in classrooms
and do not store any university, personal or confidential information,”
Carleton said in an internal note to staff. “We have no evidence that any
information was retrieved from these devices or that any university data
were compromised.”

Carleton also urged people who may have used classroom computers to log on
to external sites such as Google or Dropbox to change the passwords they
use for those services as well.

The university said the key-logging device could have posed a serious risk
to users not only because of the information they captured, but because of
the inherent difficulty in discovering them.

Antivirus or anti-malware programs cannot detect them, as they are pieces
of hardware rather than malicious software. Carleton said someone would
have had to physically retrieve the devices to make use of the contents
they collected.

This is not the first time this school year that Carleton has dealt with a
security breach.

The university was the victim of a ransomeware attack in November when an
unknown hacker locked down the bulk of the network requesting a bitcoin
payment to have it released.

The university said it was eventually able to unlock the network without
making any payments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170329/0fce4e02/attachment.html>


More information about the BreachExchange mailing list