University Police investigating Esken Hall “hackings”

Students residing in Esken Hall made reports to University Housing that they were receiving strange phone calls and messages and their phones were being “hacked.”

There have been 10 confirmed reports made by students regarding their cell phones being “hacked” as of Feb. 23. Once UH was made aware of the reports, action was taken to figure out if the campus Wi-Fi, Eduroam, was compromised or not.

One report stated that two students had their devices on a surface and began receiving text messages from each other without touching the devices.

“We immediately contacted our information security officer so he could look into the situation to confirm or deny if the campus Wi-Fi was ‘hacked,’” UH Executive Director Connie Huyck said. 

Director and Information Security Officer Ray Quinto confirmed that the campus Wi-Fi, Eduroam, was not compromised and the cellular devices that received these strange calls and messages were on their own data and Wi-Fi. 

“As far as we know, all of these incidents were cellphone based,” Quinto said. “Since Eduroam was not compromised, from a university’s perspective, we were not ‘hacked.’ From an individual’s perspective, they were.”

Quinto believed that the phone numbers could have been obtained through a hacked iCloud account, a compromised phone book or through shared knowledge between other students.

“It is very tricky tracking down these “hackers” because these incidents did not occur on the campus Wi-Fi or campus devices,” Quinto said. “This occurred on personal devices which opens up endless possibilities on how data could’ve been leaked, especially with devices that were off board.”

University Police is currently investigating the reports and claims regarding the students’ compromised devices.

“The next step would be to forensically inspect the devices to see if there are any commonalities between the devices or a virus,” Commander Nicodemus said. “It’s something that unfortunately takes time.”

At this point in the investigation, UPD is currently trying to pinpoint the single commonality between the students.

“We are trying to figure out if these students share a friend and (if) that friend is the one taking these actions or if they were compromised through an app,” Nicodemus said.

UH sent out an email update to the students that made the reports that included some recommendations on how to make their phones more secure:

  • Change the email password to the email that is registered with your Apple iCloud account 
  • Change your iCloud password
  • Change your Chico State account password

Quinto also recommended all students turn on two-step verification on everything, including social media accounts and the Chico State portal to have extra security and prevent situations like this  from occurring in the future.

“One thing students can do right away is change their passwords and carefully manage them,” Quinto said. “Two-step verification is very important because it adds extra layers for someone to enter their accounts.”

As of Feb. 23, no new reports have been made by students regarding new “hackings.” 

Angelina Mendez can be reached at [email protected] or on Twitter @theorion_angie