Navigate Left
  • Photo taken by Molly Myers on Sept. 3, 2023 downtown across from where the Farmers Market is held.

    Features

    Abandoned shoes in Chico: photo series

  • Left side of table, Jenna McMahon, Nathan Chiochios and Jessica Miller sit with, on the right side front to back, Callum Standish, Molly Myers, Nadia Hill, and Grace Stark at Estom Jamani Dining Commons. Photo taken April 29 by a kind employee at the dining hall.

    Food

    The Orion tries the dining hall

  • Both faculty members’ and students’ mental health are suffering due to a lack of support at Chico State and across the California State University System. Photo by Vie Studio on Pexels.

    Features

    Faculty, students’ mental health continue to suffer

  • Thanks to horror films, some names have been ruined ... or made cool. Photo by Jeswin Thomas from Pexels.

    Arts & Entertainment

    Names horror films have ruined … or made cool

  • Sydney Sweeney in Immaculate. Photo courtesy of NEON.

    Arts & Entertainment

    He said, she said: ‘Immaculate’

Navigate Right
Breaking News
Chico State's independent student newspaper

The Orion
Chico State's independent student newspaper

The Orion
Chico State's independent student newspaper

The Orion

Gone phishing

Mozes Zarate // November 19, 2013

A series of foreign cyber-attacks that compromised the email accounts of seven university staffers resulted in a disruption of campus communication during the latter half of October.

The attack was discovered on Oct. 17, said Mark Hendricks, Chico State’s information security officer.

Shortly after, the university began an investigation which revealed that hackers tried to break into the accounts of 46 Chico State employees.

The attacks, which were traced back to two separate sources in Britain and the Netherlands, used phishing techniques to dupe staffers into revealing their account credentials.Screen shot 2013-11-19 at 9.20.33 PM

Phishing is the act of attempting to gain someone’s personal information, such as a username and password, by sending emails that disguise the sender’s true identity.

“I do know that some of the messages were phishing attacks,” Hendricks said, adding that information gleaned from the investigation indicated that spam emails and possibly malware were also used.

The seven accounts that were compromised were subsequently taken over by the attacker, who used them to generate thousands of spam and phishing emails that were sent to recipients on and off-campus.

This resulted in university accounts being placed on a ‘blacklist,’ causing university emails to be blocked by spam watchdog services such as The Spamhaus Project, said Brooke Banks, Chico State’s director of user sup-port services.

“The use of spam blacklists and spam firewalls are one of the only ways that we can identify spam and phishing emails,” Hendricks said. “Email account compromises are very common, and so spam blacklists monitor huge volumes of data to determine where those sources are and start blocking those,” he said.

The blacklisting halted communication between the university and several outside entities, including Dell and the California State University Chancellor’s office, Banks said. Depending on the service, getting removed from a blacklist can take between two days to two weeks.

Staffers were notified to change their login credentials after the attacks, Hendricks said.

Since then, Hendricks has met with department chairs and college deans to discuss the challenges posed by Internet security.

Recent wireless connection issues were caused by failed hardware and have nothing to do with the attacks, Banks said.

The reimplementation of a security awareness program is in the works, Hendricks said. A set of desktop security standards will also be enforced for all workstations on campus.

While this is not the first instance of university accounts being compromised, the coordination of the attacks was unprecedented, Banks said.

“Spam and phishing attacks happen every day,” Banks said. “The difference here was that someone was targeting our accounts.”

The university typically fights off several small-scale cyber attacks a week, and sometimes deals with larger “rashes” of attacks like this one, Hendricks said.

Historically, university systems and networks are a lot more open than other places because so many different people use many different computers, Banks said.

“We have a proliferation of different types of devices, including all makes and models of Macintoshes and PC’s, and we have 2,000 staff and faculty, many of whom their job is to go out and be creative and try different things,” she said.

Some spammers are paid by the volume of spam they disburse, and phishers sell personal user information on a black market, Hendricks said.

“There is no international conspiracy: People have too much time and or are trying to make money by getting credentials or sending spam,” Hendricks said.

Banks and Hendricks provided several user tips to protect accounts from spam and phishing.

Never use the same password in multiple accounts, Banks said.

“The password that I use for online banking is completely different from my CSU Chico account,” Banks said.

Users are advised not share passwords with others, Hendricks said. He described a situation at another university where a jilted girlfriend went on a rampage with her ex’s credentials.

“I’ve seen where an unhappy ex-girlfriend goes into a student’s account and starts dropping financial aid and un-enrolling in classes that they’ve been waitlisted on,” Hendricks said.

Complex passwords prevent hackers from accessing user accounts with sensitive information, such as Chico State’s student portal account, Hendricks said.

“You think that you’re saving yourself time by making a simple password,” Hendricks said. “But, if you don’t have some kind of complexity in there, it takes really no time to hack the password and access that account.”

If you’re suspicious about an email, don’t open it, Hendricks said.

“If you do happen to open it, the second thing to do is delete it and don’t click the link,” Hendricks said.

If you do click the link, run your anti-virus software and make sure it’s up-to-date, Hendricks said.

If you think your account may have been compromised, immediately change your password, he said.

 

Enrique Raymundo contributed to this article.

Mozes Zarate can be reached at [email protected] or @mzarate139 on Twitter.

Infographic by Rob Harris.

Video by Jeff Barron.

Print this Story
Leave a Comment
More to Discover
More in News
Photo taken by Molly Myers on Sept. 3, 2023 downtown across from where the Farmers Market is held.
Abandoned shoes in Chico: photo series
President Perez shaking the hand of Taylor Bisby as she receives her Masters degree. Taken by Jessica Miller on May 15
Chico State celebrates Graduate Studies Commencement
Chico State, David Stachura. Photo credit Chico State
A final wrap up of Stachura
Timothy Kizirian, shown above, was investigated by the university in 2019 and sentenced to pay a criminal restitution and two-year probation in 2023. Courtesy: Butte County District Attorney’s Office
Former Department of Accounting professor still on probation
Financial aid office located in the Student Services Center, Room 250. Photo Credit: Shane Aweeka
FAFSA submission shrouded with unprecedented levels of difficulty
Participants take part in Dabke, a traditional Levantine dance. Taken by Toby Neal on May 6.
Students and community members rally for ceasefire on precipice of graduation

The Orion

Chico State's independent student newspaper
The Orion
Chico State University
Plumas Hall 001
[email protected]
530-898-4386
The Orion • © 2024 The Orion 2023 • FLEX Pro WordPress Theme by SNOLog in

Comments (0)

All The Orion Picks Reader Picks Sort: Newest

Your email address will not be published. Required fields are marked *