Cyber criminals are looking for holes in your school systems' networks so they can seize control of computers to launch attacks anonymously, experts say--distributing spam, viruses, or "Trojan Horse" assaults while often avoiding prosecution. The problem has grown so pervasive that computer-security experts have taken to referring to botnets as the "army of darkness"--and education institutions are this army's targets of opportunity.

Craig Schiller, the chief information security officer at Portland State University who is widely considered a leading authority on "botnets," or collections of computers under a hacker's control, said school officials' desire to keep computer networks open to all students and faculty leaves an opening for cyber criminals looking for networks without tight security measures.

"The general environment on a university campus is for open access, which usually means not a whole lot of protection," Schiller said, adding that schools and universities with massive hard-drive space are especially vulnerable, because that trait is desirable to botnet hackers.

Botnets are a growing problem for CIOs worldwide--and even federal authorities have gotten involved. Addressing the problem, Schiller said, starts with alerting schools' tech chiefs to the prevalence of botnets, which--in some cases--can shut down an entire computer network.

"The bad guys' side is heavily involved in [botnets], but we find people on the other side who are still not exposed to this [problem]," said Schiller, who gives presentations on the dangers of botnets at technology conferences across the country and penned the book Botnets: The Killer Web Applications in April 2007.

Last November, a University of Pennsylvania junior was charged in an ongoing investigation into the use of botnets on college campuses. The botnet attacks caused a university server to crash after four days of nonstop traffic.

The hacker, Owen Thor Walker, 18, who was part of a botnet scheme that infected more than a million computers across the world, pleaded guilty to the crime in April. His sentencing was delayed late last month. Walker is scheduled to be sentenced July 15, according to the courts.

Botnets have attacked businesses--both mom-and-pop shops and multinational corporations alike--and a bevy of web sites in recent years. In his presentation to tech chiefs, Schiller mentions a group of botnets that attacked a dozen gambling web sites in 2004. The botnets essentially held the sites ransom for $10,000 to $50,000 each.

Several technology department heads at the K-12 level interviewed by eSchool News said they had never heard of botnets and were unaware of their potential to harm campus computers.

"It's a case where you don't know what you don't know," Schiller said.

Bob Moore, executive director of IT services for the Blue Valley Union School District in Kansas, said his school system has not encountered any botnet attacks in recent years, but a student computer was once hacked and used to relay spam--a common maneuver of botnets.