A recently discovered botnet of more than 70,000 machines included many government and business computers.
Web security experts say campus IT officials should stop using students’ Social Security numbers as identifications, because about 5,900 known botnets have stolen valuable information from computers in many sectors, including higher education.
Shadowserver, an organization that tracks botnet incidents in governments, education, and the private sector, unveiled the running tally of botnets days before security firm Symantec released a report March 2 showing a 5.5 percent hike in spam eMail last month, spurred mostly by botnets. Spam now accounts for 90 percent of all eMail sent within the U.S., Symantec said.
A single botnet, called Grum, is responsible for 26 percent of worldwide spam, according to the Symantec report. The harmful spam messages were mostly disguised as pharmaceutical eMails.
“The activities of this single spam operation have been driving recent global surges in spam rates and strongly impacting global spam levels in turn,” said Paul Wood, a senior analyst for Symantec. “Based on these latest spam patterns, we can predict additional surges in spam in the coming weeks.”
Botnets are networks of compromised computers controlled by malicious software programs that exploit web browser vulnerabilities and a host of other security holes in a personal computer, such as those found on campus networks. Once a botnet takes control of a computer, it can scan the hard drive and web links for personal information that can be stolen and used by a hacker, who controls the botnet remotely.
Hackers then can sell that information to people who use passwords and secret user names to steal money from bank accounts and use personal and business credit cards.
Peyton Engel, a technical architect for CDW-G, said colleges and universities find it easy to identify students by their Social Security numbers, but as botnets and viruses become more dangerous and difficult to detect, campus IT staff should assign students random numbers generated by an algorithm.
It’s not a solution to stopping botnet attacks, Engel said, but if hackers find student ID numbers that don’t correspond to Social Security numbers, damage can be mitigated.
“They haven’t found how to prevent the incident,” he said. “But they just made it so that it’s not as damaging [if a botnet attacks].”
Engel said botnets have evolved in recent years, making it almost impossible for campus IT officials to target a botnet and eliminate it before it jumps from computer to computer, collecting sensitive information such as passwords, keystrokes, and screen shots that are siphoned out to spammers.
“One trend that we’re seeing is that botnets are getting stealthier,” he said. “You used to know you had a botnet because you could see your machine trying to infect all the other machines. … You could see exactly how it was spreading.”
While botnets have largely avoided IT experts on the lookout for the damaging agents, security firm NetWitness Corp. discovered a botnet of 74,000 infected machines last month that were stealing information from more than 2,400 business and government computers.
The botnet stole about 70,000 credentials, mostly login information for Facebook and personal eMail accounts.
Engel said there are ways to monitor suspicious communication between computers.
Watching for Domain Name Systems—the starting point for most web traffic exchanges—with life spans of only a few seconds will tip off IT officials to infected computers that could be trolling for personal information, he said.
“Look at both sides of computer conversation,” Engel said. “The reply will let you know something is up. … That’s free information that we should really be paying attention to. We should be proactive and recognize that there will never be a day when we have perfect security.”
Campus technology officials say their school’s IT security has improved in recent years, despite the advances in botnets that can ravage groups of campus computers.
The Association for Information Communications Technology Professionals in Higher Education (ACUTA) surveyed higher-education computer officials at the organization’s annual conference in Atlanta last June. The survey found that eight out of 10 IT officials believe their campus infrastructure is safer than it was in 2004, with 6 percent saying they feel less secure.
Still, nearly half of respondents said their campus’s cyber security has been compromised in the last year alone, exposing at least some student information (though 70 percent of these incidents were characterized as minor).
The most common way campus IT officials deal with cyber security is by educating faculty, staff, and students about the many threats that jeopardize the privacy of network users, according to the ACUTA survey.
Fifty-eight percent of respondents said their campuses have computer education workshops or seminars, and Arthur said his campus’s resident assistants conduct lessons on safe approaches to accessing the local network.
Only 18 percent of ACUTA survey respondents said their schools use enhanced logins, which require faculty and students to identify icons or type letters from a graphic before they are given access to the campus network.