Keystroke Logger Program at BYU
Published: May 25, 2005
by: Tad Walch
Deseret Morning News
Computer Users at BYU Spied On; Hacker's Keystroke Logger Program Logged Every Keystroke at Open-Access lab
Provo, Utah - A sophisticated keystroke logger computer program secretly recorded every keystroke Brigham Young University student Brian Skene made as he checked his e-mail last month in a campus computer lab.
The keystroke logger software captured data on Skene and more than 600 fellow students who used four computers in the open-access lab in the Widtsoe building, compromising their passwords and other personal information. The keystroke logger gathered data then it was periodically e-mailed to a Hotmail account, but the hacker apparently has not tried to use the information.
The students were warned by the university after a student lab attendant noticed a strange icon on one screen, more than two weeks after the keystroke logger was installed.
"The person who put the program on there made a slight mistake and left an icon visible on one desktop," said Rex Franson, managing director of operations and customer support in BYU's Office of Information Technology. "We had to do a pretty sophisticated scan to find it on the others, because it was hidden pretty deep."
BYU immediately deleted the passwords of all affected students. Administrators sent an e-mail to the students to have them create new passwords and advise them to be cautious if they had used bank accounts, credit cards or other sensitive information during their online sessions in the Widtsoe lab.
Franson believes the hacker was interested only in mischief, not identity theft. None of the students have reported any identity theft problems to the university. "So far we don't think it's been exploited," BYU Police Lt. Arnie Lemmon said. Investigators continued to search for the culprit on Tuesday. Skene is confident his information is safe, but only because he takes precautions when using campus workstations.
"At school I don't access bank accounts or credit cards for exactly that reason," the senior from Salt Lake City said. "I only check my e-mail and look at school records."
That's a wise policy, Franson said, even though the university has taken measures in an attempt to prevent a repeat.
The open-access labs now change passwords more often because the hacker must have known certain lab passwords to install the program. He or she also had to physically connect to a port on the back of the computers to install the spy software. "Most likely, this was an inside job," Franson said.
But even with tighter security, Franson can't guarantee a keystroke logger won't breach security again in the future. "Unless you're really confident in the security of a workstation," Franson said, "some of the private things you do should be done at home or somewhere else where you are confident of security."
Students can use more than 600 open-access computers in labs spread around campus. There are also 80 computer kiosks, where the computers are more secure because they are encased in locked cabinets.
"A hacker has to somehow get media attached to a computer to install such software," Franson said. Other university precautions include keeping separate databases. The most sensitive data cannot be accessed outside a virtual private network where traffic is encrypted, Franson said.
There are other potential problems, however. Students demand wireless network connections around campus, but those sessions also could be captured by anyone with a wireless system. Of course, with the mass of data that would be collected in that scenario, a hacker would need powerful equipment to extract any truly valuable information from amongst the useless chit-chat and Web surfing.
"Identity theft is a growing issue," Franson said. "It's a real issue, and the sophistication of the perpetrators is growing at the same rate as the sophistication of society in general. The question is, can we keep ahead of them?"Tagged:
keylogger, identity theft