Lakeland hacking attempt fails
New password policy goes into effect to protect servers
Lori Sass & Emily Wachel
Issue date: 12/6/07 Section: News
- Page 1 of 1
Lakeland faculty, staff, and students were required to create a new computer password with no less than eight characters, using at least three of four character types beginning the evening of Thursday, Nov. 15.
"On November 15, we noticed some unusual activity in our network. The suspicious activity came from a network domain in Asia and had many other characteristics of a 'brute force' hacking attempt," said Larry Marcus, information technology network administrator.
A 'brute force' attack is when someone tries repeatedly to access an account with a general log in and keeps changing the password.
"We could see where it was coming from but not who it was coming from," said Information Technology Network Administrator Travis Richards. No further attempts have been made to find out who the hacker was.
"Because they didn't get in, we didn't want to pursue it," said Richards. Had an investigation gotten under way, law enforcement would have needed to get involved.
According to Richards, faculty and staff are on a separate server than students. The hacker was attempting to get into the faculty and staff server.
More directly, the hacker was trying to access Lakeland's Citrix program. This program allows off-campus access to Lakeland e-mail, Jenzabar, and other programs. Jenzabar is the program that records all student information, including Social Security numbers.
The hackers never got into Lakeland's network. Had they been successful it would have "given them the ability to do malicious things on our network," Richards said.
IT wanted to only enforce the password change to the faculty and staff server. However, due to the way the servers are set up it was necessary to make the change for everyone.
According to Marcus, the IT department has been working on a proposed change to the Password Policy since last semester. Therefore, this was a perfect time to put that into action as well as protect our computers.
"To ensure that we continue to be protected from attacks in the future, requiring that passwords be both difficult and not recycled will be the policy from now on," said Marcus.
Richards said, "Implementing this policy brings us [Lakeland] up to industry standards."
Marcus concluded, "We are certainly sorry for the confusion that the change was on short notice to the escalated policy caused, but the alternative would not have been in the college's best interest."
Richards said, "We are looking into a product to allow people to unlock their accounts. This incident has prompted us to look into solutions like that." This product would make it possible for faculty, staff, and students to change passwords and unlock accounts if a password is forgotten. Currently, if someone forgets their password, IT must be contacted for assistance.
"On November 15, we noticed some unusual activity in our network. The suspicious activity came from a network domain in Asia and had many other characteristics of a 'brute force' hacking attempt," said Larry Marcus, information technology network administrator.
A 'brute force' attack is when someone tries repeatedly to access an account with a general log in and keeps changing the password.
"We could see where it was coming from but not who it was coming from," said Information Technology Network Administrator Travis Richards. No further attempts have been made to find out who the hacker was.
"Because they didn't get in, we didn't want to pursue it," said Richards. Had an investigation gotten under way, law enforcement would have needed to get involved.
According to Richards, faculty and staff are on a separate server than students. The hacker was attempting to get into the faculty and staff server.
More directly, the hacker was trying to access Lakeland's Citrix program. This program allows off-campus access to Lakeland e-mail, Jenzabar, and other programs. Jenzabar is the program that records all student information, including Social Security numbers.
The hackers never got into Lakeland's network. Had they been successful it would have "given them the ability to do malicious things on our network," Richards said.
IT wanted to only enforce the password change to the faculty and staff server. However, due to the way the servers are set up it was necessary to make the change for everyone.
According to Marcus, the IT department has been working on a proposed change to the Password Policy since last semester. Therefore, this was a perfect time to put that into action as well as protect our computers.
"To ensure that we continue to be protected from attacks in the future, requiring that passwords be both difficult and not recycled will be the policy from now on," said Marcus.
Richards said, "Implementing this policy brings us [Lakeland] up to industry standards."
Marcus concluded, "We are certainly sorry for the confusion that the change was on short notice to the escalated policy caused, but the alternative would not have been in the college's best interest."
Richards said, "We are looking into a product to allow people to unlock their accounts. This incident has prompted us to look into solutions like that." This product would make it possible for faculty, staff, and students to change passwords and unlock accounts if a password is forgotten. Currently, if someone forgets their password, IT must be contacted for assistance.
Be the first to comment on this story