Through an elaborate scheme, someone has sabotaged the Internet security of eight Macintosh computers in a computer lab in the David Rittenhouse Laboratory. The perpetrator installed a phony program, called "Mac Life Insurance," that secretly captured all of the text that was typed during all Telnet and Fetch sessions in room 2N40 of DRL, according to University Information Security Officer David Millar. Millar said its very difficult to say how many students may have been affected by the scam. He also warned that anyone who used their account in is room between June 1 and July 6 should have their password changed immediately. The perpetrator could be reading the students' mail, forging correspondence, altering their files or using their account to get additional privileges, he added. Information Security is currently investigating the scam. If an individual is caught, Millar said that the matter will be referred to the Student Dispute Resolution Center. "I take the matter seriously," Millar said. "I consider it a violation of the Ethical Computing policy to try to steal passwords like this. However, I have not yet heard any reports of this problem in any other campus labs. Dan Updegrove, associate vice provost of Information Systems and Computing, said that there are "serious penalties" for internet security violations. Updegrove, who is also the executive director of Data Communications and Computing Services, said that the phony program is known as a "trojan horse." While it might look and act like a Telnet application, in reality it is a fraud. "If it's done artfully it's darn near impossible to tell," he said. He added that Internet users should be wary of a scam if they observe that the program seems to be behaving differently, especially if it is operating at an unusually slow pace. Millar, Updegrove and Engineering senior and Internet expert Meng Weng Wong all agree that is relatively easy to install "trojan horse" software. "Computers on the Internet are insecure," Wong said. "Start with the assumption that everything you transmit is being intercepted, and that everything you have publicly available is under scrutiny. Then take advantage of the intelligence in the computer before you to encrypt your messages. "Protocols are being being developed that will make security on the internet less of worry," Wong added. "Right now, the Information Superhighway is an open road, but soon we'll have bulletproof cars to drive on it." Millar urged students to regularly change their password and encouraged lab administrators to be cautious of suspicious activity. Updegrove said that when students log into e-mail, they do not always check the message that informs them of the last time their account was opened. But, he said the "last login message" is a useful tool for determining if someone has accessed the account, because it tells the location of the last login.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.