A computer lab at San Francisco City College was recently shut down after it was discovered that one of its computers contained a virus that had been transmitting user data to Russia and China for the past ten years. Authorities aren't quite sure yet what information was stolen, but they suspect it was primarily personal information and credit card numbers from students and staff. The virus logged students' keystrokes, recorded images of the screens and might have spread to other labs and home computers via flash drives.
As Help Net Security reports, the virus was detected by David Hotchkiss, the City College's chief technology officer, over Thanksgiving on a lab computer at Cloud Hall on the Phelan Avenue Campus. Hotchkiss soon "discovered an infestation of viruses that compromised a great number of servers and desktop computers across the college district's administrative, instructional and wireless networks."
It's likely that the virus went unnoticed for so long due to lack of adequate funds and "general computer security awareness." Upon beginning his work at the school, Hotchkiss found "porous computer systems and appalling security practices: passwords that weren't changed for over 10 years, poor network design, outdated technology, and technophobic staff and college leaders." Additionally, the lab is primarily used by international students learning English, and legitimate data was regularly going to foreign sites, masking the presence of the infection.
City College is currently examining all of its systems and servers to make sure its official records haven't been affected. The students' and staff's medical information appears to have not been compromised, but the school's payroll, admissions, and accounting systems have not yet been analyzed. The investigation will reportedly take two to three weeks to complete.
City College has called the FBI, and they've hired private security consultants to investigate the matter. The school is currently evaluating setting up two computer firewalls and upgrading antivirus software, and they've begun changing those pesky passwords that haven’t been reset in years.
