Embed Size (px)
DESCRIPTION
Feature Story
Citation preview
CMJ 256-07
Eccleton
Feature Story
GVSU Cyber Attack
Grand Valley’s Banner Self-Service System Faces Cyber Attack
“I freaked out,” said Miranda upon finding out her personal information might have been
breached during a cyber security attack on Grand Valley State University’s Banner Self-
Service System.
In a rapidly evolving digital landscape, security breaches are becoming all too common
for user networks and private organizations.
Hackers targeting these networks with thousands upon thousands of users are using robot
driven methods to target weak usernames and personal identification numbers to gain
access to sensitive financial information and social security numbers.
These robots run automated scripts in an attempt to guess the login information needed to
access the personal accounts of users.
Miranda Holmes, a Grand Valley student, was one of those directly affected by the cyber
attack that took aim at the university’s Banner Self-Service System on Oct. 3.
The Vice President of Enrollment Development at Grand Valley, Lynn McNamara Blue,
sent the first email to the students following the attack.
Blue had also served as provost and dean for academic services and information
technology at the university.
In the email sent to Miranda following the attack it stated that some student accounts had
been hacked and that she was required to reset her Banner password and security
information.
The Banner Self-Service System is used by the university to manage both academic and
administrative/financial information.
In the wake of the attack Miranda was notified that Grand Valley was not sure to what
extent her account had been breached, but it was possible that the last four digits of her
social security number, direct deposit information to her bank, and address had been
retrieved by hackers during the attack.
Immediately following this news Miranda called Equifax to put a watch on her social
security number that had potentially been taken, and called her bank to let them know
that information may have been compromised as well.
In a follow up email on Oct. 5, Blue informed the students that the security team had
locked over 21,000 Banner accounts as a result of the cyber attack and an ongoing
investigation was underway teamed with law enforcement to find out exactly what had
occurred.
During the investigation it was found that fraudulent phone calls were being placed to
students and parents stating they owed money to the university and were trying to obtain
personal information over the phone.
Leading up to the fraudulent phone call reports, the FBI released a media advisory from
their Wisconsin headquarters to the public with information on what to do if targeted by a
phone scam.
The advisory was shared with Grand Valley students along with information regarding
the Banner attack to keep students posted on current threats to their security.
The hackers were using U.S. government caller identification to scam college students
into paying thousands of dollars in false money owed on student loans, delinquent taxes,
and overdue parking tickets.
The FBI urged targets of this scam to notify their banking institutions, contact the three
major credit bureaus and request an alert on their files, contact local law enforcement,
and file a complaint through the Internet Crime Complaint Center at www.IC3.gov.
After the investigation Grand Valley sent a notification to the affected students whose
accounts had been breached to inform them that the sections of Banner containing
sensitive information was not accessed during the unauthorized sessions.
In a third email to the student body of Grand Valley sent by Blue, new preventative
measures were being implemented to help safeguard user information on Banner Self-
Services.
The new changes to prevent future robot attacks consisted of an additional question at
login to prove you are not a robot using a ‘captcha’ code, requiring stronger password
credentials, emailing students when their PIN changes, strengthening security questions,
and requiring multiple security questions.
According to captcha.net, “A CAPTCHA is a program that protects websites against bots
by generating and grading tests that humans can pass but current computer programs
cannot.”
By requiring stronger passwords, Grand Valley can help students to guard their Banner
accounts with an additional layer of security.
The United States Computer Emergency Readiness Team published an article on the
official website for the Department of Homeland Security explaining the importance in
having a strong password, how the user can create a safe password, and how to protect
them once they have been chosen.
The Emergency Readiness Team states that using passwords based on personal
information that are easy to remember can be dangerous and make it very easy for
hackers to crack them.
One popular method used by hackers is called a dictionary attack, which attempts to
guess PINs based on words used in the dictionary.
During the password creation process, the more variables used the harder it will be for the
hackers to infiltrate your account.
Methods to creating a strong password involve stringing together a series of words and
using memory techniques or mnemonics to help decode the phrase.
The best passwords include both uppercase and lowercase letters in combination with
numbers and special characters to add additional layers of security to them.
When a strong password has been created the user must keep it safe, and create separate
passwords for all of their accounts in case a hacker is still able to obtain their
information.
Never share your passwords over the telephone or email, as hackers will hide themselves
behind caller identification or false email accounts to trick users into sharing their
usernames and passwords.
Passwords should not be stored or saved in public computers and the user should always
log out of any accounts that could be physically accessed by others.
Dinopass.com, passwordsgenerator.net, and lastpass.com are 3 websites that will generate
random passwords for the user that meet the criteria described by the Emergency
Readiness Team.
An example of a strong password is !RF6GF9tj427.
By following these precautionary procedures users can make it very difficult for hackers
to get their hands on their personal information by guessing their passwords through the
use of robots.
The morning of Nov. 17 the Banner Self-Service network went offline again around 5
a.m. and continued to cut out throughout the morning for unknown reasons.
Another student affected by the breach in security was junior Ted Rider.
The morning after the attack Rider went to the library to study and was denied access to
his account.
He immediately called the information technology help desk regarding his account where
he was guided through the necessary steps to regain access and change his PIN.
Rider said, “I was notified during the ordeal but didn’t think it would happen to me.”
As hackers continue to find ways to break past network security walls it is important for
users to understand there are security measures they can carry out on their own to
minimize risk to themselves and their personal information.
When Miranda was asked about the attempted cyber attack situation as a whole she
responded, “I felt pretty upset about the situation because I always thought GV was
invisible and when my account got hacked, it was kind of a reality check that things
happen and you have to protect your own information and be proactive in fixing
mistakes.”
After changing her password to make it more difficult to compromise and with the
implementation of the new captcha code, Miranda still didn’t feel her information was
100 percent safe.
“I’m kind of worried about this happening again, but I changed my password and made it
more difficult, so it should be better. But it is always a worry once it happens once.”
Miranda concluded.
