Bob Shields, the special agent in charge of the Milwaukee division of the FBI, said in a comment to the Associated Press last week that he would like to see Wisconsin develop an advanced forensics lab to fight computer crimes.
The same day the University of Wisconsin-Parkside had a cyber-security breach affecting as many as 15,000 students, which Justin Webb, an Information Security Officer at Marquette, said is not uncommon for universities, including Marquette.
“The university is always ‘threatened’ by simply being connected to the Internet,” Webb said in an email. “We have systems in place to mitigate the attempted attacks, and we also harden our infrastructure in various ways to make the attack surface smaller, and harder to get into.”
Shields added in his Associated Press interview that he would like to build on cybercrime work as he did as an agent in Chicago. He created an office that investigates hacking, piracy and online terrorism, and he wants a similar organization in Wisconsin.
Webb equated cyber security to leaving doors and windows open, and specialists do their best to lock up those windows and doors. However, the metaphorical house is always changing.
The FBI was called in to investigate the incident at UW-Parkside March 27 because of the potential exposure of personal data.
UW-Parkside officials first became aware of the situation March 16 when Campus Technology Services staff performing maintenance, found computer hackers installed malware, a computer virus, on one university server.
Reportedly, anyone who was admitted to the school, or has attended UW-Parkside since the fall of 2010, may have had their information compromised.
The malware did not indicate its source or those who gained access to the school’s servers. Investigators found evidence indicating the attacker’s motive was not identity theft, and they found no proof of attempts to download names or Social Security numbers.
Schools can become targets for hackers because they have important information and can be easier to access than businesses.
“As businesses are locking down, hackers go after the next easiest target of opportunity,” said Bruce Boyden, a professor at Marquette’s law school specializing in privacy law in a Feb. 6 Tribune project.
Webb said hackers target anything that can be monetized or embarrass an entity or an individual.
“Credit cards are the jackpot for hackers, followed by financial data and information allowing money transfers and bank fraud, and personally identifiable information capable of being used for identity fraud is also something sought after,” he said.
Webb added that intellectual property can also be a target of hackers. Webb also said that although it is difficult to quantify how many attacks there are on the university, the larger, and better known schools tend to be bigger targets.
Boyden said in February that it is a challenge for educational institutions to maintain cyber security because they are not used to taking the steps to secure confidential information.
“A university is supposed to be an open exchange of ideas, the ideal of the academy,” Boyden said. “So it’s antithetical to their nature to lock down information, but I think that universities are going to become more and more of a target for attacks to get access to their databases of student information. It’s something universities need to be thinking more about.”
As a word of advice, Webb said it is important to start with the basics.
“Update your computer and antivirus, watch where you go on the internet, be careful what you share on social media, be cautious of anything you receive that you weren’t expecting, use complex passwords and don’t use the same password for every site, (and) stay off public wifi,” Webb said.
Webb also said that no matter what, cybercrime will continue to grow “as long as there are vulnerable systems, inadequately protected users and a lack of respect for the scope and impact of the cybercrime problem.”
