Computers hacked in Student Union bowling alley

Bold, disconcerting black letters jumped off the screen of three computer monitors at the K-State Student Union bowling alley last Friday evening, forming explicit messages for all of the unsuspecting patrons to see. It was clear that this prank was more than a mere joke; the bowling alley had fallen victim to a computer hacker.

Harvard Townsend, chief information security officer, said that the university is in fact in a constant battle with computer hackers, trying to ensure that the campus and its network is secure for all users.

"The Union had a new system installed in the last couple weeks and the vendor did not install it securely," Townsend said. "It was left vulnerable so it was hacked into from overseas. We have since cut off that access."

Tricia Brensing, sophomore in communication sciences and disorders, said she feels she would be really confused as to what was going on if she was bowling and those messages popped up.

"I feel like you go bowling just to have a fun, relaxing time and don't expect something like that to happen," she said. "That's crazy that someone is able to hack into K-State Student Union computers. It blows my mind that they could hack into our systems at K-State, and makes me wonder what else they could have access to."

The messages, which included profane language and homosexual slurs, were displayed briefly on the monitors of the bowling lanes until the Union staff was able to shut it off. Townsend assured that this particular hacked software is solely responsible for operating the lanes and displaying the bowling scores, and involved no credit card or personal identity information.

"The hacker was actually very kind to alert us by throwing these images up on the monitors so it could be shut off right away," he said. "The damage they could do was limited."

Townsend also said, however, that in the six years he has held his position at K-State, not all cases of computer hacking have been so fortunate.

"We are constantly probed from around the world, with hackers looking for our vulnerabilities," Townsend said. "Quite literally constant. Anything from student laptops, student computers in residence halls, computers in work stations, in offices, in labs, even servers."

Although he said that the Internet is a useful tool most of the time, Townsend said it is almost always subject to hackers. He also talked about a new type of hacking.

"Basically anything on the Internet is potentially vulnerable," he said. "At one point or another, we've had every type of computer hacked. We're even starting to see malicious software targeting phones."

Townsend said the amount of compromised computers is not increasing, but each attack has certainly become more sophisticated. The fight for a secure computer is always changing. When K-State improves its defenses, hackers are finding new ways to by pass those defenses and spread infection.

"Your computer can get infected now by just visiting a web page without even having to click on any links," he said. "It's called a drive by download. Malicious code is looking for vulnerabilities in the software running on your computer and if you have that vulnerability, it will then exploit it and take control of your computer."

According to Townsend, one of today's most alarming risks is malicious software having the ability to watch actual key strokes and network traffic on your computer. It can then identify anything related to a bank account or financial information, intercept it and steal it.

"We've seen a number of instances of that kind of malicious software at K-State," he said. "It steals passwords, bank information, all sorts of things. The criminal can then use that information to drain your bank account or run up a huge bill on your credit card, and you don't even know it because it's so effective at hiding itself on your computer."

K-State's toughest battle thus far has been related to ‘phishing scams' or scams that try to steal student eID passwords by sending devious emails that request passwords in order for students to continue use of their K-State account.

Townsend said efforts to combat these types of scams have finally paid off, with a 70 percent reduction rate in the number of compromised eID passwords between 2010 and 2011.

The university has also implemented additional firewalls and hired more security staff in the last year to focus on credit card security. He said when a computer has been compromised, K-State blocks access to that computer. It is entirely rebuilt from scratch and properly secured before it is allowed to return to the network.

In addition, there are several things K-State students should do to be proactive and prevent the headache of dealing with a hacked computer.

"Make sure that the software on your computer is patched with the latest security updates," Townsend said. "Apply the update, don't wait. That's a huge part of it. Also, never open an attachment you get in an email that you weren't expecting from someone, and even then be cautious because that's another way that malicious software is spread. Make sure you've got passwords on all of your computer accounts because we've seen a number of break-ins caused by lack of password or a real simple password."

The consequences of a hacked computer are not small. He said typically, the criminal has complete control over the computer. They could potentially delete everything on your computer or likely it will become part of a Botnet, a network of compromised computers that are used to damage other computers.

As far as the hacked computers in the K-State bowling alley, Townsend said they are transitioning into the investigative stage, trying to pinpoint the hackers and how it initially happened.

"At this point, we assist with trying to identify who did it and making sure the vendor does what they need to do to prevent it from happening again," Townsend said. "The vendor is going to have to rebuild the software and reinstall it, and do it right this time. We're just trying to keep our digital information secure and keep the campus safe in the electronic world."