by Amanda-Marie Quintino
Ryerson’s Computing and Communications Services has been tightening campus computer security since hackers accessed Matrix e-mail systems this summer.
Some Ryerson faculty, staff and students’ e-mail accounts were hacked in July after their passwords were obtained. CCS sent out a mass e-mail to inform students of the hacking attempts and spam problems, warning them to be cautious and responsible when activating or using their accounts on campus.
CCS has since been working to make the servers less vulnerable to intrusions.
“The risk is always there,” said Brian Lesser, assistant director of teaching and technology support for CCS.
“But we’re really hardening Ryerson by taking precautionary measures like putting up firewalls inside the university to segment the computer servers better.”
In August, hackers managed to break into certain Ryerson servers by either randomly guessing passwords or strategic decoding. The affected faculties include civil engineering, geographic analysis, image arts, interior design, journalism, landscape architecture and radio and television arts.
Lesser said the hackers were using the Ryerson network as a site for extended bandwidth and distribution of files and software.
He said although there is no proof hackers were specifically trying to access the students’ personal information, CCS staff are aware that identity theft is possible if accounts aren’t protected.
CCS has established a security group to fight e-mail viruses, put up firewalls and collaborated with Ryerson account holders to keep their systems operating cleanly.
Now, when activating or re-activating a Matrix e-mail or user account, faculty, staff and students must create a password that consists of at least six characters with at least one upper case letter, one lower case letter and one number.
CCS assesses the strength or weakness of the password and suggests ways to make your personal code more difficult to crack.
Mike MacDonald, information technology co-ordinator for the Faculty of Arts, said he has seen considerable improvements with the servers recently. But he thinks CCS still needs to take more responsibility for the vulnerability of the servers.
“The systems have been hardened to a degree,” he said. “But CCS didn’t always acknowledge some of the problems in their own systems.
“Fortunately, we don’t maintain any information about the students other than their e-mail addresses. Since CCS shrouded everything in a veil of secrecy and didn’t share very much information with us, as technicians, we didn’t really have any access to who was actually affected by this,” he said.
Lesser said CCS’ goal is to be able to detect when computers are at risk in every department. He stressed that no personal records were accessed or stolen as a result of the system problems in August.
A source from the civil engineering department’s network staff said reversing the damage caused by this summer’s troubles was not an easy job, but CCS did everthing they could.
“There was a couple of issues that came up…and a few questions that they couldn’t answer, but I did have a little bit of expertise from CCS,” said the unnamed source.
The department had to wipe data off existing computers to ensure hackers had left no files which could let them gain access later on.
“Because of how the hack happened, it left us vulnerable to have it happen again…Once I realized what (the hackers) had done, I began rebuilding the domain immediately. The computers and servers had to be re-formatted and the user list had to be re-created,” the source said. “We’re better off now than we were before, that’s for sure.”
But Hirsch Goodman, a third-year aerospace engineering student, is still concerned about hackers getting information in the future.
“I think it’s definitely an issue for those who aren’t all that educated about computers,” he said. “I like that CCS is doing more to inform people about things that can go wrong.”
Lesser said his team is doing the best it can.
“There really is only so much we can do. (Ryerson users) just need to know that they have to be really cautious about, what links they follow and when they get there, what information they provide and not to just naively go and provide personal information.”