Concordia warns about possible breach of computer security
The Concordia University community got a lesson in computer security on Monday after the university had to send out a notice telling students and staff that key logger devices — which can capture keystrokes — were found on some workstations in the Webster and Vanier libraries.
They were only found on express workstations, which can be used for a maximum of 10 minutes, but the university advised anyone who used the library workstations in the last 12 months to take precautions, such as changing passwords associated with Concordia and especially for online banking.
The key logger devices can capture personal data such as login information and passwords by tracking the keystrokes used at a workstation.
Chris Mota, director of media relations, said the university didn’t know that the key logger devices had caused any harm, and they hope it hasn’t, but that it was necessary to take proactive measures against an “insidious” problem.
“This is not a Concordia problem, this is about any public access computer,” said Mota. “Anyone can capture data by snapping one of these things on and most of us wouldn’t know the difference. They look like they belong there.”
Although the university said the integrity of its 272 laptops and 432 library workstations and the security of its IT system remains intact, administrators filed a report with
Anyone can capture data by snapping one of these things on and most of us wouldn’t know the difference.
Montreal police and there was a thorough investigation of all public desktop computer workstations at both campuses.
The university is now conducting regular visual inspections and implementing other security measures, including educating the community about the issue.
That’s part of the problem, said Mota — most people aren’t aware these devices exist and they don’t look suspicious. She said the whole community is now being educated about how to detect keyloggers. (They often look like an innocuous connector between the keyboard cable and the USB port, and they can be installed on any type of computer.)
If any accounts have been compromised, students and staff have been told to notify the police, as well as the university’s security department.