Responding to recent incidents of password theft, Dartmouth Computing Services has created and distributed a new version of BlitzMail that will prevent future break-ins.
Computing Services installed the new version of BlitzMail on nearly every public computer on campus over the weekend, said Bill Brawley, director of communications for Computing Services.
Two weeks ago, 16 BlitzMail accounts were hacked and all the mail from the accounts was forwarded to a Kiewit staffer, he said.
He said Computing Services contacted the affected users immediately and accelerated efforts to complete a new version of BlitzMail.
On April 17, Jennifer Parkinson '99 discovered her BlitzMail account had been tampered with. She said someone had installed the password theft program on a computer in Thayer Dining Hall before she logged on.
Computing Services has created a new version of BlitzMail, labeled "BlitzMail 2.0.7," to thwart the potential security risk, Brawley said.
Brawley said the 2.0.7 version of BlitzMail was "pretty much ready to go" when Parkinson reported her case in The Dartmouth on Friday, but her report hastened the process. By Friday afternoon "half, if not all the public computers were installed with the new version," Brawley said.
Jim Matthews, the Computing Services programmer responsible for BlitzMail, said Kiewit began work on the revised version of BlitzMail when the 16 accounts were broken into.
He said while the number of confirmed cases of theft is low, even a few incidents make the problem significant enough to redesign the program.
Computing Services employees first discovered capture programs on several Kiewit machines more than two months ago, Brawley said.
Unknown people have installed a "keystroke capture" program on the public computers across campus, Brawley said. Through this program, hackers can learn BlitzMail passwords and tamper with accounts.
The program captures data as it is typed, then stores that information on the local hard drive, which a hacker can retrieve at a later time.
Brown said BlitzMail 2.0.7 scrambles data during password entry, effectively defeating a software's "attack" on the password.
But Public software programs, including Online Library, Checkprint, and the Dartmouth College Information System will remain vulnerable to password capture, he said
Computing Services hopes to deploy the scrambling technique in these public programs soon, he said.
