Just being connected to the internet can allow a computer to be infiltrated by hackers who can then steal personal information stored on the hard drive or slow the computer to a crawl. Students are often unaware of the extent of these dangers, Jeffrey Hawkins, manager of Academic Consulting Services, said.
"I think it's partly because we live in such a cloistered environment," he said, explaining his belief that students do not have an accurate perception of the potential security dangers online.
Internet security threats are a rapidly growing problem, said Stefan Savage, director of the University of California at San Diego's Cooperative Center for Internet Epidemiology and Defenses, in a speech on Tuesday. Savage, who spoke as part of Dartmouth's Institute for Security Technology Studies' ongoing lecture series, said hackers today are able to use a single security exploit to break into thousands of computers. He explained that hackers can create a program to scan 90 percent of the internet in less than 10 minutes, typically finding at least 50,000 computers to target.
At the computer help desk, Hawkins said he sees student computers that have been infiltrated through such security holes. Hackers have taken over these computers to perform illegal activities such as spamming.
"I've seen people whose machines were sending out hundreds of e-mails a second in the background," Hawkins said.
Users may not know that their computers have been compromised, Hawkins explained, because hackers often use pop-up ads disguised as operating system error messages to trick users into letting them access their computers.
Hacking is now a profitable business, Savage said.
Hackers are increasingly selling their services, information and techniques via internet chat networks.
"You have this transformation going on from a reputation economy where you get 'street cred' for defacing Microsoft's homepage to a cash economy," he said. "They don't do that anymore because there's a market for finding vulnerabilities. It's a legit market, too."
Savage said that while his team is currently investigating ways to monitor and then shut down these markets, attempts to combat the problems can be counterproductive.
"The closest analogy to our problem today is the drug war," he said. "You block stuff and then they go underground."
Students may also be at risk from "phishers," Hawkins said. Phishers steal personal information through e-mails that appear to be from reputable companies such as eBay or PayPal and ask the recipient to confirm their credit card number or other personal information.
Students also use poor passwords, Hawkins said, which could lead to others breaking into their BlitzMail accounts or computers.
"I've been doing a lot of Dartmouth Secure setup lately and in the past two days I've seen four people who had set the password for their computer as pressing the enter key," he said.
Students should choose passwords that are not common words, Hawkins said, and should change them frequently. He estimated that few students follow these guidelines.
Hawkins encouraged students who have questions about choosing a good password or other areas of computing security to come to the help desk.
"The best form of protection is knowledge," he said.
