Since June 1, the Secret Service and ASU police have seized approximately 20 computer hard drives from various computing sites and departments on campus, ASU police said this week.
ASU police are cooperating in a Secret Service investigation into whether illegal software was installed on the computers in order to obtain personal information, such as credit card information, emails, passwords and social security numbers.
Access to such information could lead to credit card fraud, identity theft and serious hacking, officials said.
Authorities identified and seized hard drives from computers located in Disability Resources, Business Administration C wing, the MU and the Computing Commons.
"We believe that they (suspects) were here (installing the software.) The word I got from the detective was that it's a possible Russian mafia connection," said Lt. John Sutton, ASU police spokesman.
The case involves "a guy apparently with the Russian mafia and he's gone to a bunch of universities and infiltrated their computer systems...so they can skim money." Phoenix police have documented a number of crimes in the valley tied to the so-called Russian mafia, which specializes in drug transactions, insurance scams and document fraud.
Sutton said campus police are working with the Secret Service out of Miami, which apparently has been investigating the case for months. He said he understands that four or five universities are involved in Arizona, Florida, Texas and California.
"I'm not aware that anyone's been defrauded here yet... (But) we're not ruling out the possibility that victims might trickle in or come in enmasse," he said.
The Secret Service refused to comment Monday. It is not known whether any arrests have been made.
Mike Schaefer, manager for student affairs computing services, refused comment.
But, John Babb, assistant vice provost for ASU Information Technology, confirmed that hard drives were seized on campus.
The Secret Service "went to... computing commons (sites) and took the hard drives - anywhere that was public access," Babb said. "Someone has come on campus and installed a program that monitors keystrokes onto the computers that do not require students to log on."
The two software programs apparently installed on the computers by unidentified persons are a keylogger program and a remote access program.
The keylogger software records each keystroke entered by anyone using the computer. The remote access program allows a workstation or server from off-campus to access that computer and pull down a text file created from the software. This type of software can record anything that is typed into that particular computer, including credit card information, emails, passwords and social security numbers.
Babb said authorities have traced the computers' signals back to Russia.
"I know Russia is involved, because the IP (Internet protocol) address signals back to Russia," Babb said. "But that does not mean the information is not going somewhere else after that."
Sutton said he wasn't aware that any information may have been transmitted to Russia.
Dorothy Haskett, a technology support analyst at the Computing Commons, said two computers were seized from the Business Administration C wing, room 16, on June 1.
"I know for a fact it was two because I saw where they were missing," she said.
Haskett said she believes the software program might have already been erased on each computer, since all computers are supposed to be wiped clean at the end of each semester.
Another computer was seized June 11 from the Disability Resources Center.
"DPS called and said they had to look at one of our computers," said Tedde Scharf, assistant director for Disability Resources. "We let them look at it and they ended up taking the hard drive."
Scharf said that the Dell computer, located in a small private cubicle in the main hall of the building, was for disability resources students only and required a password to access. She added that the computer was "brand new" and was set up as part of a career center.
Babb said Information Technology has already met to discuss possible strategies to prevent future problems.
"Out of all computers at ASU, we're hacked once a day. We're continually being scanned," he said. "We need to implement guests to sign on for those other (public access) sites. It's a difficult call - either we have security or open access to the computers."
Sutton said no administration computers are involved to his knowledge, but investigators are concerned that stolen passwords might allow access to other systems at ASU.
"All these (campus) computers are connected in some way," he said. "You always run a risk putting your personal information out on the Internet."
But Sutton said students who use public-access computers may be even more at risk. He recommended that students who have used common-area computers at ASU change their passwords.
Sutton said ASU has known of the computer hacking problem for several weeks, but no warning was issued to students because this was a Secret Service case, and because going public could have jeopardized the investigation.
Students and faculty who are worried that their personal information may have been compromised may contact detective Terry Lewis at 965-0338.
The Arizona Republic contributed to the story.
Reach the reporters at erin.hawksworth@asu.edu and kristina.davis@asu.edu.
