The breach in ASU’s security system on Jan. 18 resulted in increased phishing attempts that can lead to the compromise of ASU accounts and personal computers, officials said.
Phishing is a method used to gain access to personal information through seemingly trustworthy emails.
The University Technology Office recognized the spike in phishing shortly after the security breach, said Gordon Wishon, university and UTO spokesman.
“Most of these are perpetrated by people who wish to spam and use the victim’s account to send emails out of the campus,” he said.
Wishon said the phishing message would appear to be from UTO or ASU, asking the user to click on a link and reset their password.
After the University returned its website to normal operations, an alert was sent to students to beware of possible phishing messages.
In the early morning of Jan. 18, ASU system engineers were conducting a routine security check when they discovered suspicious activity, Wishon said.
Engineers reviewed and then reported the activity to ASU information security, Wishon said.
“The system targeted was what’s known as a ‘windows domain control,’ which happened to contain account IDs and encrypted passwords for everyone in our system,” Wishon said.
By the afternoon of Jan. 18, University officials decided to shut down the system and ask the ASU community to begin changing their passwords.
Wishon said there is no evidence that any personal, sensitive, or financial information was exposed or accessed by the intruder.
The incident is now the subject of an ongoing criminal investigation by local and state authorities, as well as the FBI, Wishon said.
“We felt it was necessary to protect from the possibility that the intruder could decrypt those passwords and use (them) to gain access to an account,” Wishon said.
He also said his department has seen a lot of people ready and willing to take advantage of last week’s security breach through phishing links sent to ASU email accounts.
Clicking on one of these links may lead a user to a “dummy page” that could potentially execute a program that will download malicious software or a virus.
These programs could then retrieve the user’s personal information from his or her machine, Wishon said.
He advised ASU students, staff and faculty to heed caution when receiving an email from the University requesting they again reset their password.
“This is certainly the most severe intrusion that we’ve ever experienced here at ASU in my time and presumably before,” Wishon said.
Wishon said the University Technology Office had received $3 million in funding for the year before the security breach and a portion of that funding has been delegated to an ongoing update of the security system.
Wells Fargo security engineer Jeremy Leung said he commended the ASU IT team for initially spotting the security breach.
“It’s really crucial to have something in place so that people know they were hacked, if you don’t know that then you’re down and out,” Leung said.
IT manager Will Bradley said no matter the level of security, if someone really wants to get in — they can.
Bradley hypothesized the cause for the breach in security could have been as simple as a staff member using a weak password.
“Those are just basic things that happen all of the time,” Bradley said. “It ends up being little things like that.”
Bradley advised everyone in the ASU community to now change all of their passwords on all of their accounts such as their online banking, Facebook and personal email account because most people use the same passwords for everything.
“If (the intruder does) decrypt the password database, then whatever password you had on that account, they know,” Bradley said. “Take this time as your yearly change-all-your-passwords day.”
Reach the reporter at kmmandev@asu.edu
Click here to subscribe to the daily State Press newsletter.
