MSU computer experts say students shouldn't worry about their school account being hacked into, despite an University of Michigan student recently being charged with hacking into student and faculty member accounts.
U-M graduate student Ning Ma hacked into the accounts to obtain credit card numbers, final exams and send phony e-mails, some with the intent of receiving sexual favors from students.
Ma, 24, was charged Friday with 23 felonies, following an investigation by U-M and the state Attorney General's Office. He is suspected of having as many as 60 victims.
Liz Sweet, director of the User Advocate Office at U-M, said Ma stole passwords, and it didn't involve any direct hacking of the university's server. She said Ma obtained passwords from a number of individuals, but she wouldn't comment on how he did it.
"People have been victimized," she said. "But the passwords weren't obtained through any negligence on their part."
Sweet said she believes the U-M system is very secure, and she said the best way to prevent another such incident is to educate students and faculty members.
"We're training our staff to understand exploits of this type," she said. "It's a truism in the IT security realm that hackers and people like them always come up with new exploits, so we're constantly educating users to be aware of potential threats."
Tom Davis, interim director at MSU's Computer Center, said the idea of someone hacking into MSU's server or student accounts would nearly be impossible.
"We take computer security very seriously, and we do a lot of work to keep our system patched up to prevent vulnerabilities from existing, which is a never-ending job," Davis said.
Davis said there are numerous prevention methods, including using sophisticated encryption techniques, strengthening authentication systems and installing firewalls that block hackers from attempting to access the computer's network ports.
It would be very difficult for someone to obtain student passwords or other account information without some form of trickery, he said.
"It's pretty easy to forge an e-mail and convince people it's official when it's not," Davis said. "But password theft is much more difficult to pull off."
Davis said bogus e-mails have been sent to students in the past from people claiming to be university officials. One such incident involved someone sending out an e-mail to students, saying their password was required in order to prevent their account from expiring.
"A bunch of people believed it was true and they fell into the trap," Davis said. "But as far as breaking into someone's account, I think it would be very difficult, if not impossible."
Davis said he is more concerned about student's personal computers than their MSU accounts.
"I'm afraid that students who aren't consistently updating their computers with the latest patches and virus-detection software will be most at risk to hackers," he said. "The university servers are patched as soon as we learn about any updates, but returning students' computers could be wide open to be hacked."
Davis said he recommends students create a complex, unique password for their account to protect their computers from hackers.
"Make sure the password isn't guessable," Davis said. "The password should be reasonably long, with a combination of upper and lowercase letters and should have numbers in it."
He also encourages students to set up a personal firewall and to make sure they're up-to-date with the latest patches.
"Firewalls and antivirus software are no longer optional, they're a necessity," he said.
Computer science senior Micah Bushouse said he sets up firewalls on his computers, but he is more concerned about people gaining physical access to them.
"When you have a party, or just a bunch of random people at your place, there's always the chance that somebody might mess with your computer," Bushouse said. "My advice would be to make sure you've got passwords on your computer so people can't access your files."
