Since last weekend, Facebook’s Cambridge Analytica scandal has evoked wariness among social network users internationally, as people rushed to change privacy settings and remove third-party apps from further accessing private information. Vigilance is necessary as the online world becomes increasingly intrusive: Users are responsible for what they share and allow to be accessed online.
But on Friday, a Department of Justice indictment into international cybercrime highlighted the danger and weakness of large internet networks themselves — private information, such as credentials and saved passwords, can be breached simply through the network a user is accessing. The indictment charged nine Iranians with cyber intrusions into the computer systems of 144 U.S. universities and 176 universities across 21 foreign countries, as well as numerous private sector companies and governmental agencies.
Although the DOJ did not provide specifics as to which universities were targeted for academic data, the large number of institutions affected by this hack is alarming. University networks are accessed by thousands of students and faculty members daily, yet they are not comprehensively designed to maximize users’ privacy and secrecy due to the collaborative nature and academic openness of these institutions.
A large institution like USC must work to ensure that its networks are secure and foolproof, and continually provide technological updates to guarantee the safety and privacy of its constituents.
A 2015 Atlantic article stated that universities are still working to find a way to balance their academic research and educational mission without compromising cybersecurity. The piece compared campus networks to hotels and coffee shops, rather than secure corporate networks, since colleges frequently host visitors seeking access to the internet. Therefore, these networks must be easily accessible and not as tightly secured.
USC has three wireless network systems that can be generally accessed by students and faculty: USC Secure Wireless, which requires a MyUSC login, USC Guest Wireless, an unprotected public wifi network; and eduroam, a global wifi network for traveling academia.
USC Secure Wireless appears to be the most protected system, as it requires users to sign into their USC accounts for access. But speaking from personal experience, the crowded secure network can disconnect easily and is often difficult to connect to, depending on one’s location on campus.
If a user has previously connected to both USC’s secure and guest networks, failure connecting to the secure network would result in the user automatically connecting to the unprotected public guest server. It’s important to note that these public networks are not secure against potential cybercrimes; if users are attempting to access private information and accounts on them, potential hackers could monitor user data if it is not encrypted. Also, students’ private information, from social security numbers to bank accounts and credit cards, are within reach on these networks.
Students and faculty are also connected through the USC Gmail portal and within the mailing lists compiled by the University. These virtual databases can be susceptible to companies emailing promotional materials (the Lorenzo has somehow signed me up on its mailing list) or hackers sending out phishing messages, although USC Informational Technology Services has an active spam and phishing email filter.
In the first half of 2017, digital security company Gemalto reported that the number of data breaches in the education sector increased by 103 percent from the second half of 2016. And large, elite institutions like Harvard University, UC Berkeley and the USC Keck and Norris hospitals were not exempt from those data breaches. It’s clear that universities are cyber goldmines for hackers, given the sheer amount of information they hold.
While USC offers personal security and antivirus softwares for faculty and students, duo factor authentication for enhanced account security and other security services, a majority of students do not actively seek these resources out of inconvenience or lack of awareness. Simple steps, such as increased accessibility to security resources and consistent technological updates, can be taken to improve online vigilance within the USC community.
Last month, USC ITS announced it was working to improve its network since users reported connectivity issues. The University should work proactively to ensure that it addresses faculty and students’ network concerns first and foremost, and it should invest in increasing network security and safety to proactively prevent data breaches.
The slight pitfalls observed within USC’s wireless networks, for a school with over 40,000 students and 20,000 faculty, are not to be entirely blamed on the University alone. This is demonstrative of the culture of naivete we have cultivated in our attitudes toward the internet — that it should be viewed as a collaborative and safe space for ideas, rather than a platform we must fear and distrust.
Terry Nguyen is a sophomore majoring in journalism and political science. She is also the features editor of the Daily Trojan. Her column, “Digitally Yours,” runs Tuesdays.