LAWRENCE, Kan. — A recent cybersecurity breach has a University of Kansas faculty group concerned that the breach could lead to other attacks, not just at the university, but across higher education.
Aerospace engineering professor Ron Barrett-Gonzalez said the hack was carried out by an apparently disgruntled engineering student during the 2016-17 academic year. The details of the hack were shared publicly at a School of Engineering Senate meeting last week, the Lawrence Journal-World reported .
The student in question had allegedly used a keystroke logger to gain faculty members’ login information and passwords and changed his failing grades to As.
“It’s egregious to me that the administration is hiding this. Those things are being sold like hotcakes on the web,” Barrett-Gonzalez said.
Keystroke loggers are sometimes made to look like USB drives, and are often used by cybercriminals to steal personal information from public computers and keyboards.
University officials confirmed that a security breach had taken place but that the attack “was minimal and caught quickly.”
Barrett-Gonzalez said he was told the student had since been disciplined and expelled, but he’s worried about the greater implications of the hack.
“The big concern among the faculty is that our bank accounts may be drained,” he said. “If you steal 15 people’s IDs, all of a sudden 20 bucks turns into 200. This is more dangerous than I think people have let on.”
Suzanne Shontz, an associate professor of electrical engineering and computer science, said faculty was given some advice on guarding against such attacks in the future.
“It doesn’t hurt to check and make sure that you don’t see one of these keystroke loggers inserted before you log in,” Shontz said.
The university’s American Association of University Professors chapter has urged administrators to seek legal punishment for the student responsible.