News

Garber Announces Advisory Committee for Harvard Law School Dean Search

News

First Harvard Prize Book in Kosovo Established by Harvard Alumni

News

Ryan Murdock ’25 Remembered as Dedicated Advocate and Caring Friend

News

Harvard Faculty Appeal Temporary Suspensions From Widener Library

News

Man Who Managed Clients for High-End Cambridge Brothel Network Pleads Guilty

Computer Hackings Plague Harvard

By Laura L. Krug, Contributing Writer

Victoria J. Martin ’05 had to use her roommate’s computer to read the e-mail message from the Computer Security Coordinator telling her that someone had hacked into her computer.

Harvard’s computer security specialists had already removed her computer from the Harvard network and it would need to be reformatted and all of its programs reinstalled before the computer could be reconnected.

Martin’s experience, while rare, is part of a steady stream of computer invasions and hacking that hits Harvard’s computer system on a weekly basis.

Last week, FAS Computer Services received about a dozen calls from students students who received an e-mail saying their computers had been hacked.

All of their machines needed to receive the same treatment that Martin’s computer required.

Coordinator of Residential Computing Kevin S. Davis ’98, called this number of reported hackings “very typical” for any week.

Hacking, which he said was an extremely serious issue, has plagued Harvard systems steadily for the past several years.

“I have about a dozen systems each week that are compromised,” Davis said. “That dozen number holds pretty steady. It’s something that’s been an ongoing issue.”

Until recently, incidents of hacking were fewer and farther between and had come—for the most part—from outside the University.

But now, attacks are coming from inside Harvard’s computers and are more frequent.

Davis attributed this to a number of factors, including how easy it is to hack into computer systems.

“Script kiddies,” as Davis referred to hackers, “download programs through the Internet and they do the hacking for [the kids].”

They then can use the Harvard machines that they break into as bases of operations for exchanging pirated software, pornography, and other legal and illegal files, he said.

Hacking is also on the rise because students and faculty are lax about computer security, Davis said.

For instance, they often do not set administrative passwords, leaving their computers more vulnerable to malicious attacks.

“If you don’t set a password, anyone with the right software can take control of your computer and install software to let them do whatever they want,” Davis said.

Hackers want to use systems that are not their own so that they can escape detection even if their actions are discovered. This tactic has proved a problem for the University in the past.

“It’s not unusual to get outside reports from institutions like the military saying that a [Harvard] computer has been implicated in an attack on their system,” Davis said.

Student and faculty computers can also be especially vulnerable because they often do not keep their computers up-to-date with patches that fix vulnerabilities in various types of existing software.

Davis pointed out that Microsoft had discovered up to 48 bugs in their software over the past year. Until those bugs are repaired with patches—which the software companies make available to consumers of their products—they represent areas vulnerable to malicious attacks.

Computers can also be hacked into by viruses. The best protection against these, Davis said, is to use antivirus programs such as those distributed to all students in the school’s startup software package.

“Computer viruses are a big area where students get their computers infiltrated,” said Davis.

It was her lack of an administrative password, Martin said, that was probably the vulnerability that allowed her computer to be attacked. She had disabled the password in order to try to network two computers and the attack likely happened during that time.

Those who were suspended from Harvard’s network said they were frustrated with the delay in getting back on the server. As of yesterday, she was still unable to access her e-mail from her home computer.

“It doesn’t make sense that I’m not online right now,” Martin said. “My computer is fixed—completely fixed.”

David B. Rochelson, ’05, expressed a similar sentiment after being unable to check his e-mail from home. His personal computer has been reconnected, after being off the server for a week.

“Every kiosk you see, you pounce on it;” Rochelson said.

Want to keep up with breaking news? Subscribe to our email newsletter.

Tags