California State University, Long Beach
Inside CSULB Logo

Are Your Mobile Devices Safe On Campus?

Published: October 15, 2014

There are more than 1 million hacking attempts made against CSULB’s computer systems every year.

That sounds like a whole lot until you find out that just a decade earlier, that number was 73 million annually.

“We deploy the latest network security technology on this campus,” said Steve La, Director of Network, Telecommunications and Security for Information Technology Services (ITS) at CSULB. “Are we 100 percent secure? I can’t say that for sure, but we try to secure as much as we can with the resources we have. I feel pretty good.”

Certainly, the rapid increase in mobile devices—smartphones, laptops, tablets—has created a different set of concerns, especially relevant during National Cyber Security Awareness Month.

In 2005, ITS began installing wireless network access points around campus which at that time serviced nearly 7,000 mobile users in a single day. Last year, that number topped the 35,000 mark and in September peaked at more than 40,000 mobile devices in a single day.

“Through our network security tools, we’ve been protecting students, staff and faculty and lots of mobile devices,” said La, who noted that the campus administration is very supportive of ITS. “We have more than 1,000 access points on our campus and we’re constantly adding more and more. We’re pretty much covered everywhere on campus, but now we are focusing on density. In the past we didn’t have that many mobile devices so most areas were ok, but now all the mobile devices connect whether or not the user is using them at that moment or not, so that creates quite a need.””

One example of campus connectivity La cited is when an individual moves around campus with an iPhone in hand. It disconnects from one access point and locks into another, constantly doing so to keep an unbroken connection.

“It’s seamless,” he said. “In one day, our system authenticates users in and out 1.8 million times. It’s like showing your ID and password every time you switch access points. It’s a similar type of technology like when you’re driving and your cellphone goes from tower to tower.”

And while seamless connectivity and Internet safety are areas La and his staff can proactively work on, there are those who are still trying to invade the system—hackers! Not only do they continue to thrive with the potential reward of a payday, but they are more persistent and sophisticated than ever, making “phishing” one of La’s biggest concerns.

Phishing has increased on campus dramatically and become such a concern that ITS has created the “Phishing 101” webpage and a safe computing web resource.

“Believe it or not, a small portion of the population still responds to phishing,” he said. “Phishing in the past was easy to spot, but it’s getting more complicated, and the hackers are getting more sophisticated and persistent. To send out a million phishing requests instead of just a 100, well, it’s not that much extra work really. So they keep pushing it out until somebody bites and unfortunately people do. It’s a numbers game. Even if they get just a couple of responses, it makes it worth their time.”

La said that if an individual is not sure about an inquiry that comes through their e-mail, rather than click on the link, either go to your web browser then directly to the official website, or just delete it.

“If something doesn’t look quite right,” he said, “then question it. You don’t have to react right away. We have users who get messages from the IRS that say, ‘You have $130 extra that you overpaid.’ A lot of people may think, ‘Who would want to scam for that small amount?” so they respond. But that’s not what they’re aiming at. They’re aiming at your bank account. They want to get in, and sometimes they do.”

Other hackers use scare tactics, sending out notices that indicate if you don’t respond right away you will, for example, be unable to use your e-mail. And who can survive these days without their e-mail?

X
PHOTO BY DAVID J. NELSON
Steve La

“Just get rid of that e-mail right away,” said La. “Just delete them or employees can forward that e-mail to alert@csulb.edu or our support desk to look at.”

Another fairly new and relatively effective scam is commonly known as Ransomware, where hackers try to get money by sending an individual a link that when clicked on immediately encrypts data on someone’s hard drive and locks them out of their own computer.

“It really secures your computer,” said La. “The problem is, you don’t have the key. They have the key and you can’t do anything and now your data is being held hostage. That’s when you get the note instructing you to send money to, for example, a PayPal account and they’ll send you the key/code. I know people who this has actually happened to and it worked.”

According to La, he and his staff help protect thousands of desktop computers and mobile devices across campus using the latest Intrusion Detection/Prevention System.

“It’s almost like a border guard,” he said. “Before you come into a network we have to make sure someone is allowed to get in. The traffic that carries some of the malware coming in we intercept it and reject it so it never reaches the user.”

In 2005, CSULB had a peak of 73 million interceptions in one single year, but fell to less than 10 million within a year, the drop mainly a result of Microsoft releasing a new service pack. Today, that number is down to about 1.6 million.

So clearly, as one would expect, campus Internet security has improved and will continue to do so.

“In the past a lot of activity was just annoying. There was port-scanning where the computer just kept constantly scanning the internet, but that activity has subsided due to the disruption because of security,” said La. “But hackers started targeting users and now they are hitting where the money is. I read a report somewhere that a really good hacker can make six digits, so they can make pretty good money…or go to jail.”

For additional information on safe computing, visit the ITS Safe Computing Web Resource.