It came to the attention of IT services in the early morning of October 3rd that a virus had been sent to students and staff, after a bot infected staff accounts and an email was sent to thousands of students under the account names of staff members. WesternEye spoke with Ben Argo, IT technician in the Students’ Union, to find out more.

 On October 3rd UWESU staff e-mail addresses were hacked and a virus was subsequently sent to thousands of student accounts. // Credit: ShutterPresser 2014
On October 3rd UWESU staff e-mail addresses were hacked and a virus was subsequently sent to thousands of student accounts. // Credit: ShutterPresser 2014

At least five members of SU staff were affected  and after this the virus started to spread to other members of staff and then to students.  The seeming ease at which this happened is unsettling. Students with sensitive information, such as loan and bank details, stored in their e-mail accounts are particularly vulnerable to this type of attempted infiltration.

In an age when a Russian cyber-group has 1.2 billion logins stolen from over 500 million e-mail addresses, along with celebrity’s private photos being stolen from the mysterious ‘cloud’ and splashed across popular sites such as Reddit, one questions whether our private information is ever really safe?

The virus was a ‘password stealer’ which, once opened, installed itself into an executable location, meaning that any usernames and passwords typed in while using your browser being infected would be stored. This doesn’t have much significance to a Youtube account primarily used for writing angry rants in the comments section, for instance. However, for e-mail accounts and myUWE, the sensitive and important information that could be stolen or lost to an anonymous hacker is potentially devastating to students.

For those worried they may be infected: the virus could only affect those who opened the ZIP attachment e-mail, which was entitled ‘your document’. It is not yet known the effect that the virus has had on students or staff, as IT services were unable to comment. The response immediately after IT services, including Ben, were alerted to the virus was to release a security patch to all PCs connected to the university network, as well as all Microsoft personal computers. Apple Macs and other operating systems were unaffected. Therefore this was hopefully done in time to prevent many people from opening the infected attachment. Students are advised to make sure that their Windows update is set to ‘automatically update’ in order for the update to work and prevent future harm.

The Information Commissioners Office (ICO) should have been notified as part of protocol. An investigation should now take place to make sure that no business critical information was stolen or that data protection was breached. Considering that the virus was spread via e-mail, the hacking will be hard to trace to its source, owing to the easily spreadable mode of delivery through e-mail and the size of UWE as an organisation.

In an age of technology we are increasingly reminded of the vulnerability we have to anonymous hackers seeking to steal our personal information, and the care we must take with our data and personal technology.

By Jack Ward