In the age of mass computer use, security and privacy are persistent concerns — Cal State Long Beach is no exception.
When logging into BeachNet, CSULB’s Internet source, usernames and passwords are secure. However, once on the Web, all computer use is unencrypted and may be monitored by hackers.
“BeachNet is not an encrypted wireless network,” according to the official CSULB website. “All traffic is sent through the air on radio waves, which can be overhead and captured by nearby users. There are no easy ways of detecting other ‘listeners,’ so caution and careful use of the Internet is strongly advised.”
Nonetheless, Director of Network Services Steve La said, “Our data network is secure. We designed our network [in 2001] and the campus wireless [network in 2005] so that the users are protected from hacking software such as Firefox’s plug-in called Firesheep on the WPA encrypted Wi-Fi.”
Despite the university’s ability to block Firesheep software, computer science instructor Burkhard Englert makes an example out of BeachNet in his computer science classes. He shows his students other software that allows them to hack into individuals’ personal accounts while using BeachNet, capturing usernames and passwords firsthand — even bank account passwords.
He said individuals should use secure websites when logging into websites with sensitive information. Secure websites, like BeachNet’s login page, begin with “https://.” The “s” stands for secure.
La and Englert have a different interpretation of the word security.
According to La, the university’s network is secure from hackers that are trying to access administrative records like financial accounts and grades.
According to Englert, the university’s network is not secure from hackers that are trying to obtain usernames and passwords from insecure websites like Facebook and Yahoo.
“Universities are the most attackable,” said computer science graduate student Ravi Mahana.
Compared to professional service providers, universities have never been very secure, Mahana said.
Most service providers such as Charter, Verizon and AT&T use encryption systems.
The federal government uses Charter’s services, which have been recognized as the “most suitable,” according to the National Institute for Standards and Technology website.
The birth of BeachNet
La said the campus-wide data network was established in 1989. Since 2006, CSULB has had 95 percent wireless coverage in all areas of campus, according to the university website.
“In ’99, the CSU created a committee called Network Technology Alliance (NTA) to develop system-wide network standards for all 23 CSU campuses,” La said.
Since then, all Cal State Universities have provided their own wireless Internet access.
“We are the internet service provider for our campus, just like Charter and Verizon [are] for the home users,” La said.
A recent university breach
On Nov. 22, the FBI sent a news release to Kansas City, Mo., announcing charges against two former university students for computer hacking.
Joseph A. Camp, 26, and Daniel J. Fowler, 21, attended the University of Central Missouri and allegedly gained unlawful access to the university computer network.
They are being charged with infecting computers, transferring money to their student accounts, attempting to alter grades and profiting from companies that wanted to buy the personal information of faculty, staff, alumni and students.
How hackers view personal information on BeachNet
Non-secure websites like BeachNet capture information through cookies.
Cookies save login information in plain text.
A seemingly encrypted password is really being sent back and forth in plain text, defeating the purpose of encryption.
Cookies were invented to speed up connections and record information for advertising purposes.
Information tracked through IP addresses
Every action that individuals do on the Internet is stored and managed for security purposes.
The CSULB website said, “Although not legally required to do so, CSULB computer and information services departments respect the privacy of all users.”
Because each computer is given an Internet Protocol, or IP address, web searches and e-mails can be traced back to that address.
One concern is that with IP addresses, law enforcement can trace website search histories. Police can request an IP address for investigative purposes, but they must have a subpoena or a search warrant to do so.
“We are responsible for the operation and security of our network so we store and manage every IP address on campus,” La said.
With the appropriate software, anyone can recall the search history from an IP address, Englert said. While IP addresses are not enough to incriminate a person, a student’s username and password may pinpoint an individual in an investigation.
Law enforcement using IP addresses to locate stolen laptops
Laptop theft is one of the most common types of theft on campus, according to reports from the University Police activity log.
When a laptop is stolen on campus, the university may distribute the laptop’s IP address to the authorities, La said.
IP addresses act as a locating tool as well as a record for sites visited.
Using ipaddresslocation.org, anyone can locate the city of his or her own computer.
According to University Police Capt. Fernando Solorzano, the best method to get back a stolen laptop is through a software program called LoJack.
With the LoJack software, the security company can freeze the laptop and track the computer using a GPS system that has already been programmed into the computer.
Other options for wireless service on campus
Many campus users have turned to the various secure wireless providers for laptops and smartphones.
“I stay away from the Internet here,” Englert said.
Instead he uses his laptop, which has its own service provider.
Senior English major Alex Owens-Sarno said she uses her 3G smartphone because she has “never trusted” BeachNet.
3G is a wireless network that accesses the Internet independently and has encryption software already installed, but even that software is not completely secure.
Still, the encryption codes in smartphones such as iPhones and BlackBerrys have been compromised by computer technicians who are constantly testing their effectiveness.
GSM and Kasumi are two recent encryption systems that have been cracked, according to pcmag.com.
Protection from hackers at school
CSULB provides a solution for securing wireless traffic through an encryption system called Virtual Private Network (VPN), which can be accessed through https://vpn.csulb.edu.
VPN encrypts data and ensures users that information cannot be accessed without authorization, according to the CSULB website.
VPN scrambles all information sent over the open air and radio waves. The university can still see all the information that passes through the campus network before it is transmitted wirelessly.
At home, users should set their computer configuration to Wi-Fi Protected Access (WPA), which can be activated through the computer’s control panel, according to Englert.
“Make sure to change the default password because everyone will have that built-in password,” he said.
Englert also specifically recommended that Internet users not use Internet Explorer because of their cookie practices.
Disclaimer: The Daily 49er is not responsible for Postings made on www.daily49er.wpengine.com. Persons commenting are solely responsible for Postings made on this website. Persons commenting agree to the Terms of Use of the website. If Postings do not abide by the Rules of Conduct or Posting Regulations as listed in the Postings Policy, the Daily 49er has all rights to delete Postings as it deems necessary. The Daily 49er strongly advises individuals to not abuse their First Amendment rights, and to avoid language suggestive of hate speech. This site also encourages users to make Postings relevant to the article or other Postings.