University seeks to prevent identity theft

From leaving credit cards lying around or using an unsecure Web site, there can be a problem with steal others’ identities.

At Missouri Southern, the campus has ways of keeping students and faculty safe from such issues as identity theft.

In the department of public safety, they are leaving the social security numbers off the University identification cards.

Ken Kennedy, director of the DPS, said a couple years ago an instructor felt concerned about having the SSN on the ID card.

“If it were lost or stolen, they could also use that to obtain his identity and forge documents with his social security number,” Kennedy said.

They were able to figure out a way to leave the SSN off the card, Kennedy said.

“Now it’s still on the bar code on the back, but it’s not visible on the card,” he said. “You have to have a special type of machine to be able to decipher what the actual social security number is.”

Once they had done that to the faculty and staff cards, Kennedy said they did the same to the student cards.

“Everyone has accepted that with enthusiasm because it is less risk for having your identification stolen,” he said.

Kennedy said if students, faculty or staff have ID cards with their social security numbers still on them, they can receive a new one without the number.

“If they have lost their card, there is a $5 charge,” he said. “However if they give us the card, we will shred it, and it’s no cost.”

Kennedy said if someone knows his or her personal information has been stolen, it is important to contact the police.

“Watch your credit card for unknown charges,” he said.

He also said people should not have several open credit card accounts.

“It gives you a bad credit [score],” Kennedy said.

Internet and computer security

In information services, Al Stadler, director of infrastructure and security, said there are several issues even if someone is using wireless or wired Internet.

Stadler said people should not share passwords.

Using a strong password with a combination of letters, uppercase and lowercase if the application allows it, numbers and symbols is a good idea, Stadler said.

“Six to eight characters is a good starting point, if not longer,” he said.

Writing down passwords is another bad idea. Stadler said a roommate, for example, could obtain the passwords.

He said it is a good idea to use different passwords and different user identification.

“It gives them a heads up if you use the same user ID,” Stadler said. “You can use different user IDs; it makes it a little harder. Because once they (hackers) know more, they could use it on everything else.”

He said it is important to have a good anti-virus or anti-spyware program. He said people should download it, update it and run it routinely.

“There are a couple free ones,” he said.

People should also patch or update their operating systems.

“That will protect against multiple viruses that are using a vulnerability on your OS to exploit your machine, but also it is a launching base for your neighbor,” he said.

He said the two areas that are routinely used are instant messaging and e-mail. These use social engineering and phishing.

Phishing is an e-mail that looks to be from a well-known company, advising people must enter or verify their security information.

“Anything that asks you to re-enter your security information, don’t re-enter in your security information,” Stadler said. “Big no-no – something’s wrong.”

If someone has received an e-mail like this, the entire e-mail can be forwarded to the Federal Trade Commission at [email protected].

Stadler also said people should not send personal information via e-mail or instant messaging and do not open attachments.

“They can be used to transmit viruses,” he said.

In e-mails, Stadler said it is easy for a hacker to obtain personal information.

“There are lots and lots of script kitties,” he said. “They can automatically run within an instant.”

These script kitties can search a hard drive in seconds, looking for specific files or programs a hacker might want.

As part of physical security, people should not leave their laptops and PDAs unattended.

“They can be picked up and stolen,” Stadler said.

He also said to write down the serial numbers for the makes and models of the hardware. Backing up the files on the computer onto portable hard drives or flash drives helps as well.

“If something were to happen, you have it,” Stadler said.

He said Hackers are specifically looking for personal information.

“They are hitting multiple people,” Stadler said.

Hacking solutions

Stadler said schools are targeted because of high bandwidth, and most universities have low security standards.

“We take it pretty serious here, but most places are a little bit lax,” Stadler said.

In information services, they have multiple layers that protects them from security risks. Stadler said MORENET is the first layer.

“It’s through an ISP generically,” he said.

Then there is a MORENET router, a firewall, an application firewall that tells what applications are being used, a switch and bluesockets.

“That’s an authentication piece before you get on the network,” he said.

After that, the last layer is more routers. Stadler said even with all of these layers, the most critical piece is what is clicked on, accepted or sent out.

“I can’t block it all,” he said.

He said they are able to control bandwidth, priority and if it is allowed or not allowed.

“Once you authenticate, you’re able to talk,” Stadler said.

The difference between the wireless and wired is wired is more secure, Stadler said.

“It (wireless) goes in the air,” he said.

He said if someone does not use the secure version, he or she is transmitting it in the open.

“If someone is able to pick up your signal,” Stadler said, “if you can hear it, you can in time crack it. If it is unsecure, it’s plain text.”

On the other hand, when the computer is wired, it would have to be intercepted to be able to be hacked.

“It’s pretty well protected,” Stadler said.

Anybody with a “sniffer” can pick up what is sent if the unsecured wireless is used.

“Use the secure one,” he said.

Stadler said if someone knows they have been hacked into or have a virus, disconnect from the network and run a virus scan.

“If you find something on it, take the appropriate action,” he said. “You just got to get it cleaned up.”

Securing documents and mail

In the Physical Plant, they are using a specific company to shred confidential documents.

Shred-It has containers all over campus, where people can throw important documents to be shredded. The bins are locked and the company physically comes to the campus to shred the material.

“We know the stuff has in fact been destroyed before it leaves our campus,” said Bob Harrington, director of the Physical Plant.

Harrington said at 10 a.m. to 2 p.m. on April 29 at the Wal-Mart at 15th Street and Range Line Road, Shred-It will be there to destroy any confidential material. The service is free to anyone.

Harrington said using anything that may have the SSN on it, it is easy for people to steal one’s identity. He also said paying a credit card bill and placing it in the mailbox leaves thieves open to stealing.

“They’ll come by, and they’ll take your mail,” he said. “They will pull the information out and send the check in to pay your bill but along with it they’ll send a letter saying please change my address to such and such or I’ve lost my credit card please issue me a new one. They’re using your credit card to run up tremendous debt.”

Harrington said groups will steal the information and sell it to others for identity theft.

“It can take a tremendous amount of time and a tremendous amount of money to regain and recoup your credit,” he said.

Stadler said identity and security is a concern for him.

“It’s critical to us,” he said.

Kennedy said it is becoming a problem.

“That’s why things in the future will probably include thinks like biometric,” he said. “Cards with chips in them that can be deactivated if they are lost or stolen. That’s the future.”

Harrington thinks identity theft is a scary concept.

“It’s kind of made me more aware,” he said. “It’s very important for them to be careful and to protect your identity because once somebody steals it, it’s pretty hard to get it back again.”