Category Archives: Security

Information regarding the Equifax breach

Credit monitoring company Equifax announced on September 7th that they experienced a data breach that exposed credit information for approximately 143 million individuals. This information included the person’s name, social security number, date of birth, current and previous addresses, and potentially their driver’s license number. Approximately 182,000 individual’s credit card numbers were also exposed. The breach is still under investigation, and these numbers may change as more information is discovered.

Equifax has a website with information surrounding the breach at https://www.equifaxsecurity2017.com. You can check if you were affected by the breach by either following the “Potential Impact” link at the top of the page or enrolling in their free credit monitoring service by clicking the “Enroll” link.

We suggest that affected users consider issuing a freeze on their credit accounts. Brian Krebs, a well respected information security expert, has written an excellent article describing a credit freeze and how to achieve it. Please note that this will also prevent anyone from checking your credit for legitimate purposes—like applying for a loan—unless you temporarily unfreeze your credit.

As with all highly publicized news items, this breach will lead to an increase in the number of phishing attacks. Attackers often use the hype surrounding these events to trick people into turning over their credentials or other personal information. It is important that everyone continues to be extremely cautious when dealing with email or phone messages that claim to be Equifax or some other credit-related business. If you receive a suspicious email or call, please report it to it-help@mtu.edu, and we would be happy to attempt to validate it for you.


Email Delivery Issue

On Friday, a Michigan Tech email user reported to the Department of Public Safety and Police Services (DPSPS) that they were receiving abusive email from a third party. As part of this investigation, DPSPS and Information Technology worked to redirect email from this third party to the officer’s email account for further investigation.

Unfortunately, due to an error in the redirect rule we created, any email between 9:00 PM Friday and 7:45 AM Saturday was delivered to the DPSPS officer’s account. That officer’s account was locked at 7:45 AM on Saturday, and the officer was not able to read the email. The mis-configured rule was also disabled at 7:45 AM Saturday.

Due to the volume of email that was sent and received, most messages from that time period are now reporting as delayed or undeliverable.

Information Technology is working to retrieve all email that was sent to and/or from @mtu.edu and deliver it to the intended recipient. In other words, any message sent either to a Michigan Tech account or from a Michigan Tech account during this time period was held up in this process. If you attempted to send an important message during this time period, please resend it. A copy of the message should be available in your “Sent” box.

We take privacy seriously and are working to restore the email from this event. We are developing additional controls around this process to prevent future occurrences.

Please contact Information Technology at it-help@mtu.edu or (906) 487-1111 with questions or concerns.


Efforts to cut down on spam and phishing email

Michigan Tech IT has seen an increase in spam and phishing email enabled by email spoofing—when a user or system sends an email with a forged header so that it appears to be from an @mtu.edu address. We have been working on solutions, and on March 7 a preventative measure will be enabled to help reduce spoofing. After the change is made, email sent from a forged @mtu.edu address will have a much greater chance of being marked as spam.

We recognize there are legitimate tools that include spoofing as a feature (e.g., survey software) and have pre-approved many of the services used on campus that include spoofing as a part of their normal operation. The following will not be impacted by this new tool:

  • Alumni – iModules
  • Qualtrics Surveys
  • Survey Monkey
  • Collegiate Link/Campus Labs
  • EMAS Recruiting software
  • Systems on campus that relay mail through IT-run services

If you use a tool that isn’t listed above, and the email that it sends appears to be from an @mtu.edu address, please contact us so that we can make sure your service isn’t affected. If you have any questions or experience any issues sending legitimate “spoofed” email after March 7, please contact us at it-help@mtu.edu or 7-1111.


VPN Update

Last week we updated on-campus, on-domain PCs to use the new VPN server. Notably, the new VPN server supports Windows 10 and OSX Yosemite.

On  September 22 at 6 AM, we are going to switch everyone over to using the new VPN. From that point forward, you will be using the new hardware when you go to vpn.mtu.edu.

Documentation on installation and usage of the new VPN client is available at www.it.mtu.edu/vpn.

If you have any issues, please contact IT at it-help@mtu.edu or 906-487-1111.


OUCH! September

Check out the September issue of OUCH! This month’s issue focuses on two-step verification. Specifically, what two-step verification is, why it’s so important and the steps to enable it. We ask you share OUCH! with your family, friends and coworkers.

English Version (PDF)
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201509_en.pdf

Translations & Archives
http://www.securingthehuman.org/ouch/archives


MichiganTech Wireless Changes – Certificate Warning

Michigan Tech is implementing a new controller for the MichiganTech wireless network.  This change is needed to implement AirPrint and GooglePrint features this fall.  This change will only affect the MichiganTech SSID.

After Wednesday August 19 at 7 AM you may see a certificate popup on your mobile device or laptop (similar to the image below).  When you see this message, click Accept and you will continue to be connected to the wireless network.

As always, if you have any issues or questions, please contact IT Help at 906-487-1111 or it-help@mtu.edu

CP_cert


Protecting your identity – BCBSM breach

By now, many of you have heard of the data breach at Anthem, which may have also leaked data of Blue Cross Blue Shield of Michigan (BCBSM) members.  While BCBSM is still investigating what member data has been breached, we do know that Anthem stored data on BCBSM members who received health care in a number of states outside of Michigan.  The data accessed includes names, date of birth, member ID/social security numbers, addresses, phone numbers, emails addresses, and employment information.

Though the investigation as to the extent of the exposure of BCBSM data is still underway, there are a number of steps that all users should take:

  • Monitor you current accounts for any unusual activity.  Data from the breach may be used to try to answer security questions and access your accounts.
  • Sign up for fraud alerts with each of the three major credit bureaus.  This will notify potential credit grantors to verify your identity before extending credit.  This will stay on your account for 90 days and will allow time for BCBSM to complete their investigation.
  • Obtain a current copy of your credit report. You can receive a free copy of your credit report once every 12 months at: https://www.annualcreditreport.com.
  • Be aware of unexpected changes to your credit report or credit score.  Many sites will monitor your credit but may charge a fee.  CreditKarma is a well-respected free site for monitoring your credit score and can be found at: https://www.creditkarma.com.
  • Be suspicious of any email related to the breach that asks you to give personal information.  Anthem will be directly notifying all impacted members via postal mail and will advise you on the next steps to take.  Many cyber criminals are using the incident to target potential members with phishing attempts. If you receive an email that appears to be from Anthem and contains a “click here” link for credit monitoring, it is a scam!
    DO NOT click on any links in an email appearing to be from Anthem.

    • DO NOT reply to the email or reach out to the senders in any way
    • DO NOT supply any information on the website that may open if you do click on a link.
    • DO NOT open any attachments that arrive with email.
  • If you have received heath care services in California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia or Wisconsin, you should contact Anthem at 1-877-263-7995 or visit their website: http://www.anthemfacts.com/.

Online security while traveling – read the latest issue of OUCH!

The SANS Institute has released its February issue of OUCH!, a monthly security newsletter. This month’s issue covers how to securely stay online and get work done while traveling.  With more and more people connecting while on the road, this is the perfect time to cover how to do it securely.  We encourage you to download and share OUCH! with others.

English Version (PDF)
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201502_en.pdf

Translations & Archives
http://www.securingthehuman.org/ouch



Regarding recent stories about Google credentials posted on Russian web site

There are a number of news services running a story about a Russian web site posting the gmail and mail.ru credentials of approximately 5 million users.

The 5 million passwords that were posted on the Russian website include a significant number of passwords for Google accounts. These passwords appear to have been acquired over several years worth of phishing campaigns by various hacking groups. Google has reviewed the list and believes that the majority of the accounts on the list have already been suspended or had their password change since the credentials were acquired.

Currently there appears to be no reason to worry about this incident. IT will continue to monitor the situation and work on verifying that no @mtu.edu accounts were on the list.