Computer networks across the University lie wide open to hackers, due to serious failings in IT security provision.

An investigation by The Oxford Student has learnt that CCTV cameras, email passwords and MSN Messenger conversations can be compromised with ease by members of the University with only a modicum of technical knowledge, jeapardising the privacy and safety of students and dons alike.

It is understood that by using software that is freely and easily accessible over the internet, every student has the power to snoop on the MSN Messenger conversations of others or infiltrate their Webmail account. More advanced users can even tap into college CCTV networks, with the possibility of disrupting the entire system, forcing colleges into total security blackouts.

A University spokesperson told The OxStu: "In some cases the wish to provide the widest possible computer access as cheaply as possible may mean deciding to go for a cheaper set-up, with potentially lower security." Just how low the security across the University has now become clear.

Access to the video-streaming of CCTV footage of College A was easily available, pictured right, and cameras across the College could be taken down at the touch of a button. One student who appeared in security footage accessed said: "As well as understanding the security implications, it was personally shocking and especially worrying."

As such networks are put in place to safeguard the security of College members, the fact that they can be easily bypassed should send a serious message to staff responsible for their upkeep.

An IT Officer at College A said: "Short of keeping the network as segmented as possible, there is very little we can do." In a warning to students, he added: "I am able to monitor my network, and student regulations mean that any member abusing it would find themselves before the Dean."

The OxStu has agreed not to pass on the methods used to carry out such actions, which fall foul of both the law and OUCS guidelines. One computer expert told The OxStu that the actions were virtually untraceable.

It can take less than a minute to obtain an individual student's email password. A student at College B whose password was compromised told The OxStu: "It's absolutely ridiculous that security could be so light. I'll certainly be changing my password regularly in the future."

Likewise at College C a first year student's Webmail password was obtained. The student told The OxStu: "I'm outraged. I've personal as well as employment and academic related information in my account, which is private." College B's IT Officer said: "There is a rolling programme to upgrade [the network]...If students are abusing it, it is a concern."

Similarly, conversations held over instant messenging programmes can be easily intercepted. A Human Sciences student said it was "insane and quite disturbing...not something you want others to see." Her conversation was eavesdropped upon as she told another member of the same College about her essay crisis. One student at College D, who declined to be named, told The OxStu the problem was "shady", as we recounted her conversation to her. College D refused to comment, on the basis that it felt the law had been broken in relation to these activities.

A University spokesperson said: "Security measures are constantly reviewed in order to minimize the security risks. Of course, anyone found to have breached security with ill intent would be subject to punishment."

At the time of going to press, The OxStu was in the process of handing over all the data given to the investigation to both the police and the University.


Quite apart from University Regulations students should be aware of 1(1) of the Computer Misuse Act 1990, which creates an absolute offence of "causing a computer to perform any function with intent to secure access to any program or data held in any computer; the access he intends to secure is unauthorised; and he knows at the time when he causes the computer to perform the function that that is the case."

You can view the original article here...
http://www.oxfordstudent.com/2004-05-27/news/1