10 September, 2012

Casey at the Bat

I found this old story in my journal- and it is pertinent for the Campus Community at the beginning of the semester.


Casey called in to the Help Desk when he tried to download the new Windage Wimba software from the Case Software Center, but the accounting system told him that he had already downloaded it.  The new software had only been made available the previous day, the Casey knew he hadn't yet downloaded it.  In looking at the software available at the Software Center website, he learned that there were many applications that were already downloaded.  These included software for an operating system that he didn't use at all.  

Casey had played baseball for a few years, and he used some the name of his favorite baseball bat to craft his Case password, which was “OldHickory%34.”  He admitted that he had shared his account information teammate a couple of years ago, who had since graduated, and that he hadn't changed it  since the University wide password change in 2000-something.  

Further investigation revealed that someone using Casey's account had been logging into various resources around campus: The Library, Filer, Forum, Docshare, and the Case VPN, and the Case Software Center.  These logins were confirmed to come from off campus, while Casey lived on-campus.  In fact, several thousand dollars' of software had been downloaded with his account.  Casey had to change his password, and check his email accounts for misuse.  He also had to begin the process for regularly monitoring his credit report in case he was a victim of fraud or identity theft.  It was discovered that Casey's former teammate (and former friend) had in fact used Casey's account to steal software and move movies and mp3 files into the University IT systems.  Casey was disturbed that a 'friend' could do all this with his Case Network ID and password, and worse, he was responsible and accountable for all of these actions.  Fortunately, Casey reported his problem and the real thief was discovered and prosecuted.

Moral of the story?  You'll never know if somebody knows you well enough to guess your password, or even trick you into revealing it (e.g. phishing attacks).  A regular change process and using passphrases instead of passwords to memorize them will help Casey after he graduates and moves on to the professional world.

No comments:

Post a Comment