Share

Bad Things Do Happen to Good People

Posted: December 13, 2013

There are entire industries dedicated to compromising the security of your computer and its data. Some want your identity, others want your credit cards, a few may want your research, still others want to use your computer for illicit purposes and some seem to be just plain mean. While Penn State and the College of Ag have instituted many safeguards to protect you and the University, the threat remains high and sometimes a computer does become compromised.

There are entire industries dedicated to compromising the security of your computer and its data.  Some want your identity, others want your credit cards, a few may want your research, still others want to use your computer for illicit purposes and some seem to be just plain mean.  While Penn State and the College of Ag have instituted many safeguards to protect you and the University, the threat remains high and sometimes a computer does become compromised.

When a computer in the College becomes compromised the user is often the last to know.  Malicious code hopes to be unnoticed so that it can remain active for the longest possible time and reap greater use of your computer and data.  At Penn State, the Security Operations and Services (SOS) office is usually the first to notice because they are alerted to the malicious software using the Penn State network in known bad ways.  Once SOS alerts College of Ag IT staff that a computer has been compromised, certain University mandated steps have to be followed in order to protect you and the University.

Once a compromised computer is identified someone from Ag IT will visit your office to remove it from the network and return it to our offices for scanning and remediation.  It may seem abrupt to you that we almost immediately disconnect it from the network, but in reality the longer it is online the greater the possibility that it will infect others on the network and the greater the possibility that it will send your information – personal and professional – to a third party.  After a few minutes for you to save open documents, we will shut down your computer and return it to our offices for scanning and to remove the compromising agent (virus, Trojan, malware…whatever it is called!).

If the Identity Finder console shows that you have scanned and remediated your computer within the last 30 days then no scan will be necessary by our staff.  If you have not scanned in that period, or have scanned but not shredded or ignored each of the results, our staff will scan the computer and report any personally identifiable information (PII) findings to the SOS office for review.  This important step is how the University determines the amount of risk we have been exposed to as a result of this specific compromise.  If PII such as social security numbers, credit card numbers and bank accounts are found on your computer then it may trigger other steps mandated by the University such as sending notices of compromise to the affected individuals.

Once your computer has been cleared by SOS – either by having the PII identified, reviewed and secured or by verification that you have scanned and remediated within the window of opportunity, then our staff will work with you to move your data to a secure location and then completely erase and rebuild your computer.  This complete erasure is necessary because the designers of malicious software often embed code so deeply in a computer that the compromising agent is able to regenerate even after dedicated attempts to remove it.

When your computer has been imaged and data returned we will return it to your office and put it back into service.

With each compromise we hear the same questions….Why me?  How long until it is back?  What do I do in the meantime?

Why Me?  In a nutshell:  bad luck.  Nearly all of our college’s faculty and staff that have their computers compromised are innocent victims of malicious people and organizations.

How Long Until Its Back?  There are so many variables that this question is hard to answer.  One to three weeks is probably a reasonable window, though there are situations that could take longer.  If you have recently scanned and remediated PII, the process moves to the rebuild step much, much faster.  If you have purchased your computer within the recommendations of the Ag IT unit then the reimage process is automated and can move very quickly.  Conversely, if you do not have a supported model of Dell computer, the rebuild may take a very long time for our staff, or you may be asked to have it rebuilt by your own staff or a third party.

What do I do in the Meantime?  Some offices and departments have spare computers on standby that you can use on a temporary basis.  If this is not an option for you, Ag IT has a few computers that we can make available to you while your PC is being evaluated and rebuilt.  Naturally, under some multiple-computer compromises we may not have enough standby computers to meet the needs of everyone.

Computer compromises cause a great deal of frustration and interruption for everyone – for you, certainly, as well as for University IT staff and Ag IT staff.  It is not an easy or pleasant time for any of us, and the actions that must take place are not optional for any of us.  When you become a victim we will do our best to keep you informed of the status of your computer, and we will ask for patience and understanding from you.