This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

San Francisco college was infested with viruses for more than ten years

Share this article:

An 'infestation' of viruses existed for more than a decade at the City College of San Francisco.

According to a report by the San Francisco Chronicle, the viruses were detected at Thanksgiving last year and possibly harvested personal banking information and other data relating to students, the faculty and administrators.

It claimed that the problem was contained in a single computer lab, which CTO David Hotchkiss immediately shut down and reported it to the board.

Hotchkiss and his team discovered that since 1999, at least seven viruses would begin ‘work' at around 10pm, trolling the college networks and transmitting data to sites in Russia, China and at least eight other countries, including Iran and the US itself.

Servers and desktops have been infected across the college's administrative, instructional and wireless networks, and Hotchkiss warned it is likely that PCs belonging to anyone who used a Flash drive during the past decade to carry information home are also affected. However, he said the server with the medical information of students and employees appeared to be virus-free.

Last year, McAfee revealed details of prolonged infections in its ‘Shady RAT' report. Speaking on this news, Raj Samani, EMEA CTO at McAfee, said that a few years ago he had visited a company that had no firewalls and public IP addresses without security, which were "riddled with malware".

“In the end I rebuilt the network, but that was more to do with low-hanging fruit than intellectual property theft. If you put a computer with no protection on it then it is only a matter of time,” he said.

“All malware is noise, but if you do not have security you will be infected.”

California state law requires that cyber crime victims be notified when personal information has been stolen. Hotchkiss was quoted as telling three college trustees that "we may never know the full extent of the damage and how many lives have been affected by this". He said: “These viruses are shining a light on years of [security] neglect.”

Hotchkiss said he began the job in July 2010 and was astonished at how weak the college's computer systems had been, with officials doing little to protect against cyber attacks over the years.

The Chronicle claimed that the college has poor network design, old equipment, a "Draconian system" for agreeing new policies and little money available for new, virus-resistant technology.

Hotchkiss also claimed that some college leaders were technophobic, while hundreds of thousands of dollars had been spent over the past ten years on consultants, who failed to secure the systems and lacked knowledge of even basic virus protections.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Banking Trojans target energy sector as APTs

Banking Trojans target energy sector as APTs

Banking Trojans are increasingly being used to launch advanced APT attacks, says IBM Trusteer, which has revealed a recent attack on several petrochemical companies in the Middle East using Citadel ...

Britain's small cyber security firms get £4m boost

Britain's small cyber security firms get £4m boost

Business secretary Vince Cable has launched a new £4 million government competition to help the UK's small cyber security businesses find new ways to combat the cyber threat.

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell spyware

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell ...

UK and US spies reported to spy on Deutsche Telekom in Snowden documents, while Germany's FinFisher accused of supplying surveillance software to repressive regimes.