- Created on Wednesday, 09 April 2014 17:30
- Hits: 9131
By BECKI CREWE
Niagara College has taken precautionary steps to secure its computers from future attacks after some of its student-use systems were hacked since December.
Niagara Regional Police (NRP) charged Myles Proulx-Vanevery, 21, a Niagara College student, with 10 counts of unauthorized use of a computer. Four computer labs at the Welland campus were exposed to the malicious software. This malware, which Vanevery says he wrote and created, allowed him to record the keystrokes entered on any infected computer.
“It recorded the keystrokes every time they typed something, so I knew exactly what was happening as they were doing it,” says Vanevery.
“I had it upload to my server their information, like their account name and whatever they typed. All I did was monitor it.”
When asked if he was motivated by “revenge,” Vanevery confirmed that.
“I have like a lot of documents, important files for school projects and work that I have saved and they [the college] ended up deleting it without any consent, no acknowledgement. They just randomly up and deleted it,” says Vanevery.
He says he didn’t have any back-up files of his deleted work and would not be able to recover it. Vanevery says he was told his account was “in a batch of accounts that were deleted” without any explanation.
“It really affected me and I was pretty upset with them and then there was no way of getting it back so like what do I do, I mean, I just vented.”
Vanevery, who was enrolled in computer programming, admits he was under great stress and suffering from emotional problems. He says he was diagnosed with depression.
He says he installed the software in December 2013, although police say it was September.
He had it running silently in the background of the computer system until being discovered in mid-March.
This keystroke logging software ran for almost four months before Niagara College was able to identify it.
“I don’t know why it took them so long in the first place. There’s a list of all the running programs on the computer that you can see and mine was there. I wasn’t trying to hide it. I knew it was there and they saw it,” says Vanevery.
“I devised a way to hack into their system and steal administrative accounts so I could do the same to them and just to be like, ‘How do you feel when someone does that to you?’”
“I wanted to really emphasize leaving a message to them saying at least give the students some kind of acknowledgement or some kind of notification that it’s going to happen, not just do it.”
College officials say Niagara College found a file on Vanevery’s student account and quickly identified it as a key logger. The Information and Technology Services (ITS) area is responsible for the security of Niagara College’s computer system and continues its work in providing measures to secure its computers from similar attacks.
Niagara College’s Vice- President Academic Steve Hudson declined to comment and referred questions to the college’s public relations department.
The college’s ITS department also referred questions to the public relations office.
Dorita Pentesco, director of Marketing and Communications here, says, “The security of its computer systems and the protection of our students’ information is very important to Niagara College and we will continue to put measures in place to provide the utmost protection for our students.”
Constable Derek Watson, NRP media relations officer, says computer hacking is not a common occurrence at colleges or universities.
“This is the first time I’ve heard of anything like this happening,” says Watson.
When asked how he installed the key-logging software, Vanevery says he used a flash drive and installed a USB portable version of Linux. Linux is a free open source software computer operating system.
After installing Linux, Vanevery plugged his flash drive into the computer and “booted into the operating system Linux and put the files on the school’s computer hard drive.” Vanevery says he went around to each computer individually and installed his software. He claims to have done this in order to ensure the permanency of the malware.
“I was doing basically everything that they taught us how to do in the computer programming courses,” says Vanevery.
Pentesco says the ITS department is responsible for taking steps to secure computers from similar attacks and continues its work in this area.
Watson says, “My safety tips are going to be for the user. As a user, you certainly shouldn’t be using public computers for personal things such as banking. You’re going to want to make sure you log off.”
Watson says to look for “shoulder surfers,” people who are looking over your shoulder and trying to see your personal information. It’s like standing at an ATM and making sure no one is looking at your pin code.
College officials say they have identified all of the infected computers and safely removed the malware. All students and staff in the affected labs have been contacted directly and provided with steps to take to prevent the misuse of personal information.
Vanevery will appear in a St. Catharines court on April 25.