Concordia University

http://www.concordia.ca/content/shared/en/news/main/stories/2016/03/21/security-breach-involving-some-library-standing-express-workstations-keylogger.html

Security breach involving some library standing express workstations

Keylogger devices found on some standing express workstations in the libraries
March 21, 2016

To detect keyloggers, you should routinely look for any suspicious devices or innocuous connector between the keyboard cable and the USB port. When using public computers, and to detect keyloggers, routinely look for any suspicious devices or innocuous connector between the keyboard cable and the USB port.


Hardware devices called keyloggers, which can capture computer keystrokes, were recently found on some of Concordia's standing express workstations in the Webster and Vanier libraries. These computers are available for public use for a maximum of 10 minutes.

In response, the university launched a thorough investigation, including the inspection of all public desktop computer workstations on both campuses. Concordia also filed a report with the Service de police de la Ville de Montréal (SPVM).

The expertise of the university's library and IITS staff was instrumental in detecting and mitigating this situation.

The integrity of the 272 laptops on loan and 432 library workstations, networks and the security of Concordia's IT system remain intact.


Keyloggers limited to particular library express workstation computers

The hardware keyloggers were only found on express workstations located on LB2 in the Webster Library (these computers were located on LB2 until February 2016 and are now on LB3), and on express workstations located in the Vanier Library on VL1.

These keylogger devices can capture personal data such as login information and passwords (for example, passwords associated with your Concordia netname) by tracking the keystrokes used at a workstation.

No other hardware devices were discovered on other publicly available computer workstations at the university. Laptop computers and tablets, available for loan from the libraries’ circulation desk, are not affected because hardware keyloggers cannot capture keystrokes from this equipment (up-to-date antivirus programs can usually detect software keyloggers).

Concordia is taking proactive measures to increase security where public computer workstations are located. The university is conducting regular visual inspections and implementing several other measures that include educating students, faculty and staff.


If you used one of the library workstations in the past 12 months, consider the following:

With the information available to date, Concordia strongly advises that, as a precautionary measure, if you used one of the standing express workstations in either the Webster or Vanier library within the last 12 months, you should:

  • Change your password associated with your Concordia netname. Make these changes using your own or a privately owned device (computer, tablet or mobile phone). To change your netname password, login to MyConcordia, follow the instructions on the landing page and then reboot your computer. 
  • Change your passwords for other accounts, especially if you conducted online banking using an express workstation.
  • Carefully review your bank and credit card accounts and statements, and report any suspicious transactions to your bank or other financial institutions.


If you believe any of your accounts have been compromised:

  • Contact your local police station to file a report. The SPVM has assigned the following file number to this case: MTL-EV-1600-227343.
  • File an in-person report with Concordia’s Security Department by visiting one of our security locations:

    • Security operations centre (Sir George Williams Campus)
      Room H-118, Henry F. Hall Building (1455 De Maisonneuve Blvd. W.)

      Security desk (Loyola Campus)
      SP-144, Richard J. Renaud Science Complex (7141 Sherbrooke Street W.)

  • Request a fraud alert for your credit file by calling a credit reporting agency such as:
    • Equifax: 1-866-828-5961 (press 3)
    • TransUnion: 514-335-0374 (press 9, then select 1)
       
  • Notify these government revenue agencies of potential fraud:
    • Québec: 1-800-267-6299
    • Canada: 1-800-959-8281

If you are a victim of identity theft or fraud, you should report theft or fraud to:

  • The Canadian Anti-Fraud Centre at 1-888-495-8501
  • Your local police stations to declare fraud and obtain a report number. You should also indicate that you are a Concordia student, staff or faculty member.

 

Detecting keyloggers

How to detect keyloggers

Since keyloggers take a few seconds to install on public desktop computers, such as those found in internet cafés and hotel business centres, you should routinely look for any suspicious devices or innocuous connector between the keyboard cable and the USB port. It can be any shape or colour and can be installed on any type of computer (PC, Mac, etc.).

What should I do if I find a keylogger?

If you find a hardware keylogger installed on a university desktop computer, please contact Concordia’s Security Department at 514-848-3717 and wait for an agent to arrive at your location. Do not remove the keylogger.

Similarly, if you discover a device on a computer in an Internet café or hotel business centre, you should alert an employee and then reset your passwords.


Questions?

Contact the IITS Service Desk at (514) 848-2424, ext. 7613, or via email: help@concordia.ca.

 



Back to top

© Concordia University