Security breach involving some library standing express workstations

March 21, 2016

Hardware devices called keyloggers, which can capture computer keystrokes, were recently found on some of our standing express workstations in Concordia’s Webster and Vanier libraries. These computers are available for public use for a maximum of 10 minutes.

In response, the university launched a thorough investigation, including the inspection of all public desktop computer workstations on both campuses. We also filed a report with the Service de police de la Ville de Montréal (SPVM).

The expertise of our library and IITS staff was instrumental in detecting and mitigating this situation.

The integrity of our 272 laptops on loan and 432 library workstations, networks and the security of our IT system remains intact.

Keyloggers limited to particular library express workstation computers

We want to reassure you that the hardware keyloggers were only found on express workstations located on LB2 in the Webster Library (these computers were located on LB2 until February 2016 and are now on LB3), and on express workstations located in the Vanier Library on VL1.

These keylogger devices can capture personal data such as login information and passwords (for example, passwords associated with your Concordia netname) by tracking the keystrokes used at a workstation.

No other hardware devices were discovered on other publicly available computer workstations at the university. Laptop computers and tablets, available for loan from the libraries’ circulation desk, are not affected because hardware keyloggers cannot capture keystrokes from this equipment (up-to-date antivirus programs can usually detect software keyloggers).

We are taking proactive measures to increase security in locations where we have public computer workstations. We are conducting regular visual inspections and implementing several other measures that include educating our students, faculty and staff.

If you used one of the library workstations in the past 12 months, consider the following:

With the information that we have available to date, we strongly advise that as a precautionary measure, if you used one of the standing express workstations in either the Webster or Vanier library within the last 12 months, you should:

• Change your password associated with your Concordia netname. Make these changes using your own or a privately owned device (computer, tablet or mobile phone). To change your netname password, follow the instructions on the landing page and then reboot your computer.  
• Change your passwords for other accounts, especially if you conducted online banking using an express workstation.
• Carefully review your bank and credit card accounts and statements, and report any suspicious transactions to your bank or other financial institutions.

If you believe any of your accounts have been compromised:

• Contact your local police station to file a report. The SPVM has assigned the following file number to this case: MTL-EV-1600-227343.
• File an in-person report with Concordia’s Security Department by visiting one of our security locations: 
  • Security operations centre (Sir George Williams Campus)
    Room H-118, Henry F. Hall Building (1455 De Maisonneuve Blvd. W.)
  • Security desk (Loyola Campus)
    SP-144, Richard J. Renaud Science Complex (7141 Sherbrooke Street W.) 
• Request a fraud alert for your credit file by calling a credit reporting agency such as: 
  • Equifax: 1-866-828-5961 (press 3)
  • TransUnion: 514-335-0374 (press 9, then select 1)
• Notify these government revenue agencies of potential fraud: 
  • Québec: 1-800-267-6299
  • Canada: 1-800-959-8281

If you are a victim of identity theft or fraud, you should report theft or fraud to:

• The Canadian Anti-Fraud Centre at 1-888-495-8501
• Your local police stations to declare fraud and obtain a report number. You should also indicate that you are a Concordia student, staff or faculty member.

Detecting keyloggers

How to detect keyloggers

Since keyloggers take a few seconds to install on public desktop computers, such as those found in internet cafés and hotel business centres, you should routinely look for any suspicious devices or innocuous connector between the keyboard cable and the USB port. It can be any shape or colour and can be installed on any type of computer (PC, Mac, etc.).

What should I do if I find a keylogger?

If you find a hardware keylogger installed on a university desktop computer, please contact Concordia’s Security Department at 514-848-3717 and wait for an agent to arrive at your location. Do not remove the keylogger.

Similarly, if you discover a device on a computer in an Internet café or hotel business centre, you should alert an employee and then reset your passwords.

Questions?
IITS Service Desk
Tel.: (514) 848-2424, ext. 7613
Email: help@concordia.ca

Related links

• Concordia IITS
• Government of Canada: Tips on using public PCs
• Government of Canada: Cyber security while travelling
• Canadian Anti-fraud Centre
• Cyber crime : Service de police de la Ville de Montréal
  http://www.spvm.qc.ca/en/Jeunesse/ado-Cybercriminalité.asp
• Government of Canada: Identity Theft: What to do if it happens to you
• RCMP: Identity Theft and Identity Fraud Victim Assistance Guide