Cam Beasley

The rise in popularity of Spotify and iTunes radio, two popular online music streaming applications, has reduced UT students’ motivation to illegally download media, according to UT officials.

Tom Butler, associate director of the Legal Services for Students department, said he attributes the decline of copyright violation notices sent from UT to students over the past three years to the popularity of alternative music streaming services.

“ITunes and Spotify have taken the impetus out of illegally downloading,” Butler said. “If you can have access to music for a fairly small amount of money and you don’t get in trouble, then people will start to move that direction.”

As long as it is relatively easy, UT students generally lean toward the more lawful option when downloading their music, said undeclared freshman Briana Boston.

“I would imagine downloading Spotify is certainly easier than looking around individually for songs on the Internet,” Boston said. “It definitely removes the temptation to do illegal things.”

Students whom copyright-holding companies catch illegally downloading media usually receive an informational referral email from Cam Beasley, UT’s chief information security officer, that  warns against continuous copyright infractions. Repeat offenses can lead to a loss of Internet access on campus and a significant fine from the copyright holder. Beasley said these violations have stabilized in recent years.

“It isn’t unusual for the campus to receive about 50 reports of alleged violations each month,” Beasley said. “It was probably about three years ago where UT would get around 150 notices of copyright infringement a month.”

Butler, whose department provides free help to students wanting legal counsel, said punishment for breaking copyright law can vary among individual cases.

“Sometimes the student gets a cease and desist notice, and in that situation, we usually write a letter to the company on behalf of the student basically saying that they’re sorry and that they’ll never do it again. But sometimes they still demand money,” Butler said. “I have seen letters that threaten a lawsuit after one instance of copyright violation, but usually we can find a settlement that works for both parties.”

Even with the decline in recent years, issues with copyright violations haven’t entirely disappeared, Butler said.

“It’s not a big numerical problem anymore, but it hasn’t completely gone away,” Butler said. “It’s something we still try to warn about.”

After a breach of more than 300,000 personal records — including students’ social security numbers — at the University of Maryland, College Park, UT information security officials said while the University has a strong security program, any system can be hacked.

Cam Beasley, chief information security officer at Information Technology Services, said UT’s cyber-security system can keep students’ information secure. 

“We maintain a comprehensive information security program and a number of layers of security controls in place [such as] annual campus-wide IT risk assessment, security monitoring, security awareness training,” Beasley said. “There is also a great rigor assigned to any third party that the University might decide to pursue.”

The University has not been without security breaches in recent years. In 2006, confidential information of more than 197,000 past, current and prospective students were compromised through a computer in the McCombs School of Business. The records included names, dates of birth and Social Security numbers.

Beasley said University security systems are just as susceptible to hacker attacks as other institutions.  

“If an attacker is extremely dedicated and focused on breaching a system, they will not stop until they have exhausted all logical, physical and social attack vectors,” Beasley said. “These targeted attacks can be extremely challenging for any organization to defend against.”

Shane Williams, senior information technology manager, said these cyber-attacks are often inevitable, even with the security universities provide.

“The current trend following these kinds of incidents is to bemoan that institutions aren’t doing enough to protect our personal information,” William said. “In some cases, this is a totally valid criticism. Other times, though, an institution has made every reasonable effort to protect their systems and their data, and a determined attacker still manages to gain access.”

Williams said it’s important to distinguish between the university systems that are trying their best to protect students’ records and those that are not doing enough.

“As an increasingly electronic society, it’s critical that we make distinctions between these two ends of the spectrum in information security in order to put pressure on those institutions that really aren’t bothering to protect us, while providing appropriate assistance to those that did everything right and still fell victim in spite of their efforts,” Williams said.

Computer science sophomore Nikita Zamwar said she believes most students are diligent about keeping their personal information secure.

“Even though a lot of students are really strict and careful about protecting their personal information, it kind of defeats the point when the university doesn’t do their job,” Zamwar said. “If there was a breach here I’d probably freak out, and I’d probably get really mad at UT.”

Concerns about sensitive personal and business information in cyberspace are growing — and colleges and universities are no exception.

Mandiant, an American cybersecurity firm, released a detailed report in late February “exposing a multi-year espionage campaign by one of the largest ‘Advanced Persistent Threat’ groups.” The group hacked 141 companies from the United States, stealing many terabytes of compressed data.

The report indicates hackers also targeted two higher education institutions, whose names were not released for confidentiality concerns. 

Cam Beasley, Chief Information Security Officer at Information Technology Services, said along with its own security program, ITS also uses traditional anti-virus and anti-spyware software, host-based intrusion detection, browser security controls, password management tools and encryptions of various sorts.

“In most cases our security monitoring tools and services, many of which we’ve developed, help us detect such events,” Beasley said. 

One of the largest data theft instances that occurred at the University happened in spring 2003 when thousands of names and Social Security numbers were illegally accessed and downloaded to a personal computer. University officials said the discovery of the security breach occurred on March 2 and three days later a search warrant was issued and a computer and related materials were confiscated. Prompt action by the Travis County District Attorney’s Office, the U.S. Attorney’s Office and the U.S. Secret Service secured the stolen data before they could be misused or further disseminated, according to University officials.

“Attacks that put sensitive University information at risk are historically the most significant,” Beasley said. “Some steps [after a possibly hacking] include determining whether law enforcement is likely to become involved and if so, preserving evidence, containing or eradicating the problem and fostering an organized and professional response to the incident based on severity level, and type and scope of the threat.”

Lance Hayden, adjunct assistant professor in the School of Information, said figuring out how to protect intellectual property and other sensitive business information while also encouraging collaboration in product development is going to be complex, difficult work.

“It will take us years, maybe decades to get it all sorted,” Hayden said, “But that’s okay, or at least not abnormal. Look at the growth of any disruptive technology from weapons to the printing press to the telegraph/telephone to the Internet. All of them created as many new challenges for society as benefits, changing and shaping their environments dramatically.”

Protecting personal sensitive information is a major concern for Government and Economics sophomore Travis Adams. 

“I try not to upload sensitive things,” he said. “I have different passwords for all of my important accounts so that if you break into one you can’t break into all of them.”

For UT faculty and students, user awareness and vigilance is key to protection from a cyber-attack, Beasley said.

“User awareness training is required for all faculty and staff,” Beasley said. “Be more vigilant with their browsing habits, keep browser and browser plug-ins updated on a regular basis and encrypt portable devices [such as] laptops, iPhones and thumb drives. A rational distrust of most things can often be your best defense.”

Published on March 25, 2013 as "Hacking report highlights need for greater cyber protection". 

The number of phishing scams within UT computer systems has risen since previous months, but campus security officers are doing what they can to make sure members of the UT community don’t get hooked.

“Phishing” describes a form of hacking which uses a “bait and lure” technique. Hackers, hiding under the guise of email addresses, websites and screen names appearing to be official, phish for confidential information pertaining to computer users, such as account passwords. The UT Information Security Office sent an email Nov. 3 describing phishing attempts which targeted 17 UT faculty and staff members during the month of October. According to the email, the number of attempts had risen from just two in September.

Chief Information Security Officer Cam Beasley said the University has developed techniques to ward off phishers, but those behind the attacks are constantly learning new methods to keep up with security systems.

“There have been a few targeted phishing attacks as of late which have masqueraded as the campus HelpDesk or University IT administrators,” Beasley said. “Campus users should know that legitimate University IT services will never ask for their password and should always be suspicious when such a request is made.”

Beasley said his office also provides a website to worried users with tips for safeguarding their information.

Computer science senior Nick Johnson said those who take part in phishing typically have financial motivation. Johnson said he has been interested in computer programming since age six and spends a lot of time learning about systems. He said users often provide similar passwords to multiple online accounts, which simplify phishing efforts.

“If someone can phish a password through a UT account they’ll try the same password on accounts and websites associated with that person,” Johnson said. “There’s a market for email and password lists. You can sell people’s information for money.”

Beasley said personal information appropriated through phishing attempts can be used directly through online accounts containing personal information to create identity theft scenarios.

Biochemistry junior Shohreh Abedinzadeh said one of her friends fell victim to a phishing scam unrelated to the UT attacks and found the problem stressful.

“Her credit card information got taken,” Abedinzadeh said. “She had to file an identity theft claim and it took a few months to clear up.”

Beasley said in addition to personal information, those behind the UT attacks may be after specific data accumulated through University research.

Beasley said although numbers have risen since September, the total amount of phishing victims is small compared to the campus population. Recent scams targeted faculty and staff, but students should be wary of the issue as well, he said.

Published on Friday, November 18, 2011 as: Phishing scams scare UT faculty