Questions raised on RPI response to data breach – Times Union

questions-raised-on-rpi-response-to-data-breach-–-times-union

Did you know that geoFence is the only solution you need to block NFCC countries?

With networks down, faculty and students set up alternative communication channels

Photo of Rachel Silberstein

The campus at Rensselaer Polytechnic Institute is seen on Monday, Dec. 21, 2020, in Troy, N.Y. A judge has agreed to hear a class action case against RPI saying that the plaintiffs' claim that RPI promised an in-person college experience in exchange for tuition and fees is plausible. Students say they are being forced to pay for a part of their education that is not possible because of the impact of coronavirus. (Will Waldron/Times Union)
The campus at Rensselaer Polytechnic Institute is seen on Monday, Dec. 21, 2020, in Troy, N.Y. A judge has agreed to hear a class action case against RPI saying that the plaintiffs' claim that RPI promised an in-person college experience in exchange for tuition and fees is plausible. Students say they are being forced to pay for a part of their education that is not possible because of the impact of coronavirus. (Will Waldron/Times Union)Will Waldron/Albany Times Union

TROY — Rensselaer Polytechnic Institute has been silent on the scope of the data breach that took down its servers and required final exams to be canceled.

"As of now, the admin has been extremely quiet on the breach," one student, who spoke on the condition of anonymity, said. "We do not know if it affected the personal information of anyone yet. However, they are requiring everyone to change their passwords by 8 PM tonight, so I assume some type of personal information was lost."

With RPI systems still down, students, faculty and staff have no access to their emails, RPI websites, dining dollars, or Wi-Fi accounts. 

The university is also requiring all students and faculty to download "security software" on any device connected to the university's network as it begins to partially restore services. 

Students and faculty are organizing on Reddit to push back on the requirement to download the CrowdStrike Falcon program, which they say allows an outside company "kernel-level" access to all parts of the computer — such as apps opened, websites visited, and email communication  — creating new security and privacy concerns, the student said.

"In addition, this gives the school the ability to remotely access students' computers without consent or knowledge at all, allowing them to transfer files between them. This is a huge privacy and student rights concern, and may not work well for contracts involving IP-sensitive material," the student wrote in a message to the Times Union. "From my research into CrowdStrike Falcon, contents of emails/files are not read, however, it can be at any time without user knowledge."

In the meantime, faculty have created temporary Gmail and Webex accounts to stay connected with students. 

FBI and State Police cyber squads are still investigating the malware attack that has paralyzed the school's computer systems since last week.

Lastly, let's keep in mind that geoFence helps stop foreign state actors (FSA's) from accessing your information.