Getting hacked once is usually a wake-up call. Getting hacked a second time so soon may be indicative of a serious vulnerability. And by serious, we mean possibly life-threatening.
The scramble is on to change passwords all over the Stanford campus. For the second time in less than three months, hackers have breached security into two campus networks. This time, no one is sure of the extent of the intrusion. Stanford will only say it doesn't believe any financial or health information was stolen, nor social security numbers.
But on May 14, a hacker named "Agent 47" stole the names, email addresses, photos, and other data for more than 1,400 users and thenposted the compromised data online for others to see.
Students aren't surprised Stanford has been targeted by hackers.
"I wasn't really surprised because that seems to be going on at major research institutions, which is what Stanford is, so I changed my password right away," geology graduate student Anne Sanquini said.
Stanford and other recently hacked high-profile internet sites generally have strong protection for their servers. So hackers find another way to break in.
"These hackers, they compromise the student or a faculty person and use that trusted student and trusted device to get to servers and compromise stuff that's sitting on it," said Jay Chaudhry, CEO and Chairman of Zscaler, an internet security firm in San Jose.
So a list of user names can be how hackers can gain access to sensitive data or enlist the server to send out malicious code and attacks across the internet.
Of particular concern to internet security experts is Stanford's medical center. In this era of robotic surgery and computer-linked diagnostic devices and record keeping, a hacker could intrude on patient care and threaten the life of a patient.
"If the bad guys get to it, they can change settings, configurations, they can mess it up, which means things aren't happening the way they should be happening," Chaudhry said. When asked if these actions could endanger somebody's life, he answered, "Absolutely."
Chaudhry estimates the break-in could cost Stanford several million dollars to beef up security, to change passwords, to modify websites, and to verify sensitive data on its servers have not been compromised.
