Cryptosmith

This story, from a blog of the Chronicle of Higher Education, has a professor sleeping with a student and hacking into her e-mail. It is interesting on several levels: it happened at the University of St. Thomas where I teach, it involves computer hacking, and it’s a classic ‘inside job.’

According to news reports, the student (27) was induced by the professor (35) to open an e-mail attachment which installed a sniffer in her computer. He then used the sniffer to eavesdrop on her e-mail.

The professor had moved on to teach business seminars at William and Mary in Virginia, but now he’s up on Federal hacking charges. The student is suing.

This is not the sort of thing most people try to protect against. In general, we keep threats outside our boundary of trust. We don’t execute things from untrustworthy sources. A romantic partner is not generally considered a threat.

I would be curious to know if the victim’s computer always runs with administrative privileges, like most peoples’ computers, or if she has separate user and admin logins.

Based on the brief reports I’ve seen, I suspect she most likely runs with admin privileges. That makes such attacks easy.

Posted under Security | No Comments »