By Peter Smith
While thousands of students buzzed in the hallways during the first days of classes, an unauthorized, off-campus organization was busy convincing scores of students to hand over personal Facebook login information.
A temporary station of unsecure laptops was set up at the information desk in the Frank Melville Jr. Memorial Library, just feet from the entrance. The personal data collectors, who claimed to be representatives of Beth Gavriel, a Bukharian Jewish center in Queens, N.Y., were hard at work persuading passers-by to sign into personal Facebook accounts and vote for Sha’arei Zion Ohel Brancha, a private elementary school in Forest Hills, N.Y., in a contest sponsored by Kohl’s department stores.
When pressed about security issues involved with signing into unknown computers, the representatives insisted the personal computers were safe, and that no keystroke-loggers or spyware had been installed.
Multiple attempts to contact Beth Gavriel and the school for comment have been unsuccessful.
A recent study by Trusteer, a leading technology security company, found that 73% of users use the same password for social media and private e-mail. Even more alarming is the 47% of users who share bank and financial passwords with their non-financial login sites.
Trusteer cites Facebook as the primary target of criminals and hackers because of the personal information many users share. Names of pets, a parent’s maiden name and birth dates enable hackers to completely assume a victim’s identity with little effort.
Representatives from the University’s General Information Office, Library Management Office, Main Circulation Desk and Campus Security had no information on the group or who may have authorized them to collect personal data from Stony Brook students.
James LaPiano, Operations Manager at the Library, said that the Division of Information Technology, DoIT, “were getting overwhelmed…and set up a sub-station,” but mentioned he never spoke to the DoIT about the group collecting personal data from students in the lobby.
“Client Support and DoIT would not have allowed anything like that,” said Keith Bradley, a professional staff member of Client Support Services, a division of DoIT.
Bradley and other DoIT employees confirmed that the group collecting Facebook login names for contest votes were not affiliated with the department in any way. When Bradley deals with students he educates them about the dangers of being careless with personal information, especially passwords and login information.
“Personally, I would not sign onto any type of unknown device with my personal login information,” said Bradley.
Andrew White, director of the library, said there is no policy in the building that would require students to register for those areas and it is common to see groups of students congregating there – especially during the first week of classes. He remembers seeing the group at the entrance during opening week, but didn’t think it was unusual and he received no complaints from administration, faculty or students.
According to White, the horseshoe-shaped-booths have traditionally been used as information desks for students during the opening week of classes. He said the library is one of the highest trafficked sites on campus, with multiple entrances to the building and library resources, creating security problems for campus officials.
“This type of activity, if unscrupulous, is certainly something we will watch out for in the future,” said White.
University policy, P109 “Use of Information Technology,” states, under the heading Access/Usage that unauthorized access to electronic data and using another’s password for any purpose is inappropriate.
Throughout most of the school year the information desks remain empty, sometimes attracting informal study-groups or impromptu get-togethers, rarely used for official university purposes. Without administration monitoring the information booths, and a policy to enforce specific use, officials were left wondering who authorized the off-campus group to solicit ads.