Skip to Main Content

UW home

Compromised Computer Accounts

Information Technology and it's staff are committed to ensuring a safe and secure computing environment for UW employees and students. To this end, there are instances where computer accounts must be disabled in an effort to protect the account, its owner, and to protect sensitive information that resides on administrative and academic computing resources. We hope the information you find here helps explain why IT would disable an account that we suspect has been compromised.

Here's a real scenario! Information Technology Security employees become aware of multiple UW accounts being logged into from computers in Vietnam. After some sleuthing, it is pretty obvious that we don't have eight UW students and four UW employees all in Vietnam accessing their UW computer accounts from afar.

To protect the accounts, IT staff first attempt to contact the owners by phone (it doesn't make sense to email our suspicions to you if the hackers are reading your email) to ask them to change their password immediately, and to collect information to help IT figure out how the vulnerabilities may have been created. If we cannot reach the owners within a couple of hours – remember, the bad guys have access to your account during this time – IT staff will disable the account so that no one can use it. When the owner calls the Help Desk (307-766-4357 option 1), information is collected at that time, and then a request to re-enable the account is submitted to the account administrators.

While it may be frustrating to have the account disabled, in the end it really is intended to protect you and your account.

Definition: Compromised Account – Any account that is accessed by someone who is not authorized by the University of Wyoming to use the account.

How are accounts typically compromised?

Virus infection: Certain types of virus and malware infections can compromise account passwords
Phishing: Phishing emails attempt to trick users into giving up their username/ID and passwords
Weak passwords: A user’s password is easy to guess
Sharing passwords: Sharing passwords is a violation of University policy

How does IT’s Security Office identify compromised accounts?

Log file analysis: The IT Security office looks through their log files regularly to find suspicious activity. They look for logins from locations that are out of the ordinary for users. They also keep a database of known compromised IP (Internet Protocol) addresses that they have seen in the past.
Spam: If an account is flagged on the e-mail gateway(s) as sending spam, the account is shut down. This usually indicates that the owner did not intentionally set up their own email account to send out spam to hundreds or thousands of people.
Third party notification: Other universities or businesses alert the Security Office to compromised account activity.

How does the IT Security Office deal with compromised accounts?

  • For accounts that are exhibiting suspicious behavior, the Security Office, an IT consultant, or the IT Help Desk will contact the user to verify that the account has not been compromised.
  • For accounts that have been verified as compromised, it depends on the severity of the case
    • In general, IT staff will attempt to contact users by phone to
      • Change their password
      • Collect information in an effort to determine how the compromise may have occurred. The forensic information will help the IT Security Office reinforce protection of UW resources.
    • In severe cases where access to sensitive institutional data is compromised, IT staff may immediately disable the account. Users will have to contact the IT Help Desk or their IT user consultant to get the account re-enabled. Information will be collected in an effort to determine how the compromise may have occurred. The forensic information will help the IT Security Office reinforce protection of UW resources.

Share This Page:

Footer Navigation

University of Wyoming
 

 

 

1000 E. University Ave. Laramie, WY 82071 // UW Operators (307) 766-1121 // Contact Us