Students at universities in four states may have been monitored by "spyware" placed on computers by online criminals to capture passwords and credit card numbers, a public safety officer at one of the schools involved said Thursday.
A month ago, agents with the U.S. Secret Service notified Arizona State University officials that some of their computers may have been compromised, said Lt. John Sutton of the university's Department of Public Safety. The Secret Service seized almost 20 hard drives from computers at the university and is analyzing them for clues as part of the investigation, he said.
"We are looking to see if some type of software was installed on them that would allow someone from the keyboard or from a remote location to identify keystrokes and grab personal information," he said.
The investigation has encompassed compromised computers at universities in Arizona, Texas, Florida and California, Sutton said. It's believed that many of the computers had the software loaded onto the system by someone sitting at the keyboard, he added.
Agents of the U.S. Secret Service's San Francisco bureau would not immediately comment on the investigation.
Most of the computers being examined at ASU were located in student computer labs, Sutton said. The users of the PCs are usually limited to students, but the rule is not enforced. "It is supposed to be used for students only, and like any other loosely secured area, it is possible that someone could come in and use it who is not a student," he said.
It's known that university systems have long been a haven for hackers and online vandals. Compromised university systems contributed to the so-called denial-of-service attacks that struck well-known e-commerce sites more than two years ago.