Potential hacking devices found on Carleton University computers

Carleton University is urging caution among staff and students after discovering potential hacking tools on a handful of classroom computers.

The university says it discovered USB key-logging devices on six classroom computers across three university buildings.

Carleton says staff discovered the devices last week during what it called a routine classroom inspection, but did not indicate how long they had been in place.

Keystroke-loggers capture information typed into a computer and can record usernames and passwords people use to log into various websites and programs.

The university says it will inspect classroom computers every morning and throughout the day, adding it’s taking additional steps to strengthen classroom security.

Carleton says it’s not aware of anyone having their personal information breached because of the devices, but urges people to change passwords all the same.

“These computers are used solely for instructional purposes in classrooms and do not store any university, personal or confidential information,” Carleton said in an internal note to staff. “We have no evidence that any information was retrieved from these devices or that any university data were compromised.”

Carleton also urged people who may have used classroom computers to log on to external sites such as Google or Dropbox to change the passwords they use for those services as well.

The university said the key-logging device could have posed a serious risk to users not only because of the information they captured, but because of the inherent difficulty in discovering them.

Antivirus or anti-malware programs cannot detect them, as they are pieces of hardware rather than malicious software. Carleton said someone would have had to physically retrieve the devices to make use of the contents they collected.

This is not the first time this school year that Carleton has dealt with a security breach.

The university was the victim of a ransomeware attack in November when an unknown hacker locked down the bulk of the network requesting a bitcoin payment to have it released.

The university said it was eventually able to unlock the network without making any payments.