SMU tightens computer security after hacking cases; Vietnamese student's scholarship revoked

Since April 2016, SMU has strengthened the security of its systems to prevent the use of USB keyloggers which can capture passwords in personal computer equipment in teaching rooms.
Since April 2016, SMU has strengthened the security of its systems to prevent the use of USB keyloggers which can capture passwords in personal computer equipment in teaching rooms.PHOTO: ST FILE

SINGAPORE - In the wake of two hacking incidents, the Singapore Management University (SMU) has beefed up the security of its IT systems.

It has introduced two-factor authentication and tightened access to personal computers used by faculty members, said an SMU spokesman on Thursday (Nov 9) in response to queries from The Straits Times.

The 22-year-old Vietnamese student jailed for hacking into his professor's account to change his grades has since had his Asean scholarship terminated. SMU is reviewing his student status, which has been suspended since August 2016.

On Wednesday, Tran Gia Hung, a first-year SMU business management student, was jailed for 16 weeks after he admitted to 10 charges under the Computer Misuse and Cybersecurity Act, and one of intentionally obstructing the course of justice by erasing evidence of his accessing the computer server of SMU from his laptop.

In 2015, a Russian postgraduate student hacked into his professors' school accounts to delete exam scripts.

"The university has always taken a strong stance against student misconduct," said the SMU spokesman, adding that violations of SMU's code of student conduct may lead to expulsion from the university.

Since April 2016, SMU has strengthened the security of its systems to prevent the use of USB keyloggers which can capture passwords in personal computer equipment in teaching rooms.

It has also tightened physical access to PCs in seminar rooms and classrooms typically used by faculty members during class; steps have been taken to prevent any self-running files on attached external devices such as thumb drives from running on these PCs.

"It is also no longer possible to copy any files from these PCs to external devices," said the spokesman.

Since July 2016, SMU has also implemented two-factor authentication to strengthen protection for faculty login.

"Apart from entering an ID and password, the faculty member would also have to enter a code that is sent to their registered mobile number, before gaining access to SMU's eLearn system. The same measure is being rolled out to other SMU systems storing sensitive data," said the spokesman.

She said SMU's integrated information technology services team also regularly carries out security awareness initiatives, such as briefings on IT security measures or reminders on the need for strong passwords. "The team has also enhanced the controls to Intranet resources via additional logins," she added.