SMU beefs up IT security after hackings

In the wake of two hacking incidents, the Singapore Management University (SMU) has beefed up the security of its information technology systems.

It has introduced two-factor authentication and tightened access to personal computers used by faculty members, said an SMU spokesman yesterday, in response to queries from The Straits Times.

On Wednesday, Tran Gia Hung, 22, a first-year SMU business management student, was jailed for 16 weeks for hacking into his professor's account to change his grades.

The Vietnamese national's Asean scholarship has been terminated and SMU is reviewing his student status, which has been suspended since August last year.

During the trial, Hung admitted to 10 charges under the Computer Misuse and Cybersecurity Act, and one of intentionally obstructing the course of justice by erasing evidence of his accessing the SMU computer server from his laptop.

In 2015, a Russian postgraduate student hacked into his professors' school accounts to delete exam scripts.

"The university has always taken a strong stance against student misconduct," said the spokesman. She added that violations of SMU's code of student conduct may lead to expulsion from the university.

Since April last year, SMU has strengthened the security of its systems to prevent the use of USB key loggers, which can capture passwords in personal computer equipment in teaching rooms.

Since April last year, SMU has strengthened the security of its systems to prevent the use of USB key loggers, which can capture passwords in personal computer equipment in teaching rooms.

It has also tightened physical access to PCs in seminar rooms and classrooms typically used by faculty members during class.

Steps have also been taken to prevent any self-running files on attached external devices, such as thumb drives, from running on these PCs.

"It is also no longer possible to copy any files from these PCs to external devices," said the spokesman. Since July last year, SMU has also implemented two-factor authentication to strengthen protection for faculty login.

"Apart from entering an ID and password, the faculty member would also have to enter a code that is sent to their registered mobile number before gaining access to SMU's eLearn system. The same measure is being rolled out to other SMU systems storing sensitive data," said the spokesman.

She said SMU's integrated IT services team also regularly carries out security awareness initiatives, such as briefings on IT security measures or reminders on the need for strong passwords. "The team has also enhanced the controls to Intranet resources via additional logins," she added.

A version of this article appeared in the print edition of The Straits Times on November 10, 2017, with the headline 'SMU beefs up IT security after hackings'. Print Edition | Subscribe