Computer systems compromised

Monday, August 20, 2012

Last week (August 14 to 17) attackers compromised multiple research computers on the University of Iowa campus, installing password stealing trojans and network attack "bots".

The users of the affected systems have been notified and their accounts locked until such time as they change their passwords. It is imperative that they change their passwords because stolen passwords were a major factor in the attacks and it is not known exactly which passwords were stolen. If a user has passwords for multiple systems (such as HawkID and Engineering account), it is important that they change them all in quick succession.

For information on changing passwords, see all about passwords.

Another result of these attacks is that we had to change the RSA keys for the NX (Nomachine) and login.engineering services. When those services are restored and you try to connect, you will get a warning like "REMOTE HOST IDENTIFICATION HAS CHANGED". Accept the new key.