The Office of Information Technology found that between 25 and 30 Duke computers were hacked into over the past week. Most of the computers belonged to students.
"I have not seen something at this wide of a scale at Duke," said Christopher Cramer, information technology security officer. "I've seen one or two machines, but I don't think I've seen 25 to 30 hacked machines [at once]."
OIT has notified the students with hacked computers, and the help desk has looked at the computers and made them secure by backing up personal information and reinstalling their operating systems.
The hackings had one thing in common--they all affected computers with the Windows 2000 system and no administrator password. Cramer said the hackers used the computers for denial-of-service attacks. Such attacks use Duke's large amount of bandwidth to send information at other servers faster than they can handle it, shutting down their servers.
Cramer said instructions were sent from an Internet relay chat room to each Duke computer. Administrators first learned of the hackings after a Canadian Internet service provider called OIT and said it was under attack from four Duke computers.
Cramer said that Duke computers are particularly appealing to hackers because they can bombard other servers with more information faster.
"What happens is, the hackers tell the Duke computers they have another control and send information as fast as they can to them," Cramer said.
Calling the attacks "juvenile garbage," he said the motives for the fashion of the attacks may have been to disrupt individuals' or businesses' operations.
Hackers also used Duke computers to transfer pirated copies of Windows XP and several new movies. Cramer said he was fairly confident the perpetrators are not within the Duke community, but said he had no evidence either way.
Cramer said OIT can not do much to stop hackers short of limiting academic freedom and access by setting up a firewall. A firewall would add an extra layer of security to Duke's network but, for instance, would prevent a computer science student from setting up a server to test programs.
He urged students to take personal responsibility to ensure their own security and suggested they access http://www.security.duke.edu/securepc/ to find out how to secure their personal computers.
Get The Chronicle straight to your inbox
Signup for our weekly newsletter. Cancel at any time.