Here is an email sent to Seattle Public Schools teachers on Thursday regarding the theft of teacher passwords:
Staff in the Department of Technology Services have determined that network log-in credentials are being stolen and used to inappropriately access district systems. This appears to have been going on for the last few weeks, possibly longer. At this point, we are aware of this happening at these schools: Ballard, Ingraham, and Sealth. However, all schools and teachers are at risk.
How is this happening? Someone is inserting a device called a "key logger" into computers - using a USB connection, a key logger is inserted into the computer's USB port and the keyboard cable into the key logger. The key logger looks like the device below - similar to a keyboard or mouse wireless device or a flash drive and difficult to distinguish as out of the norm.
Key logger like one used at Seattle schools
What does this mean to you?
1) What is happening: Teacher log-in passwords are being stolen and used to change grade book grades in Easy Grade Pro. 2) What do I do? Please check your desktop and/or your presentation computer for any unknown devices. 3) What do I do if I suspect my password has been stolen? Contact the TechLine at x20333 to identify your machine and log-in as compromised. They will help you change your passwords. 4) Check your students' grades. Consider comparing EGP grades with the eSIS grades, and if they are different, it's likely that your grade book has been compromised.
Please - Do NOT use your username and password on a computer without first checking it for such a device.
We are exploring options to address this problem. At this point, the best mitigation is to visually check your computer for the key logger device.
Also, I need to emphasize that key logger devices capture all keyboard key strokes. Therefore, while the incidents we are experiencing appear to be focused on acquiring and using teacher log-in credentials, a key logger is also capturing: email messages, Internet URLs, personal accounts information (e.g. banking), etc.
If you have any questions, please do contact me and I or someone from the DoTS team will get back with you.
.
You're Almost Done!
Select a display name and password
{* #socialRegistrationForm *} {* socialRegistration_displayName *} {* socialRegistration_emailAddress *} {* traditionalRegistration_password *} {* traditionalRegistration_passwordConfirm *}Tell us about yourself
{* registration_firstName *} {* registration_lastName *} {* registration_postalZip *} {* registration_birthday *} {* registration_gender *} {* agreeToTerms *}