Keyloggers found on library computers

Photo by Michelle Gamage.

Devices were found on stand-up stations on both campuses

Several keylogger devices have been found on computers at Concordia University. According to an email sent out to students by the university on Monday the devices, which are designed to record every keystroke entered on a computer, were found on stand-up stations at both the Webster Library downtown and the Vanier Library on the Loyola Campus.

Photo by Michelle Gamage.
Photo by Michelle Gamage.

“The library staff came across several of them,” said university spokesperson Chris Mota. “They immediately notified IITS … [and] we had the keyloggers removed.”

While it is unknown exactly how long the devices were in place, Mota said it’s strongly recommended anyone who has used one of the stand-up stations in the past 12 months to immediately change their password—and keep an eye out for any suspicious activity on their accounts, with the university or otherwise.

“The danger here is that if somebody here was to access personal information, accessing their Concordia personal files or their bank account that the information could be captured on a keylogger,” said Mota. “What we are very strongly recommending is that if anyone used these stand-up work stations … [they should] proactively check their bank statements, check if there’s been any kind of activity that could raise a red flag.”

Both an internal investigation and a criminal investigation have been launched; Mota said the university has inspected all the computers in both libraries to make sure all of the keyloggers have been found, and the Service de police de la Ville de Montréal has opened a file on the case.

While Mota wouldn’t tell The Concordian how many keyloggers were found or when they were located by library staff because of the investigation, she did confirm they were found only on stand-up stations and not any other computers on campus.

“Anyone who feels … their personal information was captured or used in some malicious way, they should immediately contact the police and our security department,” she said.

An external cyber-forensics company has also been brought in to look into the incident.

Related Posts