UCSD fights cyber attacks targeting research

LA JOLLA — UC San Diego has been targeted by a series of cyber attackers seeking access to sensitive research and other data since 2012 and officials say the so-called advanced persistent threat has prompted the campus to take steps to bolster its security.

The initial security breach, detected in June 2012, involved the use of stolen passwords by hackers targeting computer servers. University information technology security director John Denune said that no work was lost and no critical research data was accessed.

Working with the FBI, officials were able to determine the attack came from China using compromised systems in South Korea, he said.

Since then, other attempts have been made to regain access but those failed, Denune said, due to measures undertaken at the campus, including instituting annual password changes.

Many large institutions in the U.S. report they are under near constant attack, detecting multiple hacking attempts against their systems daily.

University officials are reluctant to talk about the problem. Denune declined to be interviewed but responded to emailed questions. He said the FBI continues to investigate the incidents.

“UCSD systems and staff were targeted in multiple ways, including phishing and traditional network scanning looking for potentially vulnerable computers,” Denune said in an email.

He said UC San Diego has increased its logging and intrusion detection to look for the types of attacks used by the group.

“There is also increased awareness of the risks of phishing and the need to properly maintain and secure accounts and systems to protect against breaches leading to increased technical controls across campus,” Denune said.

To combat the problem, during one week in September 2012 about 11,000 active faculty, staff and other system users changed their passwords. Since then, users have been required to reset their passwords yearly.

The education sector has been targeted by hackers for some time. Their goals are not only to get access to its cutting-edge research and intellectual property but personally identifiable information that can be sold, said cyber security expert Lance Larson, a lecturer in the graduate program for homeland security at San Diego State University.

“I think another reason that education is targeted is because of the openness that education networks need to have and academia thrives on being able to access what they need freely without judgment or reservation to do their cutting-edge research and to form their opinions and to be able to teach whatever they feel is appropriate to their students,” said Larson, who has a doctorate in information system management. “So that really opens the networks and potentially keeps the path-of-least-resistance open.”

Criminal hacking groups also need fast computing power and bandwidth to launch their attacks and universities have those as well, he said.

“Since education networks have a large amount of bandwidth and usually huge computing capacity, they make them a prime target to use as a platform to launch attacks and combine that with the openness… it really is the perfect recipe to use to your advantage,” he said.

Those who oversee network security at some universities have reported a sharp increase in the number of cyber attacks in recent years, with some numbering up to 100,000 or even higher per day.

Sourse: utsandiego.com

Опубликовать в twitter.com

Comments close