By Drew M Smith
Vol 1. November 2015
Connecting to the world seems to be as simple using your phone nowadays. Everything seems to be online, especially school work. For those who commute to campus and those who live off campus, having a school internet system provides a way to catch up with school work, take tests and even attend classes online. To the students, a wireless internet connection to their school’s network is their oil, their lifeline. When that connection goes down once, it can cause panic.
When it happens five times in less than a year, then there is a concern for the school’s or company’s infrastructure and reputation. This is precisely what happened to Rutgers University. In the last 12 months, their servers were hacked five times with the most recent happening over the weekend of September 26th. The first two attacks that happened in November and early March did not disrupt the campus much, but the third attack shut down the servers. What is worse is that the university did not inform any of its students over its vast social media network for three days, as it had occurred during a weekend and most would not be aware of it until they came back onto campus.1
In April, the most serious and most publicized breach occurred. The timing of that particular attack could not have been worse as it had happened during finals week and during Fall registration, one of the busiest time of the year for any college. The students could not access their study materials and they were unable to take their online tests.2 They had to postpone the tests and adjust the finals schedules to accommodate the hacks. But the damage was done and the students were understandably upset.
The worst thing about all of these hacks occurring is that the hacker got through the school’s security system despite the University hiring a security firm, after other universities were hacked such as Farleigh Dickenson, which is less than 60 miles away in Teaneck, New Jersey. The hacker used what is known as a Denial of Service attack. Distributed Denials of Service, or DDoS attacks, are simple but very effective. The hacker hacks into the system and bombards the server with thousands of inputs, similar to having too many tabs open in your computer. This in turn slows down or even crashes the servers. With the amount of people logging in and using the server during test time, it was quite easy to see how an attack of this magnitude could be pulled off and cause disruption. To add to the misery, the hackers used his twitter handle, @ogexfocus, to taunt the school and the police saying, “Maybe if a fraction of the money ($300,000) supposedly spent on Cybersecurity was actually spent on Cybersecurity, this wouldn’t be so easy.”3
Even though this occurred at a university, these types of hacks can occur at any business. While five times seems a bit extreme for one business, multiple hacks can occur if the security is not up to date or operating at 100%. Rutgers hired a security team after the first couple of hacks, but it appeared the hacker got in anyway. These attacks showed that despite what they paid for in security, they may not have gotten the right coverage with the security team they hired. Without the proper security, it is only a matter of time before you get breached and have valuable data compromised.