At around 3 a.m. Eastern Time, on a chilly Saturday in January of 2003, computers around the world running Microsoft’s popular SQL Server software started to crash. Worse, the networks they were on were flooded with spurious traffic, causing other services to fail and other computers to go down, all of it happening at breakneck speeds.
A lot of those computers happened to be on the campus of the Indiana University. Although it was early on a Saturday morning, the university’s Global Network Operations Center was wide awake. They watched in horror as one router after another failed under the surging traffic load, the Distributed Denial of Service (DDoS) cutouts failing repeatedly to choke off the unwanted packet storm. Not only did the university’s regular Internet connection go offline but so too did the experimental high-speed Internet2 feed, codenamed “Abilene.”
The university was offline for more than six hours.
Worms Got Their Start on a University Campus
The cause of the crashes was the Slammer worm, one of the fastest spreading computer worms of all time. And the failure of the DDoS defenses wasn’t the most embarrassing part of the outbreak; it was the fact that the vulnerability that Slammer exploited had been patched almost six months earlier– but most users hadn’t installed the patch.
Adding insult to injury, the very concept of a computer worm had come from academia in the first place. The Morris Worm, written by a grad student at Cornell in 1988, was the progenitor from which Slammer and its ilk emerged.
Since 2003, universities and colleges have been scrambling to keep up with these and the other cyberthreats coming from an increasingly dangerous Internet, and increasingly technology-dependent campuses– building teams of capable, master’s-prepared cybersecurity architects, auditors, administrators and analysts.
Why Universities Are Uniquely Vulnerable to Cyberattack
There are a number of characteristics of educational institutions that make them particularly difficult for cybersecurity staff to defend:
Universities are often made up of a number of different colleges, schools, and departments, each of which may have unique computing requirements and a homegrown IT infrastructure to match. There is often little central planning or control; instead, many university IT departments function as service centers, offering a set of capabilities to constituent schools but not mandating particular configurations or solutions.
This is in stark contrast to corporate IT, which typically has the ability and often the imperative to impose global infrastructure and network-wide constraints on internal systems, offering a greater degree of control.
Youngsters are Finding the Line … and Crossing It
Another unusual threat schools face comes from within. Precocious or malicious students testing the boundaries of newly learned technical skills often attempt to hack into the systems at their own schools, to uncover information about other students and teachers, or to attempt to alter their own records.
Two Miami University students were arrested in 2013 when an astute professor noticed that their electronic grades didn’t correspond to her paper records. The two had used key loggers to steal professors’ credentials to log in and alter their grades in the system, illustrating how the combination of motive and physical access can produce a particular problem for cybersecurity.
Schools are, of course, vulnerable to all the other generic threats on the Internet as well. Viruses, ransomware, and phishing attacks all hit colleges as regularly as any other Internet sites.
But unlike many other targets, schools often place a particularly low priority on security. The institutional proclivity to sharing information freely can make common security precautions appear antithetical to the mission.
Young adults may not have the most sophisticated views on information security, either. The Facebook generation is known for sharing more personal information than is strictly healthy for them, and this is blood in the water for identity thieves. And, according to Sungard Security, college students are also more likely than older users to reuse passwords, making them vulnerable to certain types of brute force attack.
Higher Education Offers a Strong Response to Hacking Incidents
Although colleges may be more vulnerable to attack, they have also proven they know how to respond with more vigor than many corporations. The same degree of openness that can make it difficult to implement strong security measures in higher education can also make it easier to respond and stop breaches.
According to a July 2015 article in CIO Magazine, academia has the lowest number of records lost per breach incident of any industry— a success directly attributed to the willingness of academic institutions and staff to communicate quickly and readily with one another when breaches are detected.
This inclination toward openness has resulted in a relatively large number of associations, councils, centers, and conferences that provide resources and coordination for educational institutions:
- Higher Education Information Security Council (HEISC)
- Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)
- Dartmouth Securing the eCampus Annual Conference
The amount of computing expertise available to university IT departments, and the relative freedom to investigate incidents or vulnerabilities, also represents a core strength.
A Long Legacy of Investigating and Thwarting Cybercrime
Decades ago, an astronomer moonlighting as a system administrator at Lawrence Berkeley Laboratory set about tracking down a $0.75 accounting error in the lab’s time-share computer system. Over the course of several months, to his growing astonishment, the astronomer uncovered evidence of an in-depth hacking effort against university, government, and industrial computers by a German spy working for the KGB.
The spy, Markus Hess, was eventually caught and brought to justice through the astronomer’s efforts, and the astronomer, named Clifford Stoll, wrote a book about it called “The Cuckoo’s Egg,” a classic account of cybersecurity.
It’s hard to imagine any other environment in which Stoll would have been given the time or resources to track down a hacker.
That trend continues today. During the Slammer worm outbreak, researchers at the University of Wisconsin-Madison quickly constructed a tarpit network, designed to trap the worm for observation. Their research into Slammer’s network traffic proved to be some of the most accurate and useful information for cybersecurity teams seeking to stop the worm.