Rutgers University was invaded by a distributed denial-of-service (DDoS) attack on March 27 which has brought into question the security of university campus software and programs. With the digital age growing, information technology (IT) experts claim that understanding threats is a key factor in prevention.
A DDoS attack is when hundreds to thousands of messages or commands are sent, with malicious intent, to flood and paralyze a targeted technological infrastructure, such as in the case Rutgers University.
This attack on Rutgers was not resolved until March 30. Students were unable to access any Rutgers-based technology including Sakai (equivalent to Monmouth’s e-Campus), school e-mail, and school Wi-Fi, which are basic technological necessities for any university to run smoothly and properly.
According to the Rutgers newspaper, The Daily Targum, this is not the first serious DDoS attack the university has endured. Around Nov. 19, the university was attacked with 40,000 bots, or automated programs, during freshman registration. The Rutgers Office of Information Technology resolved this issue rather quickly.
It happened again on March 4. This time, the alleged attacker sent The Daily Targum warning e-mails, which according to the The Daily Targum, read: “A while back you had an article that talked about the DDoS attacks on Rutgers. I’m the one who attacked the network… This might make quite an interesting story… I will be attacking the network once again at 8:15 pm EST. You will see sakai.rutgers.edu offline.” The attacker followed through with these plans.
The most recent attack on Rutgers proved to be the most vicious one yet, according to the university. It shut down the system for three days.
Supposedly, Fairleigh Dickinson experienced a similar problem in the same allotted days as Rutgers. According to nj.com, FDU claimed to have had a DDoS attack on Saturday, March 27, also. While they were able to restore their tech problems the same day, it does not rule out the possibility of the attacker also being connected with the Rutgers attack.
The perpetrator of these attacks is still unknown to authorities, but, according to The Daily Targum, the attacks have an origin in Eastern Europe and China. Regardless of who the perpetrator is, it leads students at Monmouth University to wonder how this would be dealt with had it happened here.
Edward Christensen, Vice President for Information Management, explained that a DDoS attack is not a security threat, but it can disrupt the network in massive ways. Christensen explained that a DDoS attack with an “open door” analogy: “If 100, even 1,000 people are all trying to get through the same, singular door, no one is getting in and, furthermore, no one is getting out. This is essentially what is happening in a DDoS attack.”
“All DDoS attacks exploit the open nature of the Internet,” Christensen said. According to Christensen, Monmouth does have a procedure, as do many schools, that block attackers before this type of thing happens. But, if it does happen, NJEdge, a consortium of academic and research institutions in New Jersey in which Monmouth is involved in, offers mitigation services and recommendations for the prevention and dealing with DDoS attacks, as Christensen points out. Christensen also explains that DDoS attacks do not actually damage our networks or infrastructure, they simply bog it down with high levels of traffic.
Matthew Fullerton, a freshman computer science major, said, “I believe that Monmouth, or any school as a matter of fact, is vulnerable to a DDoS attack like the one that occurred recently at Rutgers. This type of attack is relatively easy to conduct; it poses a large threat, because one does not have to be a veteran with computers to perform it. If this were to happen, I think everyone at Monmouth would be in disarray because most classes and students on campus utilize the schools Internet. If it was to get flooded and crash due to a DDoS attack, all school resources would be down.”
The best prevention for this type of attack on campus is awareness. Jamie Kretsch, specialist professor of computer science and software engineering, said, “Students hearing the term ‘Distributed Denial of Service’ may mistakenly believe it isn’t anything they would need to worry about. While they may not be the intended main victims of a DDoS attack, those same students may unknowingly be hosting malicious code on their computer that could make the attack possible.
“A computer that has not been sufficiently protected from viruses and other malware can be taken over and become part of a ‘zombie army,’ thousands of computers used to overwhelm a computer system by bombarding it with numerous requests for service,” Kretsch explained.
“Students and all computer users need to recognize that by protecting their computer from malicious code they are not only keeping their work and actions safe and unmonitored by someone from the outside, but also helping to defeat those who would launch these kinds of attacks,” she added.
Both Christensen and Kretsch suggest that by simply keeping software updated and protected with anti-virus software, students can stop the creation of a “zombie army” and prevent viruses from spreading.
Ashley Grenger, a sophomore health studies major, said, “I believe we should all keep our computers up to date with the latest software. Anti-virus software is necessary; we should all keep our computers safe and protected.”
IMAGE TAKEN from discovermagazine.com