Share |

After Rutgers Admits to Having Inadequate Cyber Security, Another Crippling Attack

Rutgers University Vice President Bruce Fehn: "We Were Not Well Protected"
Barchi and Fehn
University President Bob Barchi and Vice President Bruce Fehn at a Rutgers Board of Governors meeting. Charlie Kratovil

NEW BRUNSWICK, NJ—Rutgers University's computer networks have once again been attacked and forced offline, apparently by the same anonymous person who crippled the university's systems several times last semester.

The attacks come after officials reassured the campus community that the school had poured upwards of $3 million into improving its cybersecurity following a slew of attacks during the spring semester.

Two different attacks affected various online services on September 28, though the first one was barely noticed because it took place overnight.

After the initial outage from approximately 1am to 2am, the Central Authentication Server (CAS) was taken down yet again by the attacker, rendering the school's on-campus wireless internet network unusable.

The outages began at about 10am and lasted for about four or five hours, according to sources.

A Twitter account, which took credit for the attacks last semester, was utilized for the first time since April 30.

"did u miss me?" the account posted this morning, followed by another question: "how much are rutger paying for cyber security?"

The tweets, and several others from the day of the latest attack, were later deleted. 

The University issued a statement at 6:35pm, announcing it in an email to the campus community, from Don Smith the university's Chief Information Officer (CIO).

"DDoS attacks are becoming more frequent in cyberspace; they are being experienced in higher education, government and by commercial enterprises," wrote Smith, adding, "There is no doubt that they will happen again."

"Rutgers, as you may recall, experienced a five-day DDoS attack that shut down all Internet access during late April and early May of this year," Smith continued.

That attack forced the school to eliminate some assignments and cancel some exams, and dramatically affected the school's growing number of online classes.

After the debacle, the university declined to speak about it cybersecurity protocols, even after a report showed the school's security technology left its networks unnecessarily particularly vulnerable to a certain type of attack.

New Brunswick Today was the only media source to report at the time that Rutgers was using outdated and inadequate security measures.

Months later, Rutgers Vice President Bruce Fehn admitted the school was "not well protected."

"We were not well protected," Fehn told NJ.com's Kelly Heyboer in August. "We feel we are in a better position than we were before."

Smith echoed the sentiment, but said that ultimately, the attack succeeded despite the new measures.

"Since that time, we have made significant and substantial network hardware upgrades, are utilizing DDoS mitigation services, have made Web server improvements and have changed Internet Service Providers to ones that provide additional levels of DDoS threat deterrent capacity," Smith wrote.

"Despite these enhancements, today’s attack, which lasted from about 10:00 a.m. until mid-afternoon, was disruptive and annoying. We apologize for any inconvenience."

The Federal Bureau of Investigation (FBI) and a state cybersecurity initiative launched by Governor Chris Christie in May are looking into the matter.