• GradHacker

    A Blog from GradHacker and MATRIX: The Center for Humane Arts, Letters and Social Sciences Online

Title

When a Grad Gets Hacked

What happens when your university servers go down …

February 6, 2020
 
 

Riley Linebaugh is a Ph.D. candidate in history at Justus Liebig University in Giessen, Germany. Follow her @rileysline.

It was a Saturday evening and, in a conversational pause at dinner, I grabbed my phone and opened my university email account to check nothing in particular. When the account wouldn’t load, I assumed that the Wi-Fi connection was poor or that my cellular data bundle was running low. Saturday dinner turned into Saturday drinks turned into a Sunday haze. Monday morning arrived, and I’d all but forgotten about my stalled attempt to check my work emails. That is, until I realized that I’d forgotten to respond to a student’s time-sensitive query. This time I booted up my computer and waited as the loading signal flashed on the screen. It didn’t stop flashing.

18

The number of days before Christmas that my university -- Justus Liebig University (JLU) -- was targeted by a cyberattack. On Dec. 8, 2019, Joybrato Mukherjee, JLU’s president, received the message by phone that the university’s network was experiencing abnormalities. Shortly after, Mukherjee, together with the university’s vice president, decided to launch a systemwide shutdown following the “digital natural catastrophe.” The next day, JLU filed criminal charges. Without a cyberattack emergency plan at hand, JLU invited external experts from the National Research Center for Applied Cybersecurity, the second-largest research center for IT security in Europe, to investigate the breach. The attack marked the first time a cyberattack managed to paralyze the entire IT system of a German university.

Roughly 33,500

Students and staff were immediately affected by the shutdown. Email accounts, library borrowing, university cloud services and the use of internal networks were all suspended. There was no Wi-Fi on campus. We were discouraged from using classroom projectors. The printers stopped. All university computers were shut off pending a thorough investigation. The hashtag #JLUoffline emerged as the most active communication mechanism to spread up-to-date information. Just weeks after Inside Higher Ed’s own Barbara Fister’s seemingly prophetic piece, our university had to reckon with our dependence on fragile technologies. While the IT squad -- who for security reasons were not able to comment to press at the time of the shutdown -- sought digital solutions, we resorted to the analog. I printed out and distributed readings for seminar students. Others traveled to nearby university libraries that loaned us books. My graduate center replaced our online events calendar with a whiteboard in the foyer of our building. Without emails to deal with, a friend told me the unthinkable -- he was reading books related to his dissertation during the workday.

1,200

USB sticks were distributed for virus-scanning purposes in the weeks following the shutdown. All university devices were systematically checked before being replaced or rebooted. Shortly after the attack on JLU, the city of Frankfurt and Bad Homburg as well as Catholic University in Freiburg were targeted. In each case, “Emotet” was the original culprit. According to malwarebytes’ blog, Emotet is a kind of Trojan, which are “programs that claim to perform one function but actually do another, typically malicious. Trojans can take the form of attachments, downloads and fake videos/programs, and once active on a system, may do a number of things, including stealing sensitive data …” Reportedly in JLU’s case, Emotet was activated by someone opening a bad attachment that released Ryuk malware. It was the first time Ryuk caused a network shutdown.

JLU is not the first university to be targeted. In late 2018, Australia National University was attacked and lost control of sensitive data such as student bank account numbers and passport details. Last July, the U.K.’s Lancaster University was targeted for its student and applicant data. Cyware reports a 56 percent increase across U.S. colleges and universities that report cyberattacks. The report goes on to suggest that universities are not only a vulnerable target for hackers, but a lucrative one.

$2 million

Amount in Bitcoin charged by hackers to Monroe College (NYC) as ransom for returned data in July 2019. The staff at Study International suggests that the lack of resources faced by most educational institutions lead to weaker cybersecurity systems and that outdated technical infrastructure make them an easy target. Universities host valuable data, which can be held for ransom. In the period August 2018-January 2019, Ryuk netted over $3.7 million in ransom for just 52 transactions.

Approximately 19,782,487

Number of times I’ve been told to have backups for my backups. These reminders are more than just annoyances -- these are crucial steps to protect your work. Fortunately, I did not lose any research data as a result of #JLUoffline, but we are still waiting a definite answer that that is the case across the university. As an historian, I don’t work as a part of a research group, and I don’t rely on huge data sets that are housed online. The internet blackout was more of an encouragement for me to focus on my research rather than a blockage from doing so. The shutdown raised questions about the reliance of digital data stores in the natural sciences, for example, as entire working groups came to a stop.

0

Number of times I’ve been told to back up my email account. Among the casualties of #JLUoffline is access to our former email accounts. JLU provided staff and students new log-in names and passwords for our institutional access, including to emails. It’s not yet clear if we will be able to restore messages from our former accounts if we hadn’t manually set up a direct backup service from our accounts to our own desktops. This is my greatest loss -- I failed to save some email addresses, the bodies of emails including important, encouraging or otherwise meaningful messages, significant dates and receipts, etc. I took for granted the permanent preservation of my webmail account. This was my biggest mistake and would be my greatest advice to you: if your emails are precious, protect them like they are and back them up.

41 days

The number of days until on-campus internet returned. Thanks to the IT team, which worked through Christmas, and the university leadership, JLU is online once again. I still have a lot of questions: Who was behind the attack? How much will it cost to deal with? Will students be partially reimbursed for the semester? What changes to our cybersecurity will occur as a result? The most burning question, however, is something I can answer: How can I continue to spend less time on my email?

How are you and/or your institution prepared for a data breach?

[Opening image from Pixabay]

Read more by

Be the first to know.
Get our free daily newsletter.

 

Back to Top