Penn State engineering network is taken offline following two cyberattacks

The computer network of Pennsylvania State University’s College of Engineering has been temporarily disconnected from the Internet in the wake of two “highly sophisticated cyberattacks,” Penn State president Eric Barron has confirmed on Friday.

“On Nov. 21, 2014, Penn State was alerted by the FBI to a cyber attack of unknown origin and scope on the College of Engineering network by an outside entity,” he shared.

“As soon as the University became aware of the alleged attack, top administrative leadership and experts from Penn State Security Operations and Services, in close coordination with third-party security experts, began working immediately to identify the nature of the possible attack and to take appropriate action. An intensive investigation has been conducted across the College of Engineering computer network and other mission-critical areas of the University since that time.”

The university came out with this information only now, because they didn’t want the attackers make aware of the fact that the intrusion has been spotted, that they are investigating it, and that they are preparing to clean up the affected network.

The university called in Mandiant’s FireEye cybersecurity forensic unit to help with the investigation, and according to their findings, at least one of the attacks was carried out by a threat actor based in China.

“In situations such as this, the perpetrators orchestrate covert, targeted attacks to gain access to a system and then employ sophisticated evasion techniques to remain undetected, sometimes for years. In this case, the threat actors used custom malware and other tactics to infect the College of Engineering’s network and computer systems, though we may never know the specific method of entry,” the university explained on a dedicated security-themed web page.

The investigation has also revealed that the initial intrusion dates back to September 2012, but possibly even earlier.

It is believed that the attackers were after research data – Penn State is a research university with very high research activity, and its Applied Research Lab has been a research partner with the US DoD since 1945.

“There is no evidence that research data or personally identifiable information (such as Social Security or credit card numbers) have been stolen. However, investigators do have direct evidence that a number of College of Engineering-issued usernames and passwords have been compromised,” it has been reported.

“While investigators have found that only a small number of these accounts have been used by the attackers to access the network, effective immediately, all College of Engineering faculty, staff and students will be required to choose new passwords for their Penn State access accounts. Engineering faculty and staff who wish to access college resources remotely via a VPN connection will be required to sign up for two-factor authentication. Engineering faculty and staff also will need to choose new passwords for their college-issued access accounts.”

Around 18,000 individuals whose personally identifiable information was on the affected servers have been notified of the breach and offered one year of free credit monitoring. The university is also notifying public and private research partners who have executed contracts with College of Engineering faculty since September 2012, just in case.

After pointing out that the current reality is that no computer network can ever be 100 percent secure, Barron has noted that in the coming months significant changes in IT security protocols will be rolled out across the University, more robust monitoring for malicious activity across Penn State will be implemented, and two-factor authentication will become a must on major university systems.

The College of Engineering is expected to be back only and fully operational within several days.

More about

Don't miss