Campus, News

BU, research universities hit by international cyber attacks

One of Boston University’s public web pages suffered a cyber attack from an unidentified, internationally-based source last week, said BU’s Information Security Team Executive Director Quinn Shamblin.

Shamblin said the attack was directed at the search bar function on one of BU’s web pages. He said the attack caused the web page’s service to slow down, but there was no indication whether the indivdiual or group responsible stole any of BU’s information.

“It [the attack] was a particular group having found a form on BU servers,” Shamblin said. “They were trying to see if they could get that form to give them information that they shouldn’t have had.”

A cyber attack is any event where an external agency or person tries to use or gain access to resources in an unauthorized way, Shamblin said. Cyber attackers usually target the intellectual property of governmental, corporate or university web pages.

After a barrage of cyber attacks hit American research universities this past summer, campuses across the nation have been forced to tighten Internet security measures, according to a July article in The New York Times. Shamblin said BU’s network occasionally such  cyber attacks, and that InfoSec utilizes several defense techniques to ensure the university’s information is secured.

“We get attacks all the time because that’s just how the Internet works,” Shamblin said. “We [InfoSec] work with the FBI [Federal Bureau of Investigation] … U.S. Secret Service … local law enforcement as needed … We will call them as appropriate with full cooperation of our general counsel and appropriate other groups inside of the university.”

Shamblin said BU students and faculty should keep their computers’ operating systems updated to defend themselves against these attacks.

“We want to make sure that if somebody wants to try to get access to sensitive information — or wants to try to break into your personal machine — they have to go through multiple layers of security,” Shamblin said. “The point of it is to make it such a pain in the butt that they [cyber attackers] won’t waste their time, and they’ll go somewhere else.”

Christos Cassandras, head of BU’s Divisions of Systems Engineering said, although BU’s InfoSec department successfully stopped last week’s cyber attack, they may not always know when their system is being attacked.

“It could be that somebody had sent those malicious [programs] into your computer two weeks ago, and you still don’t know anything about it,” Cassandras said. “There are so many different ways [to execute cyber attacks] and new ones are being invented every day. It’s a little bit like the Cold War … As soon as somebody discovers a new weapon, we find out the counter to this weapon.”

Cassandras said although university officials have taken measures to ensure the safety of their servers, unattended computers at BU are highly vulnerable to attackers.

“The biggest threat, I think, is that we have a lot of computers in universities, including BU, that are sitting around in labs and doing things without continuous supervision,” Cassandras said. “During that time that the computer isn’t being supervised, someone can take over that computer.”

Ionnas Paschalidis, co-director of BU’s Center for Information and Systems Engineering, said cyber security is a growing concern for universities such as BU that are involved in classified research.

“The vast majority of research at universities eventually is being made public …. But before they publish, they don’t want their research to be made public,” Paschalidis said. “It’s a growing concern not only in universities, but throughout our society as we depend much more on services that are online … Every aspect of our lives is now connected to a network one way or the other. This creates much more serious consequences for cyber-attacks.”