US University to spend $3 million on cyber security after hack attacks

Rutgers University in New Brunswick is to spend up to $3 million (£1.9 million) on cyber security to prevent hackers crippling the university’s computer networks.

This expensive action is in response to at least four cyber attacks during the 2014-2015 school year that knocked the school offline and resulted in cancelled classes.

According to documentation sourced from the state’s Open Public Records, the flagship state university has hired three cyber security companies that are currently testing the huge computer network used by the university, and looking for vulnerabilities.

The firms that have been hired are:

  • FishNet Security, a major information security company that is privately owned, headquartered in Kansas, and has offices in New York City.
  • Level 3 Communications, a multinational telecommunications and Internet service provider based in Colorado.
  • Imperva, a leading California-headquartered company that specialises in providing data and cyber security products to help combat cyber attack.

For security reasons, campus officials remain mum about exactly what the three firms are doing, but confirm that they are budgeting between $2 and $3 million to ensure that the networks are not crippled again. Since the money is reportedly a “new expense,” the university has had to raise its tuition fees by 2.3 per cent for the new 2015-2016 school year, to pay for cyber protection.

The increase in fees, which translate to around $300 per student per year, was announced mid July at the same time as an announcement that room and board fees are increasing by about 2.6 per cent.

This means that students who opt to live on campus will be paying more than $624 more than they did during the previous school year, depending which campus they are on.

Fees for out-of-state students have been hiked even more, by as much as 4 per cent.

University hack still a mystery

While the senior staff at Rutgers has admitted the university was an easy target for hackers, reports state that the source of the distributed denial-of-services (DDoS) attacks is still a mystery. The worst attack was in April 2015, when professors were forced to cancel classes, and students weren’t able to submit assignments, access wifi for tests, or use their university email.

The Federal Bureau of Investigation (FBI) was called in, but neither they nor the university has commented on the current status of the investigation – or even confirmed whether it is still ongoing. Staff at Rutgers has though stated that the various attacks do seem to be related.

Someone calling themselves Exfocus has claimed responsibility for the cyber attacks, stating he (or she) was paid an hourly rate of $500 via Bitcoin to disrupt the computer networks. However there is no proof that the person is a genuine hacker or whether the claims that were made on social media were just a hoax.

Whether Exfocus was responsible for the attack or not, universities are among the many institutions and high-profile companies being targeted by hackers.

Mid-August the University of Virginia was the target of a cyber attack identified as originating in China. Even though there was no evidence that the attackers had managed to access important personal information of students or employees (like banking information of social security numbers), the university immediately upgraded its cyber security and insisted that everyone accessing the network change their login passwords.

In May Pennsylvania State University disabled its network for three days to enable IT security company, FireEye to improve computer security protocols. The university has not commented on the cyber attacks, but it is understood that the FBI uncovered two cyber attack breaches late 2014 specifically aimed at the College of Engineering. During the security upgrade, two further attacks were uncovered, this time in the College of Liberal Arts network where vulnerabilities were exploited by malware. Like the University of Virginia attacks, the Penn State attacks were identified as originating in China, and no sensitive information was stolen – only usernames and passwords.

Putting the attacks into perspective, and showing just how vulnerable state universities can be, the university did reveal to the media that it had successfully countered more than 22 million cyber attacks a day last year.

“If you’re connected to the Internet these days you are under constant attack,” the university stated. It’s as simple as that."