IN DEPTH: IT protecting USU computers from constant hacking
In a world with no concrete borders, being a digital border patroller can be difficult, but that’s the constant challenge for USU IT Services, which sees several attacks to the USU network a minute, said Miles Johnson, USU IT security specialist.
While protecting USU’s cyber world may not be as physically demanding as the work done by the USU Police, it still requires tactical knowledge and skill to prevent viruses from spreading, confidential information taken and identities stolen, Johnson said. The work done by IT security to protect students’ computers may not save lives, but it does save students money, he said.
“(Computers are) things that people invest a lot of time and money in, so they become emotionally attached to them,” Johnson said. “It’s not like losing an arm or something. It’s not like being exposed to asbestos and suffering a lingering death 20 years later. In the grand scheme of things, it’s very easy to survive having your computer hacked and your identity stolen.”
But ensuring the safety of USU’s network and the computers attached to that network is a challenge, as attackers come up with new methods to sneak by USU’s defenses and accomplish their purposes, Johnson said.
“We see all sorts of behaviors, it’s like there’s this dozens or hundreds of techniques that are in use all the time,” Johnson said. “If this stuff wasn’t blocked at the border, it would find boxes and take them over. We’re attacked several times a minute and these are attacks that would be effective if we didn’t have a defense. They would take over computers, take away equipment, take over peoples’ identities, they would spread viruses, they would do all kinds of things.”
Chad Mano, a computer science professor who teaches a course on cyber security, said universities are big targets for hackers, which is why USU gets attacked frequently.
“Universities have a lot of information,” Mano said. “USU is no different. We have personal information, social security numbers, bank account numbers, credit card numbers and lots of other information people might want. In addition, universities have a lot of money (not as much as we would like though). All of these things makes USU and other universities targets. One thing that is unique, however, is that we also store grades. I’m sure there are some students out there who would be happy to have a better grade in a class or two.”
Johnson said hackers attack USU’s network typically “with the goal of making money off it somehow.” And it may be surprising who is behind many of these attacks. Johnson said a good portion of the attacks USU experiences come from countries whose governments don’t punish hackers, or even support them, citing members of the Eastern European block like Ukraine, Uzbekistan and Turkey. The goal of these attackers is to find a way to steal credit card numbers, passwords, user names, hard disk space on USU’s network and tapping into USU’s fast network, he said.
“There are a few places in the world where you can normally expect people will attack you from their own computers,” Johnson said. “Either because there are no repercussions or their ISPs are in on it or because their government is in on it. That’s their job to hack people and it’s a respected profession because it brings foreign money into the economy.”
Another common attacker USU sees is the Chinese government, Johnson said. But they aren’t directly after money, he said, they’re after knowledge. USU isn’t the only university that experiences these attacks from China, as other universities in the world have the same problem, he said.
“Over the years, they’ve made an ongoing, continuous aggressive effort to get into USU and use our resources to access every bit of research data we have. Everybody knows they’re doing it,” Johnson said. “Reporting it does no good. It causes them to develop better techniques if you report it.”
But attacks don’t necessarily mean a successful hack of the USU network. Johnson said the USU IT team has a system that continuously monitors the online traffic that goes in and out of USU to prevent an attack from becoming a successful exploit. This information is displayed on a series of monitors that give a visual representation of traffic – both regular and attacks.
When a new attack is seen, which looks like moving Xs on the monitor, the USU IT security team analyzes the pattern and type of attack and then works on a way to stop the attack at the firewall to prevent a similar attack from happening in the future, Johnson said. On another screen, called the dark net, the USU IT team interprets a constantly updating stream of IP addresses and ports being used into useful information about potential attacks.
Despite vigilance by the IT team, occasionally attacks are successful and compromise computers on the USU network, Johnson said. The last most successful virus outbreak at USU was about a month ago when about three or four dozen USU students had their computers compromised by a virus that infected Instant Messenger to send e-mails to all IM contacts with a link that said, “Hey, is this a picture of you?” When a recipient of this message clicked on the link, it sent them to a malicious Web page that took advantage of vulnerabilities and took over Internet Explorer and then control of the machine, Johnson said. The end result was these infected computers turned into zombies – part of a group of hundreds to millions of infected computers that can be remotely controlled by a hacker for malicious purposes, he said.
“That one was quite successful at USU because when you get a message from a friend, the urge to click on that is almost impossible to resist,” Johnson said. “We had people at USU that knew better and pretty sure it was bad and clicked on it and got their computers compromised. Then we had people who got their computers compromised that had to go through the rebuild process and clicked on it again and got their computers compromised again.”
Johnson said while this virus was successful, for the most part, USU’s network has been fairly safe for a university. Scott Nielsen, USU IT security specialist, said the most common attack USU sees deals with trying to crack passwords on USU’s network.
“I think one of the more common ones we see that are really threatening are probably the attempts at password guessing,” Nielsen said. “A lot of people will scan through and see whatever boxes they can talk to and start throwing passwords and user names at it. They probably have all sorts of tools they can download from their hacker Web sites.”
Because of this common attack, Johnson said it was important for USU to obtain stronger passwords. He said before the new password policies were implemented, the most common passwords were 123456, 111111, 222222, aggies and monkey.
“We did some analysis of existing Banner bins. They were atrocious,” Johnson said. “One out of 20 was 123456. After that was 111111, 222222, 333333, 444444. If you knew they were six characters, you could go through the common hacker password dictionary and pull the first 20 entries, you would have had a good 50 percent chance to get in on any Banner account. That was really bad, I’m so glad we got that taken care of.”
Mano said creating strong passwords is important, and can be done by staying away from words and names, and using more random passwords.
“One trick is to use mnemonic passwords. That is, develop a mnemonic phrase that helps you to remember a random password. In other words, use a phrase that will help you create random-looking password. For example, from the phrase ‘I ate an apple for lunch yesterday at noon’ I can create a password of “18aA4ly@12″. Each character in the password can be associated with the associated word in the phrase. Substitute a 1 for an I, 8 for ate, a for an, A for apple, 4 for for, l for lunch, y for yesterday, @ for at, 12 for noon.”
Students can also protect their computers by being diligent in installing system and software updates regularly, because “there have been many widespread attacks that could have been prevented if everyone had applied patches,” Mano said.
Johnson agreed, saying, he has noticed considerable improvement in overall computer security in the last five years since students started to be more aware about the importance of installing updates and using antivirus software. This was accomplished by charging students a $25 reconnect fee when their machines got compromised.
“About five years ago I looked as good as I could and I determined that 1 in 4 machines on campus were under the control of hackers,” Johnson said. “They were running some form of malware, usually it was a worm. Things have gotten a lot better. It’s made a whole world of difference. We went from dozens of compromises a day down to a small handful a month.”
With increased awareness from students and a watchful eye over the whole network by USU IT Services, Johnson said he thinks “we do pretty good,” adding “a computer hooked to the USU network is safer than anywhere in Comcast.”
But when it comes right down to it, computer security ultimately falls on individual users, Mano said.
“I think our IT department does a good job, but due to the nature of a university network they cannot provide complete protection,” Mano said. ” I would say that the level of safety for a student really depends on the student. If the student is open with their information, uses weak passwords, visits questionable Web sites and doesn’t pay attention to Internet dangers, then they are, of course, at a high risk level. However, a student on the exact same network can be at a much lower risk level be being aware of dangers and avoiding them.”
-seth.h@aggiemail.usu.edu