Hackers have been attacking the university’s web servers since Monday evening at 7 p.m. The hackers used the RUG system as a cover to attack targets in China and Moldova. What those targets are is not yet known.
The university’s network suffered severe disruptions on Monday night and Tuesday morning as a result of DDoS attacks that were being carried out by the hacked systems. In attacks such as these, a system or network is overloaded with requests from multiple computers, which slows down the systems or causes it to break down. The internet connection at the university was working very slowly on Tuesday morning or completely failed to work at times.
‘A RUG computer, a university workplace (a Windows computer for employees, ed.), has been hacked. The attacks have been originating from there. Our firewall detected that and became slower as a result. The university is experiencing difficulties from that’, says technical director Haije Wind.
Attacks
On Monday evening, 13 attacks from China were blocked. After that, it looked peaceful, but on Tuesday morning, the attacks started again. Employees at the university’s IT department, the Centre for Information Technology (CIT), have temporarily blocked all traffic to China. That also means that internet traffic to and from Yantai is impossible at the moment.
The infiltrated pc has been removed, which has improved matters. Further investigations should reveal how the hack was possible. Tracing the culprits is technologically difficult because the trail usually leads all over the world.
Hacks
This is not the first time that the RUG system has been used to attack other websites or computer networks over the internet. In 2014, research systems that had not been properly updated were taken over by hackers.
Hackers often abuse university computer networks to execute attacks. Universities have many servers, are often not very well-protected so as to not limit research, and are trusted by many organisations.
Measures
Technical director Haije Wind had previously said that the RUG has taken numerous measures to prevent attacks. ‘We have a firewall to start with, several layers of network protection for certain systems and of course measurements on the systems themselves. Security is one of our spearheads. Over the next few years we want to take extra measures by zoning and monitoring the network, among others, and take measures against DDoS attacks’, he said in November after the UK asked questions.
In an internal email that circulated in the ICT department, the conclusion was drawn that the hack came from China. But according to Wind, that may not be case. ‘We do not yet know who has hacked us, we are investigating it now’, he says.