CWRU computers compromised in campus-wide hack
February 10, 2017
Exercising computer safety has always been second nature for tech-minded students here at Case Western Reserve University, but sometimes that isn’t enough. On Jan. 25, an e-mail was sent to the whole campus from University Technology (U[Tech]), indicating that just over 100 computers had been compromised by malicious software.
The email explains that the hack affected mainly Macintosh computers. The software was identified as a “bot,” which allows outside users to access information on infected computers. [U]Tech Information Security coordinated with an outside institution and the Federal Bureau of Investigation (FBI) to investigate the series of hacks.
The malware was first discovered by a peer institution, who, along with CWRU, is part of a cybersecurity group of universities. The outside institution noted unusual traffic between CWRU and their location. Though the arrest of a possible suspect has been made, the investigation is still ongoing, and the nature of the attacks and the perpetrator cannot be disclosed.
Before the attack, [U]Tech had been working on improving network security for about two-and-a-half years. Sue Workman, the vice-president of [U]Tech and chief information officer, indicated improvements were made to security programs and initiatives. This primarily included increasing staff to protect networks and data. The staff included law enforcement professionals and information security veterans with experience in higher education. Security that was designed to counteract the type of hack that occurred was even added last summer, but it had not yet been implemented at the time of the attack.
“The university is closely monitoring all network activity for patterns related to this incident, and also working to implement a system that would identify and interrupt other efforts to infiltrate the network,” wrote Workman in an email.
In addition to trying to understand more about the nature of the attack, [U]Tech is currently helping students and staff whose computers are affected by the hack. While the invasion of privacy is a major source of concern, Tom Siu, [U]Tech’s chief information security officer, noted that there was fortunately no data lost on the computers that have been cleaned so far, but the task of repairing affected computers continues.
“We have contacted all of the users we know of, and they are working with the [U]Tech Help Desk to remove the malware,” wrote Siu in the same email. “The users who have cleaned up so far have not reported any loss of data.”
Siu also offers important ways that all computers, regardless of operating system, can stay secure. These methods include keeping any devices updated, using an up-to-date security system such as Symantec Endpoint Protection and disabling any open services that are not necessary for the computer to run. Connecting to the encrypted CaseWireless network instead of CaseGuest should provide additional security.
Additional reporting by Smruthi Maganti, Copy Editor.