Technology

Another Network Outage at Rutgers Leads to Frustration Among Professors and Students

September 30, 2015

When a cyberattack brought down Rutgers University’s computer network on Monday morning, Melissa Aronczyk found out via a text from the IT department.

An assistant professor of journalism and media studies, Ms. Aronczyk wasn’t on the New Jersey campus during the outage. But she knew that her students, who use the university’s network to complete their assignments and communicate with their professors, couldn’t get access to their work.

The attack, which started at about 10 a.m. and lasted into the afternoon, is the fourth to hit the university since November 2014. After last year’s attacks, Rutgers spent $3 million to tighten its security — which is one of the reasons the institution raised tuition and fees 2.3 percent this year, according to NJ.com.

"My first thought was, ‘Not again,’" Ms. Aronczyk said, "especially after the school spent so much money over the summer to try to make our system more robust."

After she received the text from IT, Ms. Aronczyk read about the hacker who claimed responsibility for the attacks. Known as Exfocus, the hacker was also allegedly behind attacks last spring.

When Ms. Aronczyk checked her Twitter feed, her students seemed frustrated. They thought Rutgers had taken care of the problem.

Since the attacks began, someone claiming to be Exfocus has spoken out over the Internet, and even has a Twitter account. "This is the third time I have launched DDoS attacks against Rutgers," Exfocus wrote in a post on Pastebin during an attack in April. "Every single time, the Rutgers infrastructure crumpled like a tin can under the heel of my boot."

All of the attacks are classified as distributed denial-of-service attacks. That’s when a hacker takes control of a network of computers, and then uses those computers to flood a network with traffic.

"DDoS attacks tend to be personally motivated," said Kim Milford, executive director of the Research and Education Networking Information Sharing and Analysis Center at Indiana University at Bloomington. "You rarely have to worry that the data is breached. It’s just a really big annoyance."

In an interview this year with the e-commerce blogger Dimitry Apollonsky, Exfocus said he or she was being paid with Bitcoin by someone with a grudge against the university. And according to E.J. Miranda, a Rutgers spokesman, no data have been compromised by the attacks.

The Federal Bureau of Investigation is helping state and local authorities investigate the attacks. Mr. Miranda declined to comment on the FBI’s involvement in the latest one, saying only that the law-enforcement investigation is continuing.

The attacks shut down Rutgers’s access to the Internet as well as to Sakai and eCollege, two systems students use to connect to homework and examinations, the International Business Times reports.

A Short Shutdown

The Rutgers network stabilized by mid-afternoon on Monday, making the shutdown one of the shortest of the last few months. An attack this past spring, which took place during exams, lasted days.

During the spring attack, Ms. Aronczyk created a separate Gmail account to communicate with her students and to administer her final exam. She programmed her email account to send out the final-exam questions whenever students sent her an email, in case they weren’t able to see them through the Rutgers network.

"We bypassed the Sakai system entirely," she said. She is considering creating a course website separate from the Rutgers network, in case of another attack.

Denial-of-service attacks are difficult to prevent, said Ms. Milford. "There is no one-size-fits-all solution for this sort of thing." During the Rutgers incident, she said, everything was interrupted: Access to the Internet, email, and class resources were all compromised, "which is pretty massive when you’re trying to teach and you can’t get to the resources."

But even if universities continue to see such attacks, Ms. Milford doesn’t think that the consequences will get much worse.

She added that her center's technical-advisory group plans to meet with institutions that have suffered denial-of-service attacks recently, to see if they can come up with new solutions collaboratively.