Penn State

New cyberattack confirmed at Penn State

Nick Bennett from Mandiant, a cybersecurity company, addresses the media with provost Nick Jones in May after the Penn State College of Engineering was targeted in a cyberattack. Penn State announced on Friday that its College of the Liberal Arts was also attacked.
Nick Bennett from Mandiant, a cybersecurity company, addresses the media with provost Nick Jones in May after the Penn State College of Engineering was targeted in a cyberattack. Penn State announced on Friday that its College of the Liberal Arts was also attacked. CDT file photo

Penn State has been the victim of another cyberattack.

Eleven days before the May 15 announcement that the university’s College of Engineering had been targeted by Chinese hackers over the course of two years, Penn State officials discovered another attack on the College of the Liberal Arts.

On Friday, the university confirmed that previously unreported intrusion.

According to a statement by Penn State, “several systems in the College of the Liberal Arts have been the target of two cyberattacks by unknown, targeted threat actors.”

The attack was discovered May 4, and university officials say that they have worked with FireEye cybersecurity forensic unit Mandiant “to investigate and respond to the attacks” over the seven weeks since then.

“The investigation has found no evidence that personally identifiable information (PII) or research data were compromised,” the university stated, claiming the intrusion was uncovered “as the result of enhanced cybersecurity measures enacted by the (u)niversity” after the College of Engineering” attacks were found.

In the College of the Liberal Arts breach, investigators say that, in one case, “attackers exploited a vulnerability and gained unauthorized access to the college network.”

In a news conference Friday, Mandiant’s Nick Pelletier said one of the two attacks occurred over a period of about 24 hours in 2014. The other breach lasted from March to May 2015.

Pelletier said that they cannot identify the Liberal Arts attackers as the same Chinese-based group that attacked Engineering.

The university claims that after the detection, Mandiant and Penn State took steps to prevent a return and that the system is being monitored as part of the increased security.

“Penn State takes very seriously the security of the sensitive data in its care and we are continuing to investigate the circumstances that ultimately allowed attackers to access the network in the College of the Liberal Arts. Over the last several months at Penn State, we have implemented advanced monitoring techniques designed to better detect these intrusions, and that is what happened in this case,” said Nick Jones, Penn State’s provost and executive vice president, in a statement.

“As we continue to see in the news, large organizations, including governments, corporations and universities, must do more to protect sensitive data from increasingly aggressive criminals. This is particularly challenging at a large public research university, where collaboration and cross-pollination of ideas and information is at the very core of our academic mission. However, this is a challenge we must face directly and with determination.”

Within weeks of the Penn State engineering breach announcement, U.S. officials announced the federal systems had also been targeted.

Asked why the university didn’t reveal the Liberal Arts attack when the Engineering breach was confirmed, Jones said, “We prefer not to talk about an investigation that is in progress lest that compromise our ability to do a full and complete analysis.”

Mandiant said that, although no “personally identifying information,” such as Social Security numbers, or research were obtained, there is evidence that “a number of College of the Liberal Arts-issued user names and passwords were compromised.”

That means that faculty and staff are being required to get new passwords for their college-issued access accounts (there will be no password resets for their universitywide access accounts). Affected faculty and staff can learn more about the steps they need to take at http://SecurePennState.psu.edu.

Officials said faculty, staff and students “may experience minor disruptions in college connectivity, services and resources” as repairs and upgrades are made to the systems and network. The College of the Liberal Arts is expected to have its system operational again Saturday.

About 2,000 to 3,000 people in the college will be affected in a move Penn State’s Vice Provost for Information Technology Kevin Morooney called precautionary.

According to the university, “Penn State alone repelled more than 22 million overtly hostile cyberattacks” per day in 2014 but, after the attacks, the university is completing a “comprehensive review” of all IT security.

“If you’re connected to the Internet these days you are under constant attack. We are constantly monitoring. At this time, we don’t have any evidence of any other attacks at this time,” Morooney said.

University officials plan to implement an enhanced login protocol known as two-factor authentication. The College of the Liberal Arts will immediately join the College of Engineering and administrative areas that have access to core university infrastructure or mission-critical online services as early adopters of two-factor login. This security feature will be rolled out universitywide in the coming months.

The university could not speak to why Liberal Arts was targeted.

“I think hackers are constantly trolling, looking for opportunities for systems they can break into. If they find a system they can break into, they go into it even if their intent is completely unclear,” Jones said.

  Comments