Last week, University servers were hit by a Distributed Denial of Service attack that led to the shutdown of Sakai and the Central Authentication system, rendering RUWireless inoperable for several days, as reported by The Daily Targum on Tuesday.
During a DDoS, servers are flooded by requests from an external source. Bots, or hijacked computers, were programmed to inundate the University’s secure servers with requests for information. Many of these hijacked computers appeared to originate from outside of the United States. It is likely no University computers were co-opted into contributing to the attacks.
A DDoS attack differs from a break-in in one key way –– a DDoS forces servers to shutdown, while a data breach is performed to steal or delete information. Notably, Sony has been broken into multiple times in the past few years, leading to theft of credit card and other private information. While some services, such as the Playstation Network in 2011, were disrupted, this was more of a byproduct caused by the hack. Stealing or deleting information was not a goal of the Rutgers attack.
Hacking can be done by installing malware onto a server or by hunting down and exploiting weaknesses –– such as digital holes in a firewall. The methods of breaking into a system are different enough from those of a DDoS that they can be identified and dealt with. While both exploit vulnerabilities, the former does so subtly to gain access and control. A DDoS is less refined, and because of the nature of the Rutgers attacks, at no time was any private information vulnerable to theft.
A series of emails sent by the Office of Information Technology and the Telecommunications Division explained that Sakai and CAS were taken offline to protect them and the University servers from the DDoS attacks, which continued through Sunday. These services were made available again to those using an on-campus network late Sunday, and to off-campus students again on Monday.
Rutgers employs “DDoS mitigation” software that is designed to help detect and end attacks by noting how traffic patterns –– what computers request information –– change, including where traffic originates from. This notifies system administrators when an abnormally large number of atypical requests are being made.
The Internet in general is structured so that information cannot easily be lost. Every tweet, picture, forum message, video and private piece of information remains online even if a user ostensibly deletes it. Rutgers has a vast, complicated network of servers, many different wireless networks and storage for all the information the University holds, both onsite and offsite, and backups for this data do exist in the unlikely event it is rendered unusable on one platform. The way the data is held also prevents changes being made to it once it is stored.
Deleting this information would be difficult for a hacker and stealing it more so. Denying students the opportunity to study for exams, access their grades or contact their professors is much easier in comparison. While this denial caused, and can cause, a lot of harm in terms of productivity and even just keeping up with what’s happening at the University, it has less of an effect on any of the actual data stored here.