Vanguard file server hacked and hijacked
The absence of a Friday edition of the Vanguard last week was caused in part by hackers, who apparently attempted to hijack the Student Publications server Thursday afternoon.
Around 3 p.m., the Student Publications’ password-controlled server went down, shutting off access to the computer networks of the Vanguard newsroom, the Rearguard, the Portland Spectator, the Graphic Design Center and The Portland Review.
“They were trying to brute force us, most likely,” said Christopher Johansson, system administrator for Student Publications. “Nowadays, [the most likely reasons for server hijacking is] storage for porn or illegal software, but mostly porn. Or to run Denial of Service attacks.”
Using servers illegally to store files is a way to avoid paying bandwidth fees for space, Johansson said. He explained that a Denial of Service attack is when thousands of computers are hacked and targeted to one web site, like Google or Microsoft, to overwhelm the system, disrupting service.
Around 6:30 p.m. Vanguard editor-in-chief Christian Gaston decided to suspend publication of the Friday edition.
“It wasn’t clear when the server would be back online that evening,” Gaston said. “And the majority of our advertising files were unavailable.”
Gaston estimated the revenue loss of the suspended Friday edition at under $1,000.
Gaston said this is the first time in recent memory that the Vanguard had suspended publication while the University was open.
Johansson said yesterday that the server had recorded illegal activity since at least April 24 and that it was probably the same person using different internet protocol (IP) addresses rerouted through different proxy servers in Romania and Japan.
Figuring out exactly what happened is difficult though, Johansson said. The server had no available memory during the failure and was unable to create log files of the event.
Gaston said a police report had been filed, and that the Vanguard would pursue legal action against the offenders if found.
“Everything right now is fully operational,” Johansson said. “Nothing was destroyed or deleted. And we have now increased security a lot.”