OIT working to end rise in cyber crimes
Two weeks ago, a personal computer in Portland State Student Publications was hacked while it was logged into the PSU server.
After taking the computer to the Office of Information Technology (OIT), Craig Schiller and his PSU information security team used the computer to study how the hackers accessed the PSU server with the hope of preventing further hacking.
The incident is just one in an increasing number of viruses and cyber crimes occurring on the PSU campus, and Schiller, chief information security officer for the OIT, hopes to stop the trend in its tracks.
Schiller said he and the other staff members involved in information security have been making more headway than ever before, a result of better preparation and knowledge of attack patterns.
“We’re more prepared this year.” Schiller said, who said cyber crimes increase each fall term. “It is a never-ending battle. Something we’ll have to stay on top of.”
This year, OIT made 1,500 security CDs as part of a push to get anti-virus software and Windows updates to as many students, faculty and staff members as possible.
For the first time this year, OIT began using a centralized quarantine reporting system to inform them when an unfixable virus pops up and on what computer in the university it is located. When they first ran the program this fall, over 500 computers were infected.
With this knowledge, Schiller and his colleagues have been able to extract information about who has been hacking the server and where attacks on the server are originating. He said that information security discovered that computers within the university were attacking many of the infected systems, and OIT has been following these trails to try to remove as many of the infected systems as possible.
Schiller said it is difficult to know exactly who is spurring these attacks, and he said information security is trying to keep the PSU server protected rather than to locate the hackers. If information security were to come up with a hacker’s name, they would pass it on to the authorities, but Schiller said hackers are nearly impossible to catch because they cover their tracks so well.
The computer in Student Publications was infected with a botnet, a network of infected computers controlled by a single computer (called a bot herder). Schiller said botnets are the single biggest threat to the internet right now, and are often used to acquire personal information for extortion or financial gain or to store illegal intellectual property, like movies, games and software. Botnets can include hundreds or thousands of infected computers, Schiller said.
Schiller has authored a not-yet-released book call Botnets: The Killer Web App.
Numerous botnets have been found on computers within the university and Schiller said the data that information security is able to get from infected machines could help them protect PSU’s network in the future.
One of the reasons PSU, and universities generally, is targeted is because the number of network users is so vast, and the university does not stifle internet freedom the way a business does, according to Shem Giles, coordinator for client systems administration in OIT.
”Things are pretty lax in security, since it’s a learning environment,” Giles said.
In their annual “Internet Security Threat Report,” anti-virus software company Symantec states that most attacks are made in order to gain information that has some value to the attacker: credit card numbers, or other personal information.
The report said the United States is the top country of internet attack origins, at 37 percent. It also says that home users are the most targeted, 86 percent of all attacks. Symantec documented 2,249 new viruses in the first half of 2006, the highest number ever recorded for a six-month period.
Additionally, spam makes up 54 percent of e-mail traffic, up from 50 percent last year, according to the report.
Cyber attacks have been increasing each year with no signs of slowing down, including attacks directed at computers on campus, said Janaka Jayawardena, director of computer support in the Maseeh College of Engineering and Computer Science. He said computer users are not as knowledgeable as they could be when using security features, and this, together with flaws in software and hardware, create a “deadly cocktail” of security threats.
”Most people don’t think in terms of ‘gosh, there’s maintenance involved?'” Jayawardena said. “You have to be so on the edge of what’s new – always paying attention to upgrades and patches. A lot of people see that as a hindrance. That’s what makes it easy for these attacks to succeed.”
The underground computer subculture has evolved over the years, first popping up in the 1980s, Jayawardena said. Jayawardena has been involved in computers for about 20 years, the last 15 of which he said has been spent grappling with internet and network attacks.
”A lot of the exploration was fairly innocent in the ’80s,” Jayawardena said. “Kind of na퀨͌�ve folks who didn’t realize this [virus] they wrote would bring the internet down. Now it’s commercialized, there’s real money out there.”
Jayawardena said the future of internet security is up in the air, and as long as flaws in software exist, the flaws will be found.
”Its intensity has gone up because we are so connected,” Jayawardena said. ” It’s sort of like an arms race, but we haven’t found the doomsday device yet.”