Newark campus develops alternative plans for final exams as Rutgers network continues struggle against DDoS attack
As the Rutgers network continues to be hindered by technical difficulties causing severely slowed or completely disconnected Internet access, Rutgers-Newark Chancellor Nancy Cantor and Provost Todd Clear issued an email to the Newark student body yesterday evening explaining how further network troubles would impact upcoming final exams.
A barrage of external communications requests — more commonly known as bots — flooded the Rutgers network starting Monday around 9:40 a.m., overwhelming the server and rendering the network unable to respond to legitimate requests.
This orchestrated move, called a Distributed Denial of Service attack and shortened to the acronym DDoS, kept Rutgers’ Office of Information Technology office busy since the beginning of the week, with Vice President and Chief Information Officer Don Smith sending daily update emails while campus WiFi stayed largely incapacitated.
"Rutgers Office of Information Technology staff members are working 24-7 as diligently as possible to ameliorate this attack, but there are no guarantees that this attack will not continue in its intensity and nastiness,” according to the email sent to Newark students. “We cannot be confident that it will be alleviated in time for finals week.”
Once Newark administrators consult with Rutgers colleagues and with the University as a whole, the Newark campus plans to implement a “student friendly” emergency grading system for the spring 2015 semester, effective immediately.
Under the policy, Newark students in online classes could choose to finish the course with a pass or fail grade, with a D being the lowest acceptable mark, according to the email. There would be no exceptions to this pass or fail policy.
Alternatively, professors that included final exams on their syllabi could offer handwritten final exams that students would complete during the final exam period, nix final exams and offer students their current grade as their course grade or offer students the choice to complete the course at a time when the network is restored.
Any policy that would be offered to one student in any class would be extended to every other student in the class.
“Faculty members are advised to use broad discretion in evaluating student assignments that are due to have been completed during the last 72 hours, since this cyber attack began,” according to the email. “The general principle is for faculty members to be as flexible as possible with students in working out the final grade.”
Administrators at the New Brunswick campus have not yet suggested any emergency grading system if the network continues to sag under the weight of the current cyber attack.
Even if the current denial of service attack is quashed, students are anticipating the likelihood of future network interruptions.
This is the third attack the Rutgers network experienced since the first incident in November 2014, according to a previous article in The Daily Targum.
The Rutgers network previously came under a Distributed Denial of Service attack on Nov. 19, beginning approximately around 10 p.m., when most first-year students were scheduled to register for classes.
Based on forensic work, Office of Information Technology Director Frank Reda estimated 40,000 bots originating primarily from Eastern Europe and China were launched to flood the Rutgers network with service requests.
On the evening of the incident, Reda said OIT staff was already on site anticipating the flood of traffic from first-year student registration, and thus were able to promptly monitor the network and registration-related applications when the attack was launched.
OIT monitored the network through Wednesday night and throughout the day on Thursday, Reda said.
The network remained free of any cyber attacks that impaired students’ ability to access the Internet until March 4, when an email account associated with The Daily Targum received an email from the reported perpetrator.
“A while back you had an article that talked about the DDoS attacks on Rutgers,” the email read. “I'm the one who attacked the network … This might make quite an interesting story … I will be attacking the network once again at 8:15PM EST. You will see sakai.rutgers.edu offline.”
The emails, which were relayed to OIT the same day, launched a police investigation. Around that time, Smith asked The Daily Targum to postpone reporting about the second attack and the emails until the Office of Information Technology could consult with police.
Based on the specific details provided by the alleged attacker in the emails and the occurrence of a denial of service attack on Sakai around the same time frame indicated by the individual in the emails, Smith said he was inclined to believe the messages were “credible.”
Despite the emails sent by the alleged attacker, Smith said that since the attack used intermediary computer systems to create the denial of service, it was difficult to tell if the perpetrators were the same in each incident.
Since March, the Office of Information Technology started working with the Rutgers University Police Department, FBI and the Department of Homeland Security and Preparedness to identify the perpetrators, Smith said. He declined to comment any further on the ongoing investigation.
Currently, Smith and the rest of the Office of Information Technology implemented various network hardware upgrades, denial of service mitigation services and web server improvements to subdue the issues, according to the most recent update email Smith sent yesterday around 5:30 p.m.
“We are making progress towards restoring all network services to normal operating status and working with the Chancellors to develop contingency plans for online exams,” Smith said.