Police investigate Rutgers cyber attack
First-year students may have experienced more difficulties than usual when registering for classes last Wednesday.
Frank Reda, director of the Office of Information Technology, stated via email that the Rutgers network came under a Distributed Denial of Service attack on Nov. 19, beginning approximately around 10 p.m., when most first-year students were scheduled to register for classes.
The Rutgers network encompasses physical wiring on campus in offices, residence halls, libraries, classrooms and other Rutgers buildings, Reda said. Areas served by RUWireless and RUWireless Secure rely on physical connections in order to provide wireless signal to the areas of campus they serve.
Not all DDoS attacks are the same, but Reda said a common method of attack — and the one that the Rutgers network encountered — saw the network saturated with external communications requests.
Based on forensic work, Reda estimated 40,000 bots, or web robots, were launched to flood the Rutgers network with service requests. The traffic from the bots originated primarily in Eastern Europe and China.
When a network is overwhelmed with this many communications requests, the network responds extremely slow or is rendered unable to respond to legitimate communication. A DDoS attack usually leads to a server overload.
On the evening of the incident, Reda said OIT staff was already on site anticipating the flood of traffic from first-year student registration, and thus were able to promptly monitor the network and registration-related applications when the attack was launched.
OIT monitored the network through Wednesday night and throughout the day on Thursday.
The Rutgers network did not sustain any long-term damage, Reda said. The University also did not sustain any financial damage.
“It is important to note that OIT staff and staff from other departments, such as the Registrar’s office and the dean’s offices, put in extra time and effort to assist students who were impacted during the registration process,” he said.
Reda said OIT does not currently know who committed the attack. However, the incident has been reported to law enforcement officials, who will follow up with an investigation.
People who launch or conspire to launch DDoS attacks are subject to civil and criminal liability, Reda said. Punishment may include fines and/or imprisonment under state and federal laws.
In 2010, Brian Thomas Metterbrink, a 20-year-old Nebraska resident, was fined $20,000 and sentenced to one year in prison for participating in a DDoS attack against Church of Scientology websites. The attack was part of a broader campaign lead by “hacktivist” group, Anonymous.
A 2011 Federal Bureau of Investigations press release stated a DDoS facilitator or participant can face up to 10 years in prison.
Since last Wednesday, Reda said OIT is working to strengthen the network against any future attacks.
He would not divulge more information about OIT’s plans because publicly releasing the information would be counterproductive to their strategy.
“[However], I can say that OIT has top-notch technical staff, and those staff members have already begun crafting and enacting a plan to mitigate future attacks,” he said.