A series of foreign cyber-attacks which compromised the e-mail accounts of seven university staffers resulted in a disruption of campus communication during the latter half of October.
The presence of an attack was established on Oct. 17, said Information Security Officer Mark Hendricks.
Following the discovery, an investigation was launched which revealed that the accounts of 46 staff members had received login queries that were indicative of attempts at unauthorized access.
The attacks, which were traced back to two separate sources in Britain and the Netherlands, utilized social engineering techniques to dupe staffers into revealing their account credentials.
“I do know that some of the messages were phishing attacks,” Hendricks said, adding that information gleaned from the investigation indicated that spam emails and possibly malware were also used.
The seven accounts that were compromised were subsequently taken over by the attacker, who used them to generate thousands of spam and phishing emails that were sent to recipients on and off-campus.
This resulted in university accounts being placed on a ‘blacklist,’ causing university emails to be blocked by spam watchdog services such as The Spamhaus Project, said Director of User Support Services Brooke Banks.
The blacklisting halted communication between the university and several outside entities including Dell and the California State University Chancellor’s office, Banks said. Depending on the service, getting removed from a blacklist can take between two days to two weeks.
Staffers were notified to change their login credentials following the attacks, Hendricks said.
Since then, Hendricks has met with department chairs and college deans to discuss the challenges posed by Internet security, he said.
The reimplementation of a security awareness program is also in the works.
“Awareness is a big part of what we try to do in general,” Banks said.
While this is not the first instance of university accounts being compromised, the coordination of the attacks was unprecedented, she said.
“Spam and phishing attacks happen every day,” Banks said. “The difference here was that someone was targeting our accounts.”
Nicholas Carr can be reached at [email protected] or @theorion_news on Twitter