Gone phishing

A series of foreign cyber-attacks that compromised the email accounts of seven university staffers resulted in a disruption of campus communication during the latter half of October.

The attack was discovered on Oct. 17, said Mark Hendricks, Chico State’s information security officer.

Shortly after, the university began an investigation which revealed that hackers tried to break into the accounts of 46 Chico State employees.

The attacks, which were traced back to two separate sources in Britain and the Netherlands, used phishing techniques to dupe staffers into revealing their account credentials.Screen shot 2013-11-19 at 9.20.33 PM

Phishing is the act of attempting to gain someone’s personal information, such as a username and password, by sending emails that disguise the sender’s true identity.

“I do know that some of the messages were phishing attacks,” Hendricks said, adding that information gleaned from the investigation indicated that spam emails and possibly malware were also used.

The seven accounts that were compromised were subsequently taken over by the attacker, who used them to generate thousands of spam and phishing emails that were sent to recipients on and off-campus.

This resulted in university accounts being placed on a ‘blacklist,’ causing university emails to be blocked by spam watchdog services such as The Spamhaus Project, said Brooke Banks, Chico State’s director of user sup-port services.

“The use of spam blacklists and spam firewalls are one of the only ways that we can identify spam and phishing emails,” Hendricks said. “Email account compromises are very common, and so spam blacklists monitor huge volumes of data to determine where those sources are and start blocking those,” he said.

The blacklisting halted communication between the university and several outside entities, including Dell and the California State University Chancellor’s office, Banks said. Depending on the service, getting removed from a blacklist can take between two days to two weeks.

Staffers were notified to change their login credentials after the attacks, Hendricks said.

Since then, Hendricks has met with department chairs and college deans to discuss the challenges posed by Internet security.

Recent wireless connection issues were caused by failed hardware and have nothing to do with the attacks, Banks said.

The reimplementation of a security awareness program is in the works, Hendricks said. A set of desktop security standards will also be enforced for all workstations on campus.

While this is not the first instance of university accounts being compromised, the coordination of the attacks was unprecedented, Banks said.

“Spam and phishing attacks happen every day,” Banks said. “The difference here was that someone was targeting our accounts.”

The university typically fights off several small-scale cyber attacks a week, and sometimes deals with larger “rashes” of attacks like this one, Hendricks said.

Historically, university systems and networks are a lot more open than other places because so many different people use many different computers, Banks said.

“We have a proliferation of different types of devices, including all makes and models of Macintoshes and PC’s, and we have 2,000 staff and faculty, many of whom their job is to go out and be creative and try different things,” she said.

Some spammers are paid by the volume of spam they disburse, and phishers sell personal user information on a black market, Hendricks said.

“There is no international conspiracy: People have too much time and or are trying to make money by getting credentials or sending spam,” Hendricks said.

Banks and Hendricks provided several user tips to protect accounts from spam and phishing.

Never use the same password in multiple accounts, Banks said.

“The password that I use for online banking is completely different from my CSU Chico account,” Banks said.

Users are advised not share passwords with others, Hendricks said. He described a situation at another university where a jilted girlfriend went on a rampage with her ex’s credentials.

“I’ve seen where an unhappy ex-girlfriend goes into a student’s account and starts dropping financial aid and un-enrolling in classes that they’ve been waitlisted on,” Hendricks said.

Complex passwords prevent hackers from accessing user accounts with sensitive information, such as Chico State’s student portal account, Hendricks said.

“You think that you’re saving yourself time by making a simple password,” Hendricks said. “But, if you don’t have some kind of complexity in there, it takes really no time to hack the password and access that account.”

If you’re suspicious about an email, don’t open it, Hendricks said.

“If you do happen to open it, the second thing to do is delete it and don’t click the link,” Hendricks said.

If you do click the link, run your anti-virus software and make sure it’s up-to-date, Hendricks said.

If you think your account may have been compromised, immediately change your password, he said.

 

Enrique Raymundo contributed to this article.

Mozes Zarate can be reached at [email protected] or @mzarate139 on Twitter.

Infographic by Rob Harris.

Video by Jeff Barron.