LOGAN – Utah State University’s IT security analyst Miles Johnson was looking at a set of large monitors that cover the north wall in the university’s IT department. To an untrained eye, the “network visualizer” looks like a collection of random numbers and colors with lines and dots buzzing around like an old arcade game. Every computer in USU’s network is represented by its own light on the screen, and their active, ongoing processes and connections are monitored.
According to Johnson, on a normal day, the screens would be much livelier, but it was Memorial Day weekend, and campus was next to empty.
“That was an interesting thing right there,” he said. “That flash of red that rolled by was an attack. It went by and hit a bunch of sequential IP addresses. That thing targeted an area over at our research park.”
But there wasn’t much concern in his voice. He said he sees those things come and go “all the time.” It most likely was random and not successful. Many of those attacks aren’t specifically sent to USU, they sweep computers all over the world until they find one they can access, and then they get in.
But that isn’t always the case. Some attacks are directed specifically at USU for malicious purposes, and some can be very dangerous. Johnson is one of a group of IT security analysts trying to prevent the bad attacks and keep USU’s computers and information safe.
The quick attack on the research park computers, according to Johnson, was a server-side attack, an attempt to connect to a server to either change or steal information. The university commonly sees these. Some are specifically sent to USU, either by foreign governments or others who want USU’s information. Many times USU is targeted simply because it is a research institution.
“Sometimes somebody finds a way in to one of the campus web pages for a few hours,” he said. “Then we learn from that, make sure that particular attack doesn’t happen again and push it back.”
Another type of attack is client-side attack, where some type of false service is set up online. When someone connects to it, it takes over the person’s web browser, computer, phone or any number of things. Johnson said these can be the most dangerous, because it turns your own equipment against you. He said other universities have had to shut down their systems days at a time because of successful client-side attacks.
The third type of attack is a phishing attack, which is usually designed to steal an individual’s information, such as a credit card or social security number, through impersonating a trusted organization.
The phishing attacks can be elaborate. According to IT Security Analyst Jared Hill, attackers in the past have completely duplicated the university’s website login page. Unsuspecting students or faculty follow a link received in an email and then enter their credentials in the fake login space. After it is received, the information is then used by the attacker to access the victim’s information.
“That’s a little more targeted,” Hill said. “But it happens to all the universities.”
IT Security Analyst Bob Bayn and his group have recently had success training and educating USU faculty to avoid these phishing attacks. When those attacks are reported to Bayn and his colleagues, they are then able to work on getting them shut down. In order to incentivize USU employees to report these phishing attacks they began offering Aggie Ice Cream as a prize to the first person who reported a new phishing attack on campus. The reported phishing attempts dramatically increased. According to a university release, more than 600 phishing attempts have already been blocked in 2016. Those who report the attacks are put on a university list known<span> as “internet skeptics.”</span>
There are many reasons USU’s security analysts to go to great lengths to protect the university from these phishing attacks. Once hackers have access to a USU account, they can use it to make money by using the victim’s account to send spam. If too much of it is sent by USU, all USU-hosted email accounts can be blacklisted by spam blockers, which could all but cut off the university’s email communication. In addition to the ability to send spam, Bayn said there is a lot of value to a USU credential for hackers that know what is available.
“They can use your USU credentials to get into the library information databases and get information that has been subscribed to for university use,” he said. “They can extract that information then resale it and redistribute it. They can make money that way. They can use it to get into our VPN system and become inside our network instead of outside our network. Once inside they can see things they can’t see from outside our network.”
Bayn said when it comes to phishing, red flags include a message that has an urgent concern the recipient wasn’t expecting or a link that goes to an unexpected place. He recently published a list that <a href=”https://it.usu.edu/htm/news/articleid=31142″ target=”_blank”>teaches how to recognize potential phishers</a>.