After Pennsylvania State University revealed on Friday that it had been the victim of “highly sophisticated” cyberattacks, college officials announced they also found who is responsible for the attack. According to recent reports, Chinese hackers have been sniffing around Penn State servers for more than two years.
Penn State’s College of Engineering is one of the most productive research units in the United States, and at this point it is difficult to assess the damage done by the cyberattacks. The college’s engineers are working with important companies operating in the US on a large number of tech projects, most of them designed for commercial use.
“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Eric Barron, president of Penn State University. “This is an incredibly serious situation.”
The attacks left more than 18,000 username and passwords exposed, and Barron publicly apologized after announcing the incident on Friday. The good news is that no credit card data was accessed, at least according to the preliminary investigation.
The bad news, however, is that the hackers probably never had any intention to steal credit card information. Investigators suggest that at least one of the cyberattacks came from China, and now authorities fear that many of Penn State’s research projects have been exposed.
“Well-funded and highly skilled cyber criminals have attacked on a wide range of businesses and government agencies, likely in search of sensitive information and intellectual property,” Barron said in another statement, indicating that most likely the same thing happened with the university.
Cyberespionage is becoming an increasingly common weapon in modern information warfare, and hackers often target universities and private laboratories instead of going for governmental agencies. The servers of non-federal institutions are much easier to break and often the information they reveal is quite rewarding.
Other top American engineering schools – such as Carnegie Mellon, the Massachusetts Institute of Technology and Johns Hopkins – have also been the victims of Chinese cyberattacks in the past. The problem is that universities often have to deal with this kind of threats on their own, occasionally resorting to the help of a third party security firm. The federal authorities do little to safeguard the college servers, at least until it’s too late.
According to Barron, Penn State alone has to deal with about 22 million cyberattacks each day, but their security system is not 100 percent secure. In case of the latest attacks, Barron argues they had to deal with the “highest level of sophistication”. Although the FBI warned the University last year that it may be the target of a cyberattack, the hackers still couldn’t be repelled effectively.
The attacks went so deep that Penn State had to shut down its servers for several days while security experts cleaned the systems. In the meantime, all engineering projects have been put on halt. Those involved in any research with the University should visit security.psu.edu to learn more about the current situation.
Image Source: Tech in Asia