Who’s to blame for uni cyber attacks?

Cyber crime is a growing problem that affects us all, whether it’s a malicious bit of software designed to scrape our personal data, to a full blown attack on our bank, there have even been cyber attacks on the NHS and universities.

And while we’re always being told it’s the work of nefarious criminals and ‘rogue’ states, it seems that’s not always the case – new security analysis has found that cyber attacks on universities are just as likely to have been carried out by staff or students as criminals and hackers.

Patterns of university cyber crime

Jisc, the government-funded cyber security agency formerly known as the Joint Information Systems Committee)  has examined 850 attacks that took place over the course of the 2017/18 academic year, and found that there is a clear pattern of these attacks taking place during working hours, with the number of attacks decreasing dramatically during the holidays.

These attacks took place across around 190 colleges and universities, and showed a significant increase on the 600 attacks across 140 education institutions during the previous academic year.

The study found that the number of attacks increased between 8am and 9am, before tailing off towards early afternoon, and that there was a sharp drop in the attacks during the summer, Christmas and Easter breaks, when many students will leave the campus for an extended break back home. The number of attacks between these times varied from as many as 60 per week during the autumn term to just one a week in the summer.

These term-time attacks all point to the possibility that these attacks originate from resentful students or tutors who want to cause havoc and make like difficult for others at the university.  In one case, the security team monitored a pattern of attacks on an institution and noted that they ran between 9am and midday, then began again at 1pm and had finished by 4pm, raising the question whether this was caused by a student or member of staff, who took a break at lunchtime.

Another aspect of the attack that seems to rule out criminal gangs is that most of the attacks on universities appear to be “denial of service” or “distributed denial of service” (DDoS) attacks where hackers try to stop or overload networks, crashing computer systems, rather than attempts to use malware or ransomware to defraud money from victims or steal their data.

Why are these cyber attacks taking place?

The reasons for these attacks could be anything from a simple desire to cause chaos, and perhaps gain respect among peer groups, to grudges over poor grades or perceived poor pay. One investigation isolated the source of what appeared to be a four-day cyber-attack as coming from a university hall of residence. It had been the result of an online gamer who had been “attacking another gamer to try and secure an advantage”.

Dr John Chapman, head of security operations for Jisc, said: “So, there is evidence to suggest that students and staff may well be responsible for many of the DDoS attacks we see. If connectivity to the network is lost for any length of time, it can be catastrophic for any organisation, both financially and reputationally.”