Alistair Berg / Getty Images
On January 27, shortly before ten in the morning, the pages of the University of Granada (UGR) were no longer accessible on the internet. In far-off normal conditions, this general decline would have been a major setback, but it would not necessarily have affected the students' routines. With the pandemic galloping to the top of the third wave and face-to-face activities suspended, the impact was different. "This may affect the normal performance of the assessment tests, so affected students should contact their teachers to receive indications in this regard," reported the center in a statement issued that morning.
For almost a year, university education has a second home on the internet where it spends more and more time. And those prolonged stays due to the peaks of the pandemic expose the digital infrastructure to the impeccable visit of cybercrime. "This is like earthquakes: there are small ones that happen every day and nobody notices them, but from time to time there is a bigger one", explains Francisco Cano, director of the CSIRC and head of security for the UGR Network.
The earthquake January was noted because it happened in the middle of the exam period, the seconds that the university convened remotely after those that were held in June. According to Cano, the cause was what is known as a DDoS attack – denial of services – whose strategy is to crowd the servers with more visits than they can support until, saturated, they collapse. "There were millions of computers that were dedicated to trying to access the university's servers," explains the expert. The response to this was to put up barriers to prevent collapse, but those same barriers, although essential, also temporarily left teachers and students out in the middle of their assessments. "What we are clear about is that the castle was never entered." The wall endured and avoided greater evils. “The servers are equipment that many times have been working for years. And when they go down, it's a problem. ”
As Cano explains, the attack that the university identified as an attempt to boycott the exams is the only cyber attack that has managed to disrupt the UGR's routines since the pandemic began and, with her, the hasty move to online teaching. He sums up the other memorable incidents on the internet this year in a spate of phishing and a handful of attempts to boycott meetings on Zoom or other video conferencing platforms ( zoombombing ). Hervé Lambert, Head of Consumer Operations at Panda Security, takes his hat off to the way universities have responded to this transition to digital: “They have had a brutal revolution. Not even companies have had as many changes as what this has meant for students and teachers. We don't get used to the idea of what it means for a university to do everything remotely. ”
According to a study by the cybersecurity company Bluevoyant, prepared with data from 2,702 universities in 43 countries, the main threat to these centers, In line with what happens in other sectors, are ransomware attacks, in which a virus encrypts the information stored on the computer so that its contents can only be decrypted by paying a ransom. On average, the cost of these incidents was, according to the same report, more than 370,000 euros. “Universities are like any other company that has to protect its assets. We have student data, bank information and we also save their grades ”, explains Juan José Nombela, director of the Computer Science and Technology area of the International University of La Rioja, whose teaching has always been taught remotely. “Because we are digital natives and because our students and teachers were already like that, we have not done anything new there. What has changed the pandemic is that now the administration staff have also gone home to work. ”
Data leaks are also a headache in this area where the credentials of the staff of each center are added to those of the students. “Universities have a very open border where by their very nature they have a lot of people from different backgrounds. Almost all users of information systems and are in an organization in which the hell they are going to have to share information. It is a dangerous cocktail ”, explains Miguel Juan, managing partner of the cybersecurity company S2Grupo. According to data from the Ministry of Universities, the Spanish university system had more than 1.6 million enrolled students last year. In the personnel section we would be talking about more than 215,000 people among teachers, administration and services, researchers and support technicians, according to the data from the 2018-2019 academic year.
The main purpose of the theft of credentials is the subsequent sale of these on the black market. "If you go to the darkweb – dark internet, not accessible from conventional browsers – in search of credentials, you find many, many that come from university backgrounds," explains Lambert. The expert prescribes the toughening of password change policies, widespread use of two-factor authentication systems and an awareness-raising effort that he sees as especially necessary among the student community. “My son used three different passwords and maybe he has credentials for 100 services.”
In addition to the attacks aimed at kidnapping information or stealing personal data, there are also attempts to access works that students and researchers store on the networks of the University. "Many are doing research on topics that can be very interesting for third parties," says Juan. A study by the Universities of Kentucky and Michigan revealed that more than a hundred pages from American universities, including Stanford and Columbia, had been hacked or compromised in article and essay thefts. Nombela confirms that they have seen and reported the presence of works by students of the International University of La Rioja on pages of this type, but does not attribute it to unauthorized access to their systems. “What we are most concerned about is protecting the personal data of our students” .
Flat rate for cyberattacks
"Many times we are asked: 'But who has the capacity to do this?'" Cano comments. The problem is that to launch an attack like the one suffered by the UGR, it is not necessary to be a master of cybercrime. It is enough to know where to look … and have 30 euros. "The sad thing about this is that it is very cheap to promote attacks of this type. On the dark web – dark internet , not accessible from conventional browsers -, you have flat rates of 30 euros per month that allow you to attack the servers you want" .
You can follow EL PAÍS TECNOLOGÍA RETINA at Facebook , Twitter , Instagram or subscribe here to our Newsletter .