Recently the University of Virginia announced that its systems had been hacked into. The esteemed university which is located just three-hour’s drive from Washington DC said that the hack originated from somewhere inside China. The school is closely associated with Defense Department.
Once the breach was discovered, the university advised students to immediately reset their passwords which they were using to access the university network. It also directed that some sections of its technology network be shut down. It is, however, apparent that the hackers were more interested in individuals and not the systems as earlier feared.
More often than not, hackers who target individuals are interested in stealing personal information such as bank, credit card numbers and social security numbers.
For these Chinese hackers, they were targeting two university employees who according to the university were working on projects associated with China. The University spokesperson Anthony P. De Bruyn revealed this in an interview with The Daily Beast.
The University spokesperson said that the hackers managed to access the email accounts of the said employees. However, he didn’t reveal the information which the hackers might have stolen or the names of the target employees. After the federal security agency discovered the breach and thereafter notifying the university, Mandiant computer security firm was hired to investigate the breach in June 2015. The computer security firm has a vast hands-on knowledge in forensic analysis of computer systems field. The firm is particularly experienced at investigating systems that have been hacked into by Chinese hackers. In the past, the firm has been able to link the Chinese hackers with the Chinese military and Chinese security agencies.
Even though the university never revealed the positions held by the targeted employees, de Bruyn said there were tens of faculty employees who are members of the school’s East Asia Center. Besides having close ties with the Defense Department, the university also had connections with the US intelligence agencies. The latter ties are through the UVA Research Park which is a 3.7 million square foot establishment. The tenants in this establishment include major government contractors like Booz Allen Hamilton, Leidos and Northrop Grumman.
UVA Research Park has many big-time private as well as government tenants. In here, there are firms which are closely associated with Defense Intelligence Agency which is in nearby Charlottesville. There are also tenants closely associated with National Ground Intelligence Center (NGIC). NGIC helps in the assessment of the might and threat of foreign militaries. Companies housed at UVA also work on the research of homeland and cyber security in association with the university’s engineering school.
Defense Department warned of some Chinese hackers who were targeting government agencies and government contractors. This warning was made barely two months after the University of Virginia made an announcement of the hacking into its systems. The University’s spokesperson, however, had previously refused to respond on whether any university employee working with the UVA Research Park was affected by the hacking.
The government security communiqué often refers to threats from china as ‘advanced persistent threats’ (APT). In a government bulletin retrieved by The Daily Beast, it was stated that for the past three months an APT actor had managed to penetrate the US network infrastructure. The APT had also managed to break into the system and access sensitive data hence compromising the credentials of the targeted agencies or organizations. No mention of the attacked organizations was made in the bulletin.
All the organizations, academic institutions and government agencies cleared to receive security warnings from the government received this security bulletin. Some of the technical details contained in the bulletin are the way hackers are able to access the systems and thereafter steal data and other valuable information. The document added that the hackers captured sensitive data that would ultimately enable them to roam through the system without any obstructions.
Normally, hackers obtain personal and organizational credentials by hacking into ‘crucial’ personal email accounts. The hackers will then send messages that look genuine to other employees which aim to trick them into installing a malicious malware in their PCs. This newly installed malware records important information such as passwords and log-in details.
Security specialists point out that it is not only the Chinese hackers who are using the above technique which is also called ‘spearphishing’. In the recent past, State Department and the White House computers were accessed by local hackers.
All the recipients of the bulletin were strongly advised to defend all their classified and even non sensitive networks from intruders. Important to note is that the State Department alert was issued the same day the FBI warned that hackers were targeting US agencies and commercial entities. Among the supposed targets included entertainment, media, US healthcare, telecommunications and aerospace networks. This specific hacking episode resulted in the theft of business data, sensitive US government information, and bulk personal identification information. The source of the hack was easily traced back to China. An FBI spokesperson declined to comment on the warnings it issued to oblivious organizations that were attacked.
In August 2015, the Virginia University issued a statement saying that some sensitive research data was compromised. Conspicuously omitted from the statement is whether the university knew the date when the said hacking started and what was compromised before the school received the alert. However, the school says there was an intrusion on June 11th after it was alerted by federal authorities.