Team protects University from vicious cyberattacks

The University network faces 10,000 attacks each year. If unprotected, users could be exposed to online security issues.


Tucked away in Morrill Hall, one group of University of Minnesota faculty stands on the front lines against thousands of attacks on the University every year.

They are the Office of Information Technology Security and their duty is to protect more than 67,000 students in the entire University of Minnesota system from cyberthieves and malicious virtual worms.

Every year, nearly 10,000 cyberattacks are made against University computers on the schoolâÄôs network âÄî attacks that, if gone untreated, can lead to identity theft and other problems.

“The user is the weak point in the whole link,” said Ken Hanna, who supervises the OIT Security. Most viruses rely on the userâÄôs trust and are often hidden in programs or advertisements that seem harmless.

In spring of 2010, Hanna and his team saw a rise in viruses from infected advertisements on many popular websites. These websites, he said, are not actually infected with the virus, but rather the advertisements themselves have been purposely designed to cause harm.

There is a worldwide marketplace for malware, according to Hanna, and some of the worldâÄôs most gifted software programmers are more than likely responsible for writing a majority of the worldâÄôs viruses.

The drive behind this is profit, Hanna said. Besides personal information like a userâÄôs social security or credit card numbers, sometimes infected computers are hijacked by the controller of a mother ship and put into a “bot net” of several thousand computers that can work together to send out spam or attack a network.

On Jan. 25, 2003, a computer worm called the SQL Slammer hit the Internet, quickly infecting 75,000 computers worldwide within the first 10 minutes. The worm, which slowed down Internet traffic worldwide, infected hundreds of University computers.

Hanna and his team scrambled to make sure the virus didnâÄôt continue to spread on campus.

“It got pretty hectic,” Hanna said. “At one point, there were so many students calling in to the help desk that we really had to sit down quickly and figure out what we were going to do.”

Thankfully, the virus attacked on a weekend, avoiding any potential disruptions the worm could have had on weekday activity at the University.

“We could tell from the large amounts of traffic which machines were being infected,” Hanna said. “It was just a matter of turning them off and contacting the people [and] telling them what to do.”

If OIT Security sees that a computer in the UniversityâÄôs network is infected, they send the user an e-mail informing him or her of the infection and will block the userâÄôs access to the UniversityâÄôs Internet.

There is always a threat of a cyberattack, Hanna said. Laptops are the particularly vulnerable to attacks. Many laptops connect to multiple networks, which only increase the risk of being infected.

The best prevention is to keep up with security updates, Hanna said. Other than that, there is little that can be done.

“If you donâÄôt keep up with your [security] patches, youâÄôre dead meat,” he said.

Of the programs that get targeted for attacks the most, Adobe products, such as Photoshop and Acrobat, rank first, said Steve Cawley, vice president of OIT.

Adobe frequently offers free security patches on its website, but many users simply overlook the benefits of these patches, Cawley said.

University history and Latin student Matt Niehoff was one student who failed to keep up with the security updates that his anti-virus required. Before he knew it, desktop icons began randomly showing up on his computer.

“They didnâÄôt have images,” Niehoff said. “They were just a bunch of numbers and letters.”

Niehoff, who doesnâÄôt know how he got the virus, wasnâÄôt able to open any other programs on that computer and quickly rendered his computer useless until he paid to get it fixed professionally.

Mary Crimi, supervisor of the OIT Tech Stop in Coffman Union, sees a lot of similar viruses like NeihoffâÄôs on a daily basis.

CrimiâÄôs staff helps 10 to 12 students every day, half of whom receive an e-mail from OIT Security informing them of a virus. Tech Stop can diagnose and remove viruses.

“We see a rise in different types of malware occasionally,” said Cody Jazdzewski, a student employee at the Tech Stop. “You get to know a malware specifically by its look.”

Even with free virus removal software online, Jazdzewski warns users should be very cautious.

Jazdzewski occasionally sees computers infected by the Antivirus 2009 virus, which hides as an anti-virus scan.

Users download the free virus scan mistaking it for a real one.

“Every time you run the scan, it says you have 42 viruses,” Jazdzewski said.

The virus, if left untouched, will steal personal information including credit card numbers.

“ItâÄôs a cat-and-mouse game,” Hanna said. The sophistication of viruses continues to evolve on a daily basis, he said.

“At one point, [a virus] used to just steal your passwords and send it back to the mother ship,” Hanna said. “Nowadays, they infect you four to five different ways âÄî it finds everything thatâÄôs wrong with your computer and uses it to take over.

“Before you know it, you donâÄôt own your computer anymore.”