PSU news by
Penn State's student blog

Topics

About

Administrators Discuss Cyberattack On The College Of Engineering

In a press conference at Old Main today, provost Nick Jones, along with senior manager of third-party security company Mandiant Nicholas Bennett, further elaborated on the cyberattack on the College of Engineering. Although the university was made aware of the cyberattack in November, Jones said the delay in reporting the incident to the public was part of a “coordinated matter important for success.” He reiterated this is an incredibly serious situation.

Bennett, before answering questions and elaborating on the situation, commended Penn State for acting quickly to address the breaches, noting the university moved in a conscious and timely manner to research and combat the attack and contact a third-party security company.

When the College of Engineering was taken off the network after the public announcement, the passwords of students, faculty, and staff in the college auto-expired to protect their information. The university is now efficiently equipped and informed to combat the attack. Seeing as the College of Engineering is one of Penn State’s largest, the decision to take the college offline impacts hundreds of faculty and thousands of graduate and undergraduate students. Though the semester ended last week, access to documents and research on the college’s server is hindered, which will likely impact Summer Session. Timing was taken into consideration to best minimize the impacts, Jones said. Members of the College of Engineering currently have no access to the network or any work that involves IT.

Bennett said there is no direct evidence of stolen Social Security information or other data theft, but the usernames and passwords of those in the College of Engineering were compromised. Both he and Jones said there is also no evidence of exfiltration of data, threat actors who had access to usernames and passwords had the ability to look at the information available on these accounts.

The information jeopardized by the attack spanned “around 18,000 personally identifiable pieces of information on several systems,” and Jones said that “if this data falls into the wrong hands, it can be used for inappropriate purposes.” That being said, he noted none of the compromised information is anything that would be a threat to national security if it got into the wrong hands, and at this time the university does not have evidence this data was in fact removed from the servers.

As of right now, there is no speculation as to the motive of the hackers, of which there were two separate parties. Evidence of the initial hack was first traced to September of 2012, and the first presence of the second attacker was discovered in July of 2014. As stated in the release from the College of Engineering earlier today and reiterated in the press conference, at least one of the threat actors is located in China, but the university does not know who it was or the exact location in China. Each source accounted for a separate intrusion, and each intrusion lasted from the time of initial access to the system until today.

When asked about the next step in the large-scale, ongoing investigation and remediation of the attack, Vice Provost of IT Kevin Morooney said the university will employ more vigorous monitoring to understand the constantly evolving threat. Jones additionally stressed the university and Mandiant have “invested tens of thousands of person hours over the last several months in investigating the attack and preparing for the remediation.”

About the Author

Lexi Shimkonis

Lexi is an editor-turned-staff writer who can often be found at either Irving's or the Phyrst (with the chances she'll have her backpack being the same). Lexi is a senior hailing from Spring City, PA (kind of) and studying Civil Engineering. Please email questions and/or pleas for an Instagram caption to [email protected], or for a more intimate bond, follow her on Twitter @lexshimko.

Comments

More by Lexi

A Special, Precious, & Eventful Experience: Lexi Shimkonis’ Senior Column

“And here in this lovely, intriguing spot called Penn State, each of us staked our own special, precious, and eventful life.” — Ross Lehman

Homecoming To Replace King And Queen With Gender-Neutral Court

[Video] An Interview With Line Dance Leader Gina DeFrancesco

Athletics

Incoming Penn State Track & Field Athlete Kristian Marche Shot To Death In Philadelphia

The incident surrounding Marche’s death is “under investigation,” according to the Philadelphia police department.

Former Women’s Gymnastics Coach Files Lawsuit Against Penn State Over Handling Of Abuse Allegations

Men’s Soccer Trio, Reading United Win PDL Eastern Conference Title, Fall Short Of National Championship

Penn State Hockey’s Evan Barratt, Aarne Talvitie Participate In World Junior Summer Showcase

Ally McHugh Wins 400 Medley National Championship

Student Life

Nike Releases New Penn State Sneakers

This year’s sneaker is available to purchase online for $109.99.

Penn State Parking Office Runs Into Student Permit Purchase Issues

Girirajan Lab Seeks To Bridge The Gap Between Fly And Human Genomes

Plans Submitted For New KFC In State College

Developers have submitted preliminary land development plans to build a new KFC restaurant at 1780 S. Atherton St. in State College.

Join Onward State: Fall 2018 Application

Onward State is hiring for the fall semester and we’d love to have you join us.

Fall Move-In Traffic & Construction Changes

When 40,000 students need to move back to State College over the course of four days or so, things are bound to get crazy.

Be the first to know

  • Top posts and the best Penn State stories

Thank you for subscribing.

Something went wrong.

Assessing Penn State’s Front Seven Following Tuesday’s Medical Retirements

Penn State’s defensive line rotation will be shaken up following Ryan Buchholz’s medical retirement from football, while the coaching staff is letting the linebackers duel it out during camp.

Send this to a friend