Cyber spying on universities

Last updated

Cyber spying on universities is the practice of obtaining secrets and information without the permission and knowledge of the university through its information technology system. Universities in the United Kingdom, including Oxford and Cambridge, have been targets, [1] as have institutions in the US [2] and Australia. [3]

Universities are targets for cyber espionage due to the wealth of personally identifiable information they possess on students, employees, people who buy tickets to sporting events, and, if the university has an academic medical center, on patients treated there. Information about research projects with industrial or military application are also targets. The culture of information sharing within universities tends to make them easy targets. [4] [5] [6]

Breaches can occur from people sharing credentials, phishing, web-crawlers inadvertently finding exposed access points, password cracking, and other standard hacking methods. [5] University credentials are bought and sold on web forums, darknet markets and other black markets. [7] [8] [9]

The result of such efforts have included theft of military research into missile design or stealth technologies, [1] [10] as well as medical data. [11]

As a precaution against such attacks, Stanford University advises its employees to take IT precautions when they travel abroad. [12]

Moreover, in March 2018, the U.S. charged and sanctioned nine Iranians and the Iranian company Mabna Institute for hacking and attempting to hack hundreds of universities on behalf of the Iranian government. [2] [13] [14]

Credentials used by Sci-Hub to access paywalled scientific articles have been subsequently used by hackers seeking to breach university firewalls to access other information. [7]

See also

Related Research Articles

Computer security The protection of computer systems from theft or damage

Computer security, cybersecurity or information technology security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrimes can be defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet and mobile phones (Bluetooth/SMS/MMS)". Cybercrime may threaten a person or a nation's security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those regarding hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child pornography, and child grooming.

Cyberwarfare is the use of technology to attack a nation, causing comparable harm to actual warfare. There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists. One view is that the term ‘cyberwarfare’ is a misnomer, since no offensive cyber actions to date could be described as ‘war’. Offensive cyber actions, such as those in Estonia in 2007, Georgia in 2008, Iran in 2010, North Korea have occurred in the context of international relations, only resulting in condemnation and denial by sides. An alternative view is that 'cyberwarfare' is a suitable label for cyber attacks which cause physical damage to people and objects in the real world.

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak, information leakage and also data spill. Incidents range from concerted attacks by black hats, or individuals who hack for some kind of personal gain, associated with organized crime, political activist or national governments to careless disposal of used computer equipment or data storage media and unhackable source.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network. A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector. Cybercriminals typically tamper with the manufacturing process of a product by installing a rootkit or hardware-based spying components. In an Internet Security Threat Report, powered by Symantec, it is stated that supply chain attacks still continues to be a feature of the threat landscape, with an increase by 78 percent in 2018.

Chinese espionage in the United States

China is alleged to have begun a widespread effort to acquire U.S. military technology and classified information and the trade secrets of U.S. companies. The Chinese government is accused of stealing trade secrets and technology, often from companies in the United States, to help support its long-term military and commercial development. China has been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities and a network of scientific, academic and business contacts. Although it uses a network of contacts to collect information used to benefit Chinese businesses, each bit of information does not invite scrutiny or prosecution by the U.S. government. Espionage cases include Larry Wu-Tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee.

As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

China is both the world's second-largest economy and a nuclear weapons state with the world's second-largest defense budget. Chinese Information Operations and Information Warfare includes the concept of “network warfare”, which is roughly analogous to the United States concept of cyber-warfare. Foreign Policy magazine provided an estimated range for China's "hacker army" personnel, anywhere from 50,000 to 100,000 individuals.

Insider threat malicious threat to an organization that comes from people within the organization, who have inside information concerning the organizations security practices, data and computer systems

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems. The insider threat comes in three categories:

In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset. A cyberattack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. An attacker is a person or process that attempts to access data, functions or other restricted areas of the system without authorization, potentially with malicious intent. Depending on context, cyberattacks can be part of cyberwarfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, society or organizations, and it may originate from an anonymous source.

The following outline is provided as an overview of and topical guide to computer security:

In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people. The final estimate of the number of stolen records is approximately 21.5 million. This includes records of people who had undergone background checks, but who were not necessarily current or former government employees. It has been described by federal officials as among the largest breaches of government data in the history of the United States. Information targeted in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Fireeye's Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as two GRU units known as Unit 26165 and Unit 74455.

Sci-Hub is a website that provides free access to millions of research papers and books, without regard to copyright, by bypassing publishers' paywalls in various ways.

The Internet service company Yahoo! reported two major data breaches of user account data to hackers during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

The city of Atlanta, Georgia was the subject of a massive cyberattack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a ransomware attack.

Charming Kitten is a cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

References

  1. 1 2 Yeung, Peter; Bennett, Rosemary (5 September 2017). "University secrets are stolen by cybergangs". The Times.
  2. 1 2 "Foreign Economic Espionage in Cyberspace" (PDF). US National Counterintelligence and Security Center (. 2018.
  3. Koziol, Michael (8 June 2018). "Major universities hit by data breach affecting thousands of job applicants at top firms". The Sydney Morning Herald.
  4. Thompson, Cadie (21 August 2014). "Hackers next big target: Your kids' college". CNBC.
  5. 1 2 Roman, Jeffrey (February 3, 2015). "Universities: Prime Breach Targets". Data Breach Today.
  6. Campbell, Susan (28 August 2018). "Why schools are prime targets for data breaches". WPRI.
  7. 1 2 Pitts, Andrew (18 September 2018). "Guest Post: Think Sci-Hub is Just Downloading PDFs? Think Again - The Scholarly Kitchen". The Scholarly Kitchen.
  8. Guilford, Gwynn (September 10, 2014). "For $390 you can illegally buy an elite university email account on China's biggest online marketplace — Quartz". Quartz.
  9. "Public Service Announcement: Cyber-Related Scams Targeting Universities, Employees, And Students". FBI Internet Crime Complaint Center. May 5, 2014.
  10. Blair, Dennis C.; Alexander, Keith (August 15, 2017). "Op-Ed: China's Intellectual Property Theft Must Stop". The New York Times.
  11. "Columbia Medical Center, Hospital To Pay $4.8M Fine for Data Breach". iHealthBeat. California HealthCare Foundation. 8 May 2014. Archived from the original on 7 February 2016. Retrieved 17 February 2015.
  12. Weed, Julie (November 13, 2017). "Foiling Cyberspies on Business Trips". The New York Times.
  13. Volz, Dustin (March 23, 2018). "U.S. charges, sanctions Iranians for global cyber attacks on behalf of Tehran". Reuters. Retrieved March 24, 2018.
  14. Carpenter, Todd A. (28 March 2018). "FBI Indicts 9 Iranians who Targeted Scholars to Steal Content". The Scholarly Kitchen.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.