Finally admitting that we are under attack from China

Cyber attacks sure do seem to be on the increase as well as getting more sophisticated. Finding out today that Educause has experienced a security breach motivated me to offer up a post. Is anyone surprised by the attacks being traced back to the Chinese Army. Those of us with systems under attack have known for a long time where most of the serious traffic was coming from. And although we did not have a specific building in Shanghai, however, we did know that attacks were originating in China. I guess they finally went too far and the Pentagon had to go public with the story. Of course the official report issued by the security firm Mandiant Technologies could not be ignored especially after the New York Times hack was made public.

The cyber attacks were not sophisticated direct penetration attacks but instead just very well done phishing attacks. Phishing as in tricking users into allowing their account passwords to be discovered. The White House and many universities in our country, mine included, were heavily targeted by spear-phishing attacks in the Fall of 2012. The results of these compromised accounts translated into massive use of our email servers to send out Spam email. This turns out to be a very profitable product for the successful hackers. However, the positive outcome from these attacks is that our university is now willing to get far more serious about implementing stronger security measures. Leading the way will be a stronger password change policy. But the real reason for changing passwords is to protect us against the compromises we do not know about.

About ghsmith76

Serious Backpacker, Grandfather, Volunteer, Advisor, Mentor and still Technologically Aware Greg retired as a technologist who served as a Chief Information Officer in Higher Education at Western Washington University, Missouri University of Science, Technology, George Fox University and the Purdue School of Engineering and Technology at IUPUI. Prior to the IT career in Academia, Greg was a Systems Consultant with Hewlett-Packard. Other early jobs included IT activity in the oil shale and coal mining industries along with owning a computer store in Steamboat Springs, Colorado.

Posted on February 19, 2013, in Authentication, Educause, security and tagged . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: