Finally admitting that we are under attack from China

Cyber attacks sure do seem to be on the increase as well as getting more sophisticated. Finding out today that Educause has experienced a security breach motivated me to offer up a post. Is anyone surprised by the attacks being traced back to the Chinese Army. Those of us with systems under attack have known for a long time where most of the serious traffic was coming from. And although we did not have a specific building in Shanghai, however, we did know that attacks were originating in China. I guess they finally went too far and the Pentagon had to go public with the story. Of course the official report issued by the security firm Mandiant Technologies could not be ignored especially after the New York Times hack was made public.

The cyber attacks were not sophisticated direct penetration attacks but instead just very well done phishing attacks. Phishing as in tricking users into allowing their account passwords to be discovered. The White House and many universities in our country, mine included, were heavily targeted by spear-phishing attacks in the Fall of 2012. The results of these compromised accounts translated into massive use of our email servers to send out Spam email. This turns out to be a very profitable product for the successful hackers. However, the positive outcome from these attacks is that our university is now willing to get far more serious about implementing stronger security measures. Leading the way will be a stronger password change policy. But the real reason for changing passwords is to protect us against the compromises we do not know about.

About ghsmith76

Greg Smith is currently the Interim CIO at Western Washington University. Prior to WWU Greg was the CIO at Missouri S&T, and before that the CIO for George Fox University in Newberg, OR. Greg went to the Northwest from the Purdue School of Engineering and Technology in Indianapolis, IN. where he served as the Director of IT for 8 years. Prior to the IT career in Academia, Greg was a Systems Consultant with Hewlett-Packard primarily with the Analytical Group working out of San Francisco,Cincinnati and Indianapolis. Greg's passion as a CIO in Higher Education comes from his belief that Technology can benefit Teaching & Learning.

Posted on February 19, 2013, in Authentication, Educause, security and tagged . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s