After a series of cyber security attacks interrupted legitimate traffic to multiple Rice websites in the spring, IT’s Director for Enterprise Applications, Andrea Martin, worked with the IT Security Office to deflect future acts of aggression.
The security team had already begun watching traffic that approached and entered the Rice network. IT Security Analyst Albert Ball presented their findings in a meeting facilitated by Andrea Martin and Barry Ribbeck, IT’s Director for Systems, Architecture, Infrastructure, and Cloud Initiatives. Rice community members invited to the presentation included representatives from departments with high traffic websites, such as Development Resources, Public Affairs, and the Glasscock School of Continuing Studies. The presentation included a same-day snapshot of detected attacks in progress. The detection system can distinguish between outright attacks and the exploitation of a known vulnerability (usually patches in later releases of web browsers, operating systems and software applications, particularly Java). Pastebin.com is a website used by Anonymous (a group of intrusion application creators) and/or hackers to promote vulnerabilities they have discovered. Disclosing names and passwords or lists of websites and servers that have been successfully exploited allows other cyber security criminals to attack the same accounts, sites, and servers.
In the presentation, a group of websites hosted on Rice servers was posted on Pastebin only an hour or two prior to the meeting. All the addresses shown had been hacked or subverted (traffic redirected to another site, say in Poland). The presentation went on to depict where the current attacks were originating and how. Multiple sources were combining in a brute force attack on a single Rice address. In a one day, one week prior to the presentation, Rice had 2,300 attacks and each attack was composed of 300 attempts to reach a Rice address within milliseconds. According to Ball, “We know these are automated attacks. Obviously, legitimate traffic can’t possibly enter 300 attempts on a single website in a matter of milliseconds. These are the kinds of attacks we can block. We have the ability to block known malicious attacks with a tool used by major corporations. This resource had been thoroughly vetted and it works.” With the approval of the department representatives, IT began implementing a procedure to block intrusions.