Tell The History Of Now
The Cavalier Daily
Serving the University community since 1890

University of Virginia will spend millions on new security after Chinese hack

Hackers were present in University server since Spring 2014

<p>Mandiant and ITS met in the weeks following the initial discovery and planned methods of eliminating the hackers from the server.</p>

Mandiant and ITS met in the weeks following the initial discovery and planned methods of eliminating the hackers from the server.

The University will update security for its information technology services after discovering a June data breach was present in University servers for more than a year.

University administrators announced in August that a cyberattack “originating from China” targeted two University employees whose work has a connection to the country.

Now, the University is requesting $12.9 million from the state for security enhancement services relating to IT.

Long term plans will build off stopgap measures implemented in June. A cyber security forensics firm, Mandiant, was hired immediately after the attack was discovered, Chief Information Officer Virginia Evans said.

After pouring through a year and a half of logs, the firm found the hackers were in the system as early as Spring 2014.

“We saw them have a couple active periods during that time through Aug. 14 when we kicked them out,” Evans said.

Mandiant and ITS met in the weeks following the initial discovery and planned methods of eliminating the hackers from the server.

A short term plan removed the hackers from the system and prevented them from re-entering.

Part of the solution was a “safe-dome,” created to hold important systems. Meanwhile, compromised servers were rebuilt, passwords were changed and the hackers’ IP addresses were blocked.

Future plans include hiring a monitoring company to identify a hacker’s presence more efficiently, Evans said.

The University is vetting multiple vendors for a monitoring software, Evans said.

However, some security solutions will have to be carried out by the individual users.

The University will require passwords be changed at least once a year.

In addition to the two-step authentication process already required to access accounts, ITS is considering implementing the use of a physical token, a small piece of hardware used for authentication. This will make it more difficult for hackers to access an account even if they have the associated password.

While many aspects of ITS are being replaced, the student information system, known as SIS, will remain the same, Evans said.

The system will, however, receive some enhancements. These will include improvements to SIS mobile and a more user-friendly interface.

Improving ITS security will be a two to three year program and will require involvement from everyone in the University community to ensure its efficacy, Chief Information Security Officer Kathleen Kimball said.

“Security really requires everyone to be vigilant,” Kimball said. “It is a very intense environment, and people need to learn as much as they can.”

Comments