Alistair Berg / Getty Images
On January 27, shortly before ten o'clock in the morning, the pages of the University of Granada (UGR) were no longer accessible on the internet.
In far-off normal conditions, this general decline would have been a major setback, but it would not necessarily have affected the students' routines.
With the pandemic galloping to the top of the third wave and face-to-face activities suspended, the impact was different.
"This may affect the normal performance of evaluation tests, so affected students should contact their teachers to receive instructions in this regard," reported the center in a statement issued that morning.
For almost a year, university education has had a second home on the internet where it spends more and more time.
And those prolonged stays due to the peaks of the pandemic expose the digital infrastructure to the impeccable visit of cybercrime.
“This is like earthquakes: there are small ones that happen every day and nobody notices them, but from time to time there is a bigger one”, explains Francisco Cano, director of the CSIRC and head of security for the UGR Network.
The January earthquake was noted because it happened in the middle of the exam period, the second that the university convened remotely after those that were held in June.
As Cano explains, the cause was what is known as a DDoS attack - denial of services - whose strategy is to crowd the servers with more visits than they can admit until, saturated, they collapse.
"There were millions of computers that were dedicated to trying to access the university's servers," explains the expert.
The answer to this was to put up barriers to prevent collapse, but those same barriers, although essential, also temporarily left teachers and students out in the middle of their evaluations.
"What we are clear about is that the castle was never entered."
The wall endured and avoided greater evils.
“The servers are equipment that many times have been working for years.
And when they go down, it is a problem ”.
According to Cano, the attack that the university identified as an attempt to boycott the exams is the only cyber attack that has managed to disrupt the UGR's routines since the pandemic began and, with it, the hasty move to online teaching.
He sums up the other memorable incidents on the internet this year in a spate of
phishing
and a handful of attempts to boycott meetings on Zoom or other video conferencing platforms (
zoombombing
).
Hervé Lambert, head of consumer operations at Panda Security, takes his hat off to the way universities have responded to this transition to digital: “They have had a brutal revolution.
Not even companies have had as many changes as what this has meant for students and teachers.
We do not get used to the idea of what it means for a university to do everything remotely ”.
According to a study by the cybersecurity company Bluevoyant, prepared with data from 2,702 universities in 43 countries, the main threat to these centers, in line with what happens in other sectors, are
ransomware
attacks
, in which a virus encrypts the information stored on your computer so that its contents can only be decrypted by paying a ransom.
On average, the cost of these incidents was, according to the same report, more than 370,000 euros.
“Universities are like any other company that has to protect its assets.
We have student data, bank information and we also save their grades ”, explains Juan José Nombela, director of the area of Computer Science and Technology at the International University of La Rioja, whose teaching has always been taught remotely.
“Because we are digital natives and because our students and teachers were already like that, we have not done anything new there.
What has changed the pandemic is that now the administration staff have also gone home to work ”.
Leaks
Data leaks are also a headache in this area where the credentials of the staff of each center are added to those of the students.
“Universities have a very open border where by their very nature they have many people from different conditions.
Almost all users of information systems and are in an organization in which the hell they are going to have to share information.
It's a dangerous cocktail, ”explains Miguel Juan, managing partner of the cybersecurity company S2Grupo.
According to data from the Ministry of Universities, the Spanish university system had more than 1.6 million enrolled students last year.
In the personnel section we would be talking about more than 215,000 people among teachers, administration and services, researchers and support technicians, according to the data from the 2018-2019 academic year.
The main purpose of credential theft is their subsequent sale on the black market.
"If you go to the
darkweb
- dark internet, not accessible from conventional browsers - in search of credentials, you find many, many that come from university backgrounds," explains Lambert.
The expert prescribes the toughening of password change policies, widespread use of two-factor authentication systems and an awareness-raising effort that he sees as especially necessary among the student community.
"My son used three different passwords and maybe he has credentials for 100 services."
In addition to the attacks aimed at the kidnapping of information or the theft of personal data, there are also attempts to access works that students and researchers store on the university's networks.
"Many are doing research on topics that can be very interesting for third parties," says Juan.
A study by the Universities of Kentucky and Michigan revealed that more than a hundred pages from American universities, including Stanford and Columbia, had been hacked or compromised in article and essay thefts.
Nombela confirms that they have seen and reported the presence of works by students of the International University of La Rioja on pages of this type, but does not attribute it to unauthorized access to their systems.
"Our main concern is protecting the personal data of our students."
Cyber attack flat fee
"Many times they ask us: 'but who has the capacity to do this?'" Says Cano.
The problem is that to launch an attack like the one suffered by the UGR, it is not necessary to be a master of cybercrime.
It is enough to know where to look ... and have 30 euros.
"The sad thing about this is that it is very cheap to promote attacks of this type. In the
dark web
—dark
internet
, not accessible from conventional browsers—, you have flat rates of 30 euros per month that allow you to attack the servers you want" .
You can follow EL PAÍS TECNOLOGÍA RETINA on Facebook, Twitter, Instagram or subscribe here to our Newsletter.
