Penn State Yanks Engineering Network From Internet After China-Based Attack

coondoggie writes: Penn State's College of Engineering has disconnected its network from the Internet in response to two sophisticated cyberattacks – one from a what the university called a "threat actor based in China" – in an attempt to recover all infected systems. The university said there was no indication that research data or personal information was stolen in the attacks, though usernames and passwords had been compromised.

First!

but it really doesnt matter.

This should be done with all industrial secrets

nothing should be left open to the internet that is valuable intellectual property. It may slow communication, but the protections it offers are incredibly valuable.

A logical response

There are Chinese nationals at Penn State and every other university in America, displacing our own people. Why don't we start revoking student VISAs as a response?

Re:A logical response

Yeah, and they'll switch to Mastercards. Great plan.

Wait, what? :)

Re:A logical response

[epyT-R]

Because the radical left on campuses would say that's racist and 'anti-social.'

Re:A logical response

Because that would create a major diplomatic incident over something that you have no evidence involves any State players. Just because the attack is based in China does not imply that China was behind the attack.

Re:A logical response

Because Microsoft would lose all their new H-1B employees.

Re:A logical response

Want to know how I know you don't know anything about international relations? First clue is you are talking out your ass.

Re:A logical response

Well the right wingers there are child rapists, so they have no room to complain. Pedo State has admitted to hiring and protecting child rapists. They knowingly kept them on staff so they could rape again. They even paid for trips for their employees to take children on to rape them. They admitted to this. The right wingers there are child rapists.

Re:A logical response

[ShanghaiBill]

Because the radical left on campuses would say that's racist and 'anti-social.'

And the left would be right.

Re:A logical response

[Virtucon]

bullshit.

Re:A logical response

[ShanghaiBill]

Why don't we start revoking student VISAs as a response?

Yes, that is so much better than implementing decent security and salting passwords.

Re:A logical response

Well, while your argument is compelling, I find it lacks substance. I agree that China is far and above the largest State sponsor of "cyber terrorism," but that's akin to blaming any car bombing on Iran just because it's carried out by a brown person -- it's intellectually lazy, at best. Further, the complex interconnectivity of the internet makes any such "origination" claim dubious. Remember when the FBI pegged North Korea as the State actor behind the Sony hacks?

Re:A logical response

I was unaware that anyone other than NK had been implicated. Further, I was unaware that China's internet was so open and un-monitored that these attacks would not require sponsorship or a blind eye.

My impression was that China was a hotbed of nationalism, cronyism, and corruption where attacks against foreign interests were encouraged at all times, and permitted for a cut of the action.

Now I learn that these suspicions are akin to thinking that all terrorists are Iranian.

Thank you /.

Re:A logical response

[Feral+Nerd]

There are Chinese nationals at Penn State and every other university in America, displacing our own people. Why don't we start revoking student VISAs as a response?

Because the radical left on campuses would say that's racist and 'anti-social.'

Here's a thought... perhaps we should stop this xenophobic whining and retaliate against the culprits rather than applying a shotgun remedy like revoking the student visas of every Chinese person in sight regardless of whether they were involved in these attacks or not? The "drop a 2000lb bomb on it" approach may be intensely satisfying, especially to the political right. However, it causes collateral damage, it is therefore inelegant and it reeks of stupidity and desperation. Just play the old eye for an eye and tooth for a tooth game. If the Chinese can set up 'cyber warfare' units and think they can attack the USA with impunity in times of peace without it being an act of war then surely they will not complain if the USA uses the 'cyber warfare' branch of it's military to launch attacks inside China against the assholes who are doing this? ... and if they do complain about being hoisted by their own petard then they'll just look pathetic. The USA does have a credible 'cyber warfare' capability does it not?

Re:A logical response

[CaptainDork]

Now, come on ... this is funny.

Re:A logical response

Considering that the Penn State College of Engineering has a research partnership with the U.S. Navy, state-sponsored espionage is a reasonable working assumption until an investigation proves otherwise (much like suicides are investigated as homicides, until proven otherwise).

Re:A logical response

Not to mention the funding and staffing crisis that would devastate American STEM schools without Chinese tuition money and grad students.

Re:A logical response

[DNS-and-BIND]

Since that is their response to everything, how can one know when they are telling the truth and when they are simply reciting the narrative? Even when the facts are wrong, the narrative can still be right. According to leftists.

Re:A logical response

I hope that's not what you consider a logical response

Re:A logical response

According to rightists, the narrative can similarly still be right even when the facts are wrong.

Re:A logical response

Wow. You realize that Jerry Sundusky wasn't even an employee of Penn State during his crimes ... he just lived in the area and used the gyms. So you're saying that if anyone commits a crime in, for example, a public library, then all librarians can't be trusted! Idiocracy!

It would make a lot more sense if you simply said that Microsoft doesn't hire Penn State CS'ers because their coding skills are not on par. But of course you're at MS so that'd be a lie too.

Re:A logical response

So punish the students that had nothing to do with it. Great fucking idea.

Re:A logical response

[Dutch+Gun]

We should probably make a distinction between cyber "attacks" and cyber "thefts". This appears to be of the latter variety, although of course no details were given. Ransom-ware or Stuxnet would better be classified as an "attack". No doubt the government would like any military or political intelligence they can get, and I'm sure they're working to that end already.

One problem (among many) with equivalent retaliation is that we have a lot more worth stealing then they do. There's less of an incentive in launching cyber thefts against a country that we already have a significant advantage of in terms of intellectual property, at least if the goal isn't simply to disrupt internal systems... and I don't think we want to go there.

Re:A logical response

If the librarians were breaking the law and committing blackmail to protect a child rapist, then yes you could blame them. The President of the university and the Athletic Director were convicted for breaking the law to protect a child rapist. They were notified about the rapes, but instead of putting a stop to it, they protected the rapist so he could continue to rape and rape and rape. Your analogy is bad.

And, why would Microsoft associate themselves with an organization that is from the top pro-child rape?

Re:A logical response

[mattventura]

No, discrimination based on country of citizenship isn't any more racist than something like an embargo. Can it be racially motivated? Yes, but because any such blanket ban does not consider race, it cannot be racist.

Re:A logical response

Using that logic we should never put murderers in prison since it will hurt their families. No, these people that raped children and the people that protected them like the university president, athletic director, football coach, asst coach, grad assistants, etc. for the decades he was there need to be punished. It's bad that students are hurt too, but all of the students there knowingly went to a school with a known reputation for protecting pedophiles so they are part of the problem.

Re:A logical response

The correct usage is "hoist", not "hoisted", as in, "hoist by own's own petard".

William Shakespeare used "hoist with his own petard" in Hamlet, in which the word "hoist" is the (now archaic) past participle of the earlier form "hoise" for the verb "hoist".[3][4]

Re:A logical response

> wasn't even an employee of Penn State during his crimes

He was there from 1963 to 1966 then from 1969 to late 2011 when he was finally banned. That's 47 years that he was on campus. He was either a student-rapist or coach-rapist for all but the last few of those years. He most certainly did rape children when he was there. The Second Mile was founded in 1977 to provide that Penn State employee access to boys to rape. 1977! You can't argue with the timeline that convicted him in court. Why are you still defending a child rapist? Why would anyone do that unless they were one.

Re:A logical response

it also makes for great press releases

Re:A logical response

Penn State goes far beyond football, as evidenced by the fact that they had Government-sponsored research that was of enough interest that the Chinese wanted to gain unauthorized access to it. Yes, the Sandusky scandal was a mark on the University's reputation, but it has absolutely nothing to do with this story. Even in the worst case scenario, even IF the students could have anything to do with what happened, they would be long gone by now, but the students didn't have anything to do with it, so it's a moot point.

Re:A logical response

[rtb61]

Stop making bullshit claims for a start. Got a complaint, prove it in court and then apply a fiscal trade penalty by confiscating assets from foreign business located locally and placing the onus upon them to recover the money from their government. Considering the behaviour of the NSA the rest of the world could logically claim something in the order of a couple of hundreds billion dollars of economic damages. Oh, yeah and the US can also try doing it to the rest of the world.

Stop with the bullshit, got a complaint, prove it in international court otherwise shut the fuck up, we don't believe you any more, not for anything. Talk about the boy that cried wolf and the US government and their idiotic solution to this problem, spend more money on telling more lies and force vassal states to comply with the propaganda effort under threat of hostile espionage activity, political destabilisation, economic attacks and even military over throw.

Re:A logical response

Given that China has a national firewall, if it is unwilling to share details of users who performed the attack, it is complicit in the attack and approves of it

Re:A logical response

Absolutely the case. We bring these Chinese scabs in here, they steal trade secrets, take them home, and invade/destroy our networks.

Re:A logical response

[dywolf]

no, it would have more to do with it being effectively a conviction and punishment without due process let alone accusation.

I'm beginning to think you are having a stroke, your lack of context and knowledge of definitions is so striking.

that or you just suffer from diarrhea of the mouth, issuing random phrases you heard once.

2 minutes later...

And 2 minutes later the attack resumed. While the Internet was still disconnected. Theories as to how the Chinese can get into the network "through the air" (as the cable had lots of air between it and the socket) started being thrown about.

Re:2 minutes later...

Uh ... did you check the wireless network?

Just block China already.

[andydread]

To reduce the susceptibility to these attacks engineering/research institutions and corporations should just block originating source IP blocks from China. It may not reduce all such attacks but it should help

Re:Just block China already.

[Virtucon]

So protecting your data and your intellectual property is racist? That's a new play on the race card. It's not about blocking the Chinese people from accessing information, shit their own government does a pretty good job of that already. It's about blocking concerted, direct espionage against US companies, educational institutions and the government. It's not some pimple faced teenager trying to break in for fun, it's about the theft of our technology. Sure, technology leaks and history is replete with examples but this wholesale theft needs to be curtailed and if necessary start blocking IP address ranges; better yet we need a great firewall of China for traffic going to/from China.

Re: Just block China already.

Now you want to destroy the Chinese in the same way by denying them information.

the Chinese government seem to be doing pretty well at that on their own.

Re:Just block China already.

Yup.. never heard of a VPN or proxy, eh?

Re:Just block China already.

[Cramer]

Personally, I do something very similar... every address block assigned to APNIC. Yes, it's a shotgun approach, but it's surprisingly effective. HOWEVER, it's not something that can be done by everyone; it works for me because I have no need to talk to anything in Asia. That won't work for my employer as they have offices all over the world -- including Asia, and all of our manufacturing is done by companies in Asia.

Re:Just block China already.

[khallow]

The reality being that most of China has no knowledge or approval of these things, and punishing them is silly. And the hypocrisy is that there are plenty of US agents engaging in espionage.

That's good. I'd hate to be punished for all the stuff my government is doing supposedly in my name.

Re:Just block China already.

ikr IP blacklisting is so easy and effective, (see brightforts spywareblaster for example)

Re:Just block China already.

Why would an average Chinese national, or anyone in China for that matter, try to connect to the engineering network of a US university? Anything a university student would be interested in is already published in journals, that is what journals are for. If they have legitimate purpose of research collaboration a letter of introduction should be sent to the department. That is the way things are usually done. These sorts of networks are internet facing merely for convenience/ignorance reasons.

Re:As long as the Republicans continue to rule...

Yeah, this makes tons of sense.

Passwords were compromised?

[kdub007]

Were they in clear text somewhere? If so, then they deserved to be hacked.

Re:Passwords were compromised?

[aitala]

No.

Re:Passwords were compromised?

[MooseTick]

Ever heard of john the ripper and the 50 other password crackers that are free to download?

Re:Passwords were compromised?

Ever heard of john the ripper and the 50 other password crackers that are free to download?

Ever heard of salting your stored passwords? Or rate limiting network access?

Re:Passwords were compromised?

[radarskiy]

Or maybe use use of "compromised" comes from a responsible adult to mean that "a copy of the salted and encrypted db has been made which they could possibly brute-force before the heat-death of the universe so we should go ahead and replace all entries now".

Re:As long as the Republicans continue to rule...

What do you say of the cybersecurity surrounding Hillary Clinton? The real solution is to elect a rock ribbed conservative to the Presidency like Ted Cruz who won't be squeamish about bustin' some heads.

Better be sure

They better be sure they have their network back in check before it goes online. PSU does a lot of research https://www.arl.psu.edu/

How come...

All I can think about is the chinese wanting to learn how to morest children?

Well Republicans did open the US to China

Yeah, this makes tons of sense.

Actually in the case of China you can blame the Republicans. They normalized relations with Communist China, argued that more social and economic interaction would bring about a liberalization of China internally. Along with various student protesters, that theory died at the Tiananmen Square massacre during the 1989 Democracy Movement demonstrations. Mainland China readers, you'll have to google that outside of your Great Firewall.

From a wiki not controlled by the Communist Party:

"The Tiananmen Square massacre of 1989, commonly known as the June Fourth Incident () or '89 Democracy Movement () in Chinese,[1] were student-led popular demonstrations in Beijing which took place in the spring of 1989 and received broad support from city residents, exposing deep splits within China's political leadership. The protests were forcibly suppressed by hardline leaders who ordered the military to enforce martial law in the country's capital.[2][3] The crackdown that initiated on June 3–4 became known as the Tiananmen Square Massacre or the June 4 Massacre as troops with assault rifles and tanks inflicted casualties on unarmed civilians trying to block the military's advance towards Tiananmen Square in the heart of Beijing, which student and other demonstrators had occupied for seven weeks. The scale of military mobilization and the resulting bloodshed were unprecedented in the history of Beijing, a city with a rich tradition of popular protests in the 20th century.[4]

The Chinese government condemned the protests as a "counter-revolutionary riot", and has prohibited all forms of discussion or remembrance of the events since.[5][6] Due to the lack of information from China, many aspects of the events remain unknown or unconfirmed. Estimates of the death toll range from a few hundred to a few thousand.[7]

The protests were triggered in April 1989 by the death of former Communist Party General Secretary, Hu Yaobang, a liberal reformer, who was deposed after losing a power struggle with hardliners over the direction of political and economic reforms.[8] University students marched and gathered in Tiananmen Square to mourn. Hu had also voiced grievances against inflation, limited career prospects, and corruption of the party elite.[9] The protesters called for government accountability, freedom of the press, freedom of speech, and the restoration of workers' control over industry.[10][11] At the height of the protests, about a million people assembled in the Square.[12]"

Re:Well Republicans did open the US to China

What does the Tienanmen square incident have to do with republicans?

Re:Well Republicans did open the US to China

Nothing. Ignore the braying of the jackass

Re:Well Republicans did open the US to China

What does the Tienanmen square incident have to do with republicans?

About as much as it has to do with democrats.... they (R and D) are essentially one and the same except for rehtoric, abortions, and a few other things. Neither party should ever be compared in a general sense to couragious people such as those involved in Tienanmen square or even the recent protests against police brutality for that matter. What people get off their ass and do is much more important than carrying on the torch (or inverted torch) of their parents political ideologies.

Re:Well Republicans did open the US to China

What does the Tienanmen square incident have to do with republicans?

Do you suffer from reading comprehension problems: "Actually in the case of China you can blame the Republicans. They normalized relations with Communist China, argued that more social and economic interaction would bring about a liberalization of China internally. Along with various student protesters, that theory died at the Tiananmen Square massacre during the 1989 Democracy Movement demonstrations."

Republicans claimed relaxed and permissive trade and monetary policy with China would lead to liberalization. Liberalization ended at Tiananmen. Yet the relaxed and permissive policy with China remains, despite the Republican's theory of liberalization being a complete failure. Are you still confused?

Re:Well Republicans did open the US to China

Nothing. Ignore the braying of the jackass

Are you truly that dimwitted? Late 1970s, Republicans justified relaxed trade and monetary policy with China arguing that greater interaction with the west will lead to reform. 1989, Tiananmen ends reforms, Communist Party cracks down on dissent and criticism. And we have an increasingly predatory China for decades and today's incident at Penn is yet another example. Yes Democrats are guilty too but that facts remain that the policy was initiated by Republicans and when the moment of its failure arrived the decision to continue anyway was made by Republicans.

They're probably just looking for child porn

Pedo State has a long history of hiring child rapists and protecting them. They protect child rapists all of the way to the top of the chain of command at that place.

Re:They're probably just looking for child porn

This is like your sixth repetitive post. Seek therapy!

A Message from The President of Penn State

[Sir_Eptishous]

First off, is this hyperbole?

Moving forward, we all will need to take additional steps to protect ourselves, our identities and our information from a new global wave of cybercrime and cyberespionage.

Second, and most importantly, how long until the US and China "come in from the cold" and enter an actual hot war(with the way events are unfolding in the South China Sea, and this cold war that has been going on for the last 15 years)?

Re:A Message from The President of Penn State

Seeing that Two Factor and other things are being pushed hard core, I'd say it's not hyperbole

Re:A Message from The President of Penn State

[Fire_Wraith]

I'd say it's not really a 'new wave', though it's certainly 'new' to the people who haven't really been involved in the network security field.

As to the odds of a shooting war in East Asia, my hope is that there is too much money and profit involved for anything to really get out of hand. That said, what concerns me is the possibility that the Chinese government will rely increasingly on nationalism to shore up its domestic popular support as the double-digit growth years become a thing of the past. This is the sort of thing that can easily get out of control, to the point that otherwise sensible leaders will make risky or bad choices, such as escalating a conflict that can erupt into war, when they think the alternative is worse (appearing weak in front of the people and losing power).

Penn should hire Hillary's cybersecurity people

[drnb]

What do you say of the cybersecurity surrounding Hillary Clinton?

It sounds like Penn should hire Hillary Clinton's cybersecurity people. There is absolutely no evidence at all that her basement mail server was ever hacked.

Re:Penn should hire Hillary's cybersecurity people

[bobbied]

What do you say of the cybersecurity surrounding Hillary Clinton?

It sounds like Penn should hire Hillary Clinton's cybersecurity people. There is absolutely no evidence at all that her basement mail server was ever hacked.

Of course there is no evidence.... She literally erased EVERYTHING on the server. Oh sure, she had some e-mails printed, but the server, and the E-mail supposedly on it where erased before anybody had a chance to look. All we really have is her word that it never was hacked, not that she'd know if it was anyway.

Re:Penn should hire Hillary's cybersecurity people

[epyT-R]

Still doesn't align well with the 'transparent government' push. Come on, as a public official you shouldn't be using private servers for official communications.

Re:Penn should hire Hillary's cybersecurity people

i need to point out that penn and penn state are two different schools. i'm a member of penn's network lab. this sort of thing would never happen in our lab. we're like totally on top of it. /s

Re:Penn should hire Hillary's cybersecurity people

It's entirely possible that the suggestion was facetious. Possibly even sarcastic.

Re:As long as the Republicans continue to rule...

[Jawnn]

What do you say of the cybersecurity surrounding Hillary Clinton? The real solution is to elect a rock ribbed conservative to the Presidency like Ted Cruz who won't be squeamish about bustin' some heads.

You don't have any idea how moronic that sounds, do you?

Re:As long as the Republicans continue to rule...

[jfdavis668]

I thought the President was a Democrat. When did he stop ruling?

There is no evidense at all

In a manner of saying. There is no evidence at all. The Clinton Crime family scrubbed the machine, yoga emails and all. My guess is Vlad and Xi have read every detail.

Bad PR angle

[Tablizer]

"We will prepare your children for the future by hiding in caves."

Re:Bad PR angle

And them raping them which is the Penn State way. Also, we'll keep the rapist on the payroll and have everyone from the President to the football coach to grad assistants work their asses off to protect child rapists. That is the Penn State way.

Re:As long as the Republicans continue to rule...

I thought the President was a Democrat. When did he stop ruling?

Remember, he has his pen and his phone.... He's the president...

OpenBSD?

They should have been using OpenBSD.

And this is why you monitor your traffic

[CSG_SurferDude]

Without knowing any of the gory details, I have to wonder if this could have been caught by the network team monitoring and characterizing the inbound/outbound traffic and watching for anomalies.

Re:And this is why you monitor your traffic

[Fire_Wraith]

I'd be curious to know what sort of network monitoring team they have - if any. My impression is that most universities don't tend to think of themselves as a target, and thus this tends to be a function that network admins conduct rather than having dedicated network security personnel and IDS/IPS/etc suites the way you would likely see in a corporation or government entity.

Re:And this is why you monitor your traffic

I'm sure it could have been caught by an effective and monitored IDS/IPS, but from what I've seen, that level of attention to detail is rarely exhibited by large universities where the faculty and other non-rational actors have the last say on IT security.

WE ARE

[jfdavis668]

PENN STATE!

Re:As long as the Republicans continue to rule...

[Duhavid]

I thought the president was elected? When did we stop ruling?

Where did other attack come from?

[fullback]

The Penn State announcement doesn't mention China at all. The other says an unnamed source said one of the two sources was China. Where was the other?

Other countries are doing exactly what the NSA does. The NSA does the same thing, forwarding technology information and foreign business strategies to US companies by hacking communications through ECHELON, tapping into privately owned infrastructure cables, keylogging and tapping phones at sources.

But that's OK because it's "us" and not "them."

Re:As long as the Republicans continue to rule...

these things will just keep happening. They just don't get security, and they actually like it when the average person gets hurt by a communist. It gives them more of an excuse to go on another one of their constant murder rampages. That is the way of their kind. They are encouraging this to happen.

Talk about rank partisan stupidity... normalizing relations with China was a good move overall. They are no longer a communist country, though the communist party is still in control, they are gradually relinquishing control as their quality of living overall improves. The US on the other hand was controlled exclusively by the Democrats for 2 years, and a Democrat majority (Senate and Presidency, only lacking the House) for 4 more years, rounding out to 6 years out of the last 7 being dominated by the Democrats. So if you don't like our current policies towards China, maybe you should stop blindly voting, pull your head out of your ass, learn the issues and then vote for and support candidates based on what they believe instead of whether they have a (D) or (R) next to their name...

And yes, most cyber attacks come out of relatively few countries, and in the case of China, all of it is state sponsored. Don't like it? Elect representatives that will stop spending money like drunken sailors, enact reflective trade policies with China (neutralize the artificial advantage we have been allowing China to have) and balance our budget. Once we don't have to rely on China buying our debt, we can work with other free nations to have a protective treaty that cuts off global internet access for ascending weeks if they engage in cyber warfare or espionage (or if we have pretty good evidence that they did). It is a cost/benefit balance with China, they will stop doing it if there is a cost greater than the benefit.

Is this just a PR stunt?

Penn State is best known for Paterno who was friends with a child rapist that he protected for decades. The school's reputation will probably never recover from providing little boys for Sandusky to rape. These seems more like a stunt to try to distract from the facts.

Blacklisting not a solution. WhiteListing might be

Since people want to get access from their homes why not start white listing addresses it will definitely reduce the chance of getting hacked.

It might be harder then blacklisting for the average consumer but I assume that the engineering department employees or students would know how to get the info from their home systems to have white listing work.

Re:As long as the Republicans continue to rule...

Wrong. The President is selected by the Board of Trustees. The board consists of 32 members so the selection process can be quite chaotic. It especially was the last go round after they finally fired the guy they selected that spent years protecting a child rapist. After decades of protecting child rapers, they finally stopped.

greenwow - take your meds

Your off again.

Oxymoron

[PocketPick]

The university said there was no indication that research data or personal information was stolen in the attacks, though usernames and passwords had been compromised.

Because you know...who would consider passwords to be personal information...

Penn State disconnected network?

[nickweller]

'Penn State's College of Engineering has disconnected its network from the Internet in response to two sophisticated cyberattacks – one from a what the university called a "threat actor based in China"'

What was the nature of the attack, what Operating System does Penn State run on?

Hah Penn State

Literally a week ago I was googling how to set the hostname for a certain printer via web interface and I found their printer there, accessible to the internet. I thought about taking it offline to get the staff's attention, but instead I changed the language to Swedish.

Anonymous for obvious reasons.

Happened at Rutgers, too

A friend of mine at Rutgers complained that attacks resulted in Rutgers being cut off from the Internet in recent weeks.

Re: Penn should hire Hillary's cybersecurity peopl

Okay, so a Republican controlled congress failed to seize the server before it was wiped clean. I wouldn't go around making a big deal about this if I were a Republican. It may come back to bite you when the presidential election rolls around.

Re: Penn should hire Hillary's cybersecurity peopl

[bobbied]

Okay, so a Republican controlled congress failed to seize the server before it was wiped clean. I wouldn't go around making a big deal about this if I were a Republican. It may come back to bite you when the presidential election rolls around.

When the election rolls around? Uh, I think it's hear now and we have nearly 2 years of campaigning in our future... Heaven help us... Hillary won't be materially harmed by this, by the time she actually starts campaigning it will be old news but thinking the republicans will be harmed by this somehow is nuts... Unless of course they over play the card... But that's a self inflected "unforced error" kind of thing and if the democrats are hoping for that, it's going to go badly for them and they know it.