University files criminal complaint about cyber attacks
On several occasions during the last two weeks, it was impossible to send emails, download documents and watch lectures online. Radboud University's network fell victim to cyber attacks at least three times, resulting in the network being offline for around an hour and a half. The university has since filed a police report of the incidents.
In the last two weeks, Radboud University’s internet services were disrupted, cross-campus, more than once. Anyone wanting to visit a website or send an email was informed that the Internet was down. The disruption also meant that one exam for the Bachelor’s programme Data Science and Cyber Security had to be postponed.
The university has joined with the national SURF-Cert-team to start an investigation into the cyber attacks. Such attacks are becoming increasingly more refined, meaning that new measures are required, spokesperson Marijn Gerritsen said. The university has since filed a police report of the incidents.
Three euros
But exactly what kind of cyber attack was it that plagued the university? A Distributed Denial of Service, or DDoS attack is an attempt to make a website or network inaccessible. This kind of attack is carried out quite often in the Netherlands, by pupils against secondary schools, for example, or by activists against banks.
More disruptions expected
In the coming period, students and staff must be prepared for temporary disruptions to the campus computer amenities. This is the gist of a post on Radboudnet, following yet another disruption lasting 50 minutes, on Friday morning, also due to DDoS attacks. The post goes on to say: ‘A multidisciplinary team of colleagues is on permanent stand-by, ready to fend off the DDoS attacks and prevent disruptions as far as possible or resolve them as fast as possible’.
‘The perpetrator of the cyber attack sends a huge amount of computer traffic to the website to be affected,’ says Jean Popma, cyber security expert at Radboud University. ‘This causes the essential functions on the website to break down, resulting in a complete congestion of the network traffic.’ Popma does not rule out the possibility that the attacks are being carried out by students wishing to avoid taking exams.
DDoS attacks are popular and easy to access. A simple search on Google will provide you with dozens of websites that rent out servers (known as botnet systems – ed.) with which to carry out the attack and the costs start at only three euros. What they do not mention is that the perpetrators risk a fine or even prison sentence.
Criminal complaint
Popma sees the cyber attacks as an extra argument for the continued improvement and innovation of the university’s technical resources. ‘But it’s impossible to completely eliminate the risk,’ he says. ‘The solution is to detect the attack at an earlier stage. Only then can we trace the precise origin of the attack.’
Popma cannot be sure that the police report made by the university will be effective. ‘If the source of the attack is found to be in Russia or Ukraine, for example, then there’s nothing the Dutch legal system can do.’