On July 30, a fake email was sent out to the Swarthmore student population in the name of the registrar, Martin Warner. The identity of the perpetrator are being kept confidential by the Swarthmore College Computer Society (SCCS), but such an incident begs the question of how secure is the college’s network technology infrastructure is.
Phrased in layman’s terms by representatives of SCCS, the majority of the real world cyber attacks are from bad actors scanning for exposed or unprotected home devices. They send out server requests through the network, scrolling through servers upon servers until they stumble upon an unprotected device. And exposed unprotected devices can be exploited. The Swarthmore network is no exception, since the servers are run by publicly exposed IP addresses. According to a member of SCCS, the college’s network continually runs into foreign server scans and requests looking for unprotected devices.
“[There are] queries coming into our server from all over the world every few seconds that are just random servers looking for open ports every few seconds … I think a lot of the people aren’t really aware of the sheer volume [of attacks] that comes towards the servers that are maintained by the SCCS and the Swarthmore Information Technology Service (ITS),” said a representative of SCCS. “And despite that, the ITS and the Official Swarthmore Servers get massive, massive amounts of malicious traffic. And as students we effectively never see the result of that.”
Keeping in mind this structure of attack, ITS has implemented measures to preemptively prevent exposed ports and vulnerability to the general requests. Thus, Swarthmore is generally secure when it comes to common cyber attacks. In the words of an SCCS representative, the Swarthmore network is not a “low hanging fruit” when it comes to general cyber attacks.
“There are literally tens of thousands of probes of Swarthmore’s network every hour — the security systems we have in place protect our network and campus from any intrusions,” wrote ITS Chief Joel Cooper in an email.
Aside from protecting the Swarthmore network from common attacks, ITS is also vigilant in other types of attacks. According to Cooper, arguably the most challenging part of maintaining network security at Swarthmore is preventing phishing attacks.
“You get an email from Amazon that looks so real telling you they just delivered you new flatscreen TV except you didn’t order one. You panic, click the link, enter your username and password, and you’ve been phished,” Cooper explained in an email.
To match the growing sophistication of the phishing attacks, ITS has made changes in improving its defenses. This year, ITS is implementing the DUO two-factor authentication to its network security system. According to the ITS website, the DUO system adds an “additional identity verification by requesting something you know (your username and password) along with something you have (a mobile phone, tablet, or landline).”
The Swarthmore network is quite secure when it comes to non-target specific attacks, but the nature of the fake Martin Warner email is a target specific attack. According to Professor of Computer Science Jeffrey Knerr, though Swarthmore’s network system is highly fortified like Google, Yahoo, or Facebook servers, the college’s network system is not completely invulnerable to any attacks.
“We strive to make it difficult for our systems to be breached. However, as in the physical world, if someone is highly motivated enough to break into something (a building or a computer), they’re going to find a way given sufficient time and resource,” Cooper wrote in an email.
Furthermore, it is also much easier to hack into a system, if a bad actor already has an account on the given domain. According to Knerr, it is much easier to access and navigate a given system when a person already has an account on the domain.
“I don’t think any system is totally secure, especially once they’re on the system. Like if you were talking about working at Google. Is Google secure? Well if I have an account on Google servers and I want to do evil, it’s much easier for me to do that if I’m already in, ” said Knerr.
And although the fake email attack was slightly more sophisticated, since the person must have had domain specific knowledge about computers, SCCS assures that it is nothing to worry about.
“In some ways, they were extremely naive because they left trails all through our logs. We had information about the person in six different places on our server, and it was not very hard to figure out who it was. So it wasn’t somebody who was anywhere near talented enough to actually carry out this attack with any kind of success, because they got caught basically instantly,” said an SCCS Representative.
Furthermore, SCCS assured that with the protections set in place, items such as a student’s financial information stored on the Banner and MySwat are essentially impenetrable, unlike older less secure systems such as email.
Though no technological system is always fully secure, the college’s technology community and administrators are continuously finding ways to improve the system, and taking steps to ensure that the students, staff, and faculty at Swarthmore are cyber-secure.