Incident: Students and Staff Behind University Cyber-Attacks during Term Times

Published Date: 2018-09-13

Postmortem Analysis
Timeline 1. The software failure incident mentioned in the article happened during the academic year 2017-18, with specific mentions of peaks and troughs of attacks during term times and working days [75473]. Estimation: Step 1: The article was published on 2018-09-13. Step 2: The incident occurred during the academic year 2017-18. Step 3: The incident likely occurred between September 2017 and August 2018.
System The software failure incident reported in the article "Students blamed for university and college cyber-attacks" [75473] involved the failure of the following systems: 1. Network security systems 2. Research and academic network 3. Internet and computer services provided by Jisc These systems failed to prevent cyber-attacks, particularly denial of service (DDoS) attacks, on universities and colleges, leading to disruptions and potential security breaches.
Responsible Organization 1. Students and staff at universities and colleges were found to be responsible for causing cyber-attacks on the research and academic network, with motivations ranging from seeking chaos to personal grudges or seeking advantages in online gaming [75473].
Impacted Organization 1. Universities and colleges in the UK [75473]
Software Causes 1. The software causes of the failure incident were related to cyber-attacks, specifically denial of service (DDoS) attacks, which were suspected to be carried out by students or staff members at universities and colleges [75473].
Non-software Causes 1. Disgruntled staff or students wanting to provoke chaos [75473] 2. Online gamer attacking another gamer to secure an advantage [75473] 3. Misplaced sense of "fun" at disrupting networks [75473] 4. Desire for "kudos among peers" for causing chaos [75473] 5. Grudge over poor grades or failure to secure a pay rise [75473]
Impacts 1. The software failure incident led to disruptions in networks at universities and colleges, potentially affecting research and academic activities [75473]. 2. The attacks caused peaks and troughs in network activity, with a significant decline in attacks during holidays and breaks [75473]. 3. The incident highlighted the difficulty in identifying individual cyber-criminals responsible for the attacks [75473]. 4. The attacks included sophisticated state-sponsored cyber-attacks and serious criminal players targeting research and sensitive information [75473]. 5. The software failure incident raised concerns about the motives behind the attacks, including causing chaos, seeking peer recognition, or expressing grudges [75473].
Preventions 1. Implementing stricter access controls and monitoring systems to track and identify individuals responsible for cyber-attacks [75473]. 2. Providing cybersecurity awareness and education programs for students and staff to prevent malicious activities [75473]. 3. Conducting regular security audits and vulnerability assessments to identify and address potential weaknesses in the network [75473]. 4. Enforcing consequences for individuals found responsible for cyber-attacks to deter future incidents [75473].
Fixes 1. Implementing stricter access controls and monitoring systems to track and identify individuals responsible for cyber-attacks within the university or college network [75473]. 2. Conducting awareness campaigns and educational programs to educate staff and students about the consequences of engaging in cyber-attacks and the importance of maintaining network security [75473]. 3. Enhancing cybersecurity measures such as intrusion detection systems, firewalls, and encryption to prevent and mitigate potential attacks from internal sources [75473]. 4. Establishing clear policies and consequences for individuals found guilty of engaging in cyber-attacks within the educational institution [75473].
References 1. Jisc - The government-funded agency that provides cyber-security and conducted the security analysis of cyber-attacks against universities and colleges in the UK [Article 75473].

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown The articles do not provide specific information about a software failure incident happening again at either one organization or multiple organizations. Therefore, the information to answer this question is 'unknown'.
Phase (Design/Operation) unknown The articles do not provide specific information about software failure incidents related to the development phases of design or operation.
Boundary (Internal/External) within_system (a) within_system: The software failure incidents reported in the articles suggest that many of the attacks on universities and colleges were caused by factors originating from within the system, specifically by staff or students. The analysis by Jisc found a clear pattern of attacks being concentrated during term times and during the working day, with a sharp decline in attacks during holidays when students and staff were not present [75473]. (b) outside_system: The articles do not provide specific information about software failure incidents caused by contributing factors originating from outside the system.
Nature (Human/Non-human) human_actions (a) The software failure incident occurring due to non-human actions: The articles do not provide information about software failure incidents occurring due to non-human actions. (b) The software failure incident occurring due to human actions: The articles highlight that many cyber-attacks on universities and colleges in the UK were likely caused by disgruntled staff or students wanting to provoke chaos. These attacks included attempts to disrupt networks through denial of service or distributed denial of service attacks, crashing computer systems [75473].
Dimension (Hardware/Software) software (a) The articles do not provide specific information about a software failure incident occurring due to hardware-related factors [75473]. (b) The software failure incidents discussed in the articles are primarily attributed to contributing factors originating in software. The incidents include cyber-attacks on universities and colleges, such as denial of service (DDoS) attacks, which aim to disrupt networks and crash computer systems. These attacks were found to be caused by various individuals, including students or staff members within the institutions, seeking to provoke chaos, gain advantages in online gaming, or for personal reasons like seeking recognition among peers or expressing grievances [75473].
Objective (Malicious/Non-malicious) malicious, non-malicious (a) The articles suggest that some of the cyber-attacks on universities and colleges, including denial of service attacks, could be malicious in nature, with the intent to harm the system. For example, there were instances where attacks were traced back to individuals such as a student attacking another gamer to gain an advantage [75473]. Additionally, the analysis mentions the possibility of attacks being carried out by disgruntled staff or students wanting to provoke chaos, disrupt networks, or seek revenge over poor grades or other personal reasons [75473]. (b) On the non-malicious side, the analysis also points out that some attacks could be non-malicious in nature, potentially driven by factors such as seeking fun, gaining peer recognition, or testing network resilience without the intent to cause harm [75473]. The incidents of attacks decreasing significantly during holidays and breaks when students and staff are less present could indicate that some attacks may not be driven by malicious intent but rather by individuals seeking to cause disruptions or test their capabilities.
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident related to poor decisions is evident in the article. The incidents of cyber-attacks on universities and colleges in the UK were found to be potentially caused by disgruntled staff or students wanting to provoke chaos. The attacks were not solely attributed to criminal gangs or foreign powers but rather to individuals within the institutions. Reasons for these attacks included a misplaced sense of "fun" at disrupting networks, seeking "kudos among peers" for causing chaos, or holding grudges over poor grades or failure to secure a pay rise. These actions indicate a deliberate intent to disrupt systems, which can be considered as poor decisions leading to software failure incidents [75473]. (b) The intent of the software failure incident related to accidental decisions is not explicitly mentioned in the article. The focus is more on deliberate actions by individuals within the institutions, such as students or staff, to carry out cyber-attacks. The incidents were not attributed to unintentional mistakes but rather to intentional actions aimed at causing disruption or chaos within the network systems [75473].
Capability (Incompetence/Accidental) accidental (a) The articles do not specifically mention any software failure incident related to development incompetence. (b) The articles mention incidents where cyber-attacks on universities and colleges were caused by students or staff members accidentally or intentionally. For example, one incident involved a cyber-attack originating from a university hall of residence by an online gamer trying to gain an advantage over another gamer [75473]. These incidents could be considered as software failure incidents caused accidentally by individuals within the organization.
Duration unknown The articles do not provide specific information about the duration of the software failure incidents in terms of being permanent or temporary.
Behaviour crash, other (a) crash: The articles mention incidents of denial of service (DoS) or distributed denial of service (DDoS) attacks where hackers try to stop or overload networks, potentially leading to crashing computer systems [75473]. (b) omission: The articles do not specifically mention instances of software failure due to omission. (c) timing: The analysis of cyber-attacks on universities and colleges found a clear pattern of attacks being concentrated during term times and during the working day, with a very sharp decline in attacks during holidays and half-terms. The peaks and troughs of attacks mirror when students and staff were most likely to be present, indicating a timing-related aspect to the attacks [75473]. (d) value: The articles do not provide information on software failure incidents related to the system performing its intended functions incorrectly. (e) byzantine: The articles do not mention software failure incidents related to the system behaving erroneously with inconsistent responses and interactions. (f) other: The articles mention incidents where cyber-attacks were caused by disgruntled staff or students wanting to provoke chaos, online gamers attacking each other to gain an advantage, or individuals disrupting networks for fun or due to personal grudges. These behaviors could be categorized as "other" in terms of software failure incidents [75473].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The articles do not mention any consequences related to death, harm, basic needs, property loss, or non-human entities resulting from the software failure incident. The focus is on the disruption caused by cyber-attacks on universities and colleges, with the main consequences being network disruptions, attempts to cause chaos, and potential theft of sensitive information. Therefore, the most relevant options are (e) delay and (d) property, as the attacks aimed to disrupt networks and potentially steal information [75473].
Domain information, knowledge (a) The failed system was intended to support the knowledge industry, specifically the education sector. The software failure incident involved cyber-attacks on universities and colleges in the UK, affecting their research and academic network [75473].

Sources

Back to List