Two weeks ago an unknown assailant disrupted campus internet networks and the UTD website for unknown reasons, causing campus-wide intermittent internet outages.
The Distributed Denial of Service attacks began occurring on Sept. 26 and continued until Oct. 1 for varying amounts of time. A DDoS attack occurs when a large number of (typically malware infected) computers send repeated requests to a single server, overwhelming the server to the point that it can no longer process requests. There is no danger to information security with these type of attacks, instead the aim is to disrupt a server’s internet traffic.
“This is an unprecedented attack against UT Dallas. As far as we can tell we’ve never been a target of this sort of attack of this magnitude before,” said Brian Dourty, the chief information officer.
There was a total of five distinct attacks that occurred. After the Information Security and Technology teams realized the first attack was a DDoS attack they contacted the UTD internet provider to stop upstream traffic. This shielded the campus internet but the outward facing UTD website remained open to attack. The information security team changed the utdallas.edu IP address after several attacks but the attacks continued.
“Based on some feedback from our other (chief technology officers) around the UT system, the experience typically is that you’ll get an attack, you’ll change the IP. They’re not usually so persistent to keep following up. They’ll [usually] get bored and move on to somebody else,” said Brian McElroy, the information security manager.
At press time no one has claimed the attacks. The information security team contacted the FBI and reported the incident shortly after the attacks as DDoSing is prosecutable under the Computer Fraud and Abuse Act.
“They weren’t vocal about it on social media, which is different than we normally see,” Dourty said.
After the attacks occurred Chief Information Security Officer Nate Howe alerted students as to what had taken place and told students that they were taking measures to prevent further disruptions.
The university contracted with Cloudflare after the attacks, a company that routes requests first through their servers to determine legitimate users and they are currently looking at upgrading the firewall and infrastructure in the near future.