A cyber attack slowed down Ohio State’s e-mail service a few days before Christmas, but the Office of Information Technology administration is confident OSU’s system is not vulnerable to more serious attacks.
“We got about 11 million e-mail messages,” said Bob Kalal, associate director of OIT. “This stuff is not uncommon. Someone who knows what they’re doing can mount a cyber attack in many ways, and this just happens to be one of them.”
While the phony e-mail messages delayed the delivery of legitimate e-mail, the OIT staff was able to make sure all legitimate e-mail was delivered only a few days after the attack.
“That’s all it really does, is slow everything down,” Kalal said. “With the regular business coming in along with the phony messages, it backs everything up. To recover without further adversity, it took a few days to eliminate the phony messages and then send the legitimate messages on to the proper source. This is commonly referred to as a ‘mail bomb.’ “
Kalal said OIT hands cyber crimes over to the police to help avoid these types of crimes in the future.
“If an attack manages to swamp you, and disrupts your service, it’s illegal. It’s certainly against our use policy,” Kalal said. “Basically, it’s illegal to break into or stop someone’s computer. It’s like breaking into their house. That’s why when something like this happens, we turn it over to the police. A few high-profile prosecutions may help cut down on these types of crimes.”
Officer Rick Amweg, who handles most cyber criminal activity for University Police, was not available for comment.
Despite the success of the recent attack, most students are not concerned about the security of their personal information.
“I don’t think anyone could do anything major,” said Derrick Cobb, a junior in electrical and computer engineering who works for University Police. “I don’t think there is a call for concern. It’s pretty far-fetched to think that someone could get in and change grades or see personal information. It’s just not a high probability.”
“I’m not really concerned with it,” said Jeff Arszman, an OSU alumnus. “I’ve been here for over four years, and I haven’t had any information security problems so far, so I have no reason not to trust it.”
Even though administrators say students’ personal information is safe, they are still looking into ways to further increase security.
“We meet quarterly with all the Big Ten schools, and we work collaboratively on computer security issues of all kinds,” Kalal said. “This isn’t just an OSU problem — it’s everywhere. The bigger you are, the more likely someone is to attack you. We try and work together to help deal with these situations and find ways to harden our systems.”
