Penn State severs engineering network to fight Chinese hackers
MANILA, Philippines – Penn State University, which develops technology for the US Navy, said Friday, May 15, that it would take its engineering college's computer network offline for a few days after an investigation revealed that Chinese hackers had been going through data at the engineering school at the university for over two years.
According to a Bloomberg report, the US university's technological secrets were already being developed with partners for commercial use. The security breach implies foreign spies could be using universities as a means of gaining access to commercial and defense secrets.
Penn State president Eric Barron wrote a letter to professors and students, saying, "This was an advanced attack against our College of Engineering by very sophisticated threat actors.”
He added, "This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible."
The Federal Bureau of Investigation (FBI) told the university about the issue in November 2014, and investigators found two separate groups of hackers taking information from Penn State.
According to a person familiar with the probe, the first group has been linked to the Chinese government while the second group has not been identified. Investigators, however, believe the second group is made up of state-sponsored hackers.
Nick Bennett, a senior manager at Mandiant, the security division of FireEye Inc, which helped in the investigations, said of the hackers, “There is an active threat and it is against not just Penn State but against many different organizations across the world, including higher education institutions."
Bennett added that universities "need to start addressing these threats aggressively."
The university has already informed 500 partners, which include various companies, government agencies, and other universities, about the breach. Some 18,000 students and professors have also been notified, as personal data – including social security numbers – were stored in one of the computers accessed by the hackers. – Rappler.com