Penn State University network sacked by China malware blitz

Penn State University has had to take networks in its school of engineering offline after falling victim to a malware attack traced partially to China.

Acting on an FBI tip, the school found that PCs on the network of its College of Engineering were infected with malware that appeared to be trying to harvest research data and personal information.

The Pennsylvania school said in a notice that it would disable the network of its College of Engineering in response to the attack. The outage is expected to last for several days. Classes are continuing as normal.

"In a coordinated and deliberate response by Penn State, the College of Engineering’s computer network has been disconnected from the Internet and a large-scale operation to securely recover all systems is underway," the school said.

"Contingency plans are in place to allow engineering faculty, staff and students to continue in as much of their work as possible while significant steps are taken to upgrade affected computer hardware and fortify the network against future attack."

The school said it has brought in security firm Mandiant, which has already determined that at least one of the attacks was carried out from China. The attacks are believed to have been carried out in an effort to harvest research information and intellectual property from the engineering school.

The shutdown, says Penn State, was made following a nearly six-month investigation triggered by a warning from the FBI. The school says that after being notified by the feds in November, it began to investigate its networks in order to track down the source of the breach.

Eventually, researchers were able to find two persistent malware infections lurking within the school of engineering's network. The malware is thought to have been in place as far back as September 2012.

Penn State said that while no research data appears to have been pilfered, the attackers were able to harvest user account credentials and a cache of 18,000 Social Security numbers was found on one of the infected PCs. The school is in the process of notifying those whose Social Security numbers were taken.

"While investigators have found that only a small number of these accounts have been used by the attackers to access the network, as a precaution and beginning immediately, all College of Engineering faculty and staff at University Park, as well as students at all Penn State campuses who recently have taken at least one engineering course, will be required to choose new passwords for their Penn State access accounts," the school said.

In addition to resetting accounts, the school said that it plans to require anyone working outside of the college of engineering network register for both VPN access and two-factor authentication. ®