Rutgers Combats DDoS Attacks

Rutgers Combats DDoS Attacks

Whether you’re in New Brunswick or Camden, chances are you have had quite a lot of trouble connecting to RUWireless or accessing major Rutgers websites like Sakai in the past week.

This is the work of an anonymous attacker, known by the moniker “Exfocus,” who has been launching Distributed Denial of Service (DDoS) attacks on Rutgers websites since April 27.

The Rutgers IT Department has been working diligently since then, trying to restore network connectivity and access to Rutgers websites, posting frequent updates on their Facebook page, and sending information to the Rutgers community via email and text message.

Confused about the tech talk and what it means for you? We reached out to Dimitry Apollonsky, a digital consultant located in the New Brunswick area who has interviewed the attacker, to explain to us what exactly is happening with our Internet connectivity on campus.

“What Exfocus has done is overload the Rutgers’ servers through his network of 80,000 zombie computers. All of these zombie computers send ‘dummy’ traffic to Rutgers and the Rutgers computer system is simply unable to cope with so many requests,” says Apollonsky.

For those of us who are not as familiar with computer terms, a zombie computer is a computer whose functions have been redirected by a hacker or virus, usually to spread spam mail or launch DDoS attacks from a remote location.

Here is what Apollonsky had to say about the attacks on Rutgers:

Are these the results of poor planning on behalf of Rutgers IT, or something else?

“A Distributed Denial of Service attack is something that, if the attacker has a big enough network, is difficult to stop. DDoS’s are easy for companies and corporations to overlook when designing their security plan because you never know if or when you’re going to get attacked.

“At the same time, a modern security policy should always include a DDoS mitigation plan.  It sounds to me like Rutgers has been using the same security policy for the last couple of years and just hasn’t kept it as up to date as it should have.

“Rutgers got hit last month for the first time and crashed for a week. Throughout that week they attempted to mitigate the attack internally with load balancing and the traditional techniques they had available to them, but they didn’t invest in a dedicated DDoS mitigation service because they didn’t think it was necessary at the time. They thought that once the hacker was scared away, he wouldn’t come back. This was definitely a mistake on Rutgers’ part.

“Personally, however, I can’t blame them. It’d be a waste of Rutgers’ resources if the IT department invested a lot of money into a dedicated DDoS mitigation service and it turned out that Exfocus wasn’t going to return.”

Has Exfocus hacked Rutgers?

“Computer security pedants will argue that Exfocus has not ‘hacked’ Rutgers in any way, shape or form. This is because there is so far no evidence to suggest him gaining control of any Rutgers servers. This means everyone’s data is 100 percent secure & safe.”

While Exfocus has done a good job keeping his true identity a secret, he has also created a Twitter account in which he provides information about the start time and duration of the attacks, claims to be at different locations on the New Brunswick campus, and even interacts with students. Unfortunately, most of those tweets have been deleted by the user, but a few tweets remain, including one where he links to a longer message reprimanding Rutgers IT for the way they have handled the situation.

Since his interview with Exfocus on March 30, Apollonsky has also formed some interesting theories about the identity of the Rutgers hacker:

“Based on the way he talks, based on his intimate interaction with the Rutgers community — there’s a couple of things I personally believe are true about Exfocus.

He lied about being paid to DDoS Rutgers in my interview

“I think Exfocus used my interview as an opportunity to spread tidbits of believeable misinformation regarding his identity. He wanted to throw off the security agencies looking for him. Based on his intimate knowledge of Rutgers and his claims that he was on campus, his being an outsider just doesn’t make sense to me.”

He’s a Rutgers alumnus

“The internet outages don’t seem to affect him, this leads me to believe that he’s no longer a student on campus. Furthermore, the skill required to avoid being found this soon is something that a freshman or sophomore is also unlikely to have — so my bet is that he’s a recent alumnus of Rutgers.”

He’s in New Brunswick

Why would an alumnus care about DDoSing Rutgers unless he lived nearby and was still in contact with a lot of people at Rutgers University?

Here’s something else to keep in mind:

“Throughout Exfocus’s twitter campaign — he mentioned being at different eateries around the Rutgers New Brunswick campus. What most people don’t know is that in some cases, the eatery was closed at the time he claimed to be there.

Exfocus is very knowingly & consciously spreading misinformation regarding his identity and whereabouts.”

Apollonsky has a technical background, citing a passion for computer science and security from a young age. Although he once had a dream of working in IT and computer security, and even prepared for a job in that field, he ended up becoming an entrepreneur in the creation of websites for local companies as well as proxy websites.

Share This: