back to article Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following 'cyber attack'

Tens of thousands of students and staff at a university in Germany had to queue up this week after a malware infection on its campus network forced the college to reset everyone's account passwords. The Justus Liebig University Gießen (JLU) says that a "suspected cyber attack" this month has caused it to shut down most of its …

  1. Pascal Monett Silver badge

    That is taking security seriously

    It is a hassle, to be sure, but it is secure and that's what security is about . being sure everything is OK.

    But wow, almost 40K people impacted, the amount of gnashing of teeth must be impressive.

    1. sal II

      Re: That is taking security seriously

      I suspect the digging out all the obscure places where service accounts are used, to update their password might be actually harder than going through 40k identified humans.

      There is always that one critical app that no one knows how it actually runs.

    2. This post has been deleted by its author

  2. Evil Auditor Silver badge

    I left network administration and operations business some time in the 90s and am definitely not up-to-date with that kind of stuff. But I'd be really surprised if nowadays there isn't a more efficient and effective way of cleaning PCs than running about with USB drives and sticking green stickers.

    1. jmch Silver badge
      Mushroom

      Nuke them from orbit. It's the only way to be sure

      1. Arctic fox

        Nuke them from orbit.

        In space no one can hear a sysadmin scream.

    2. chivo243 Silver badge
      Windows

      "..a more efficient and effective way of cleaning PCs than running about with USB drives and sticking green stickers."

      There has to be, but some educational institutes don't have the tools or techs to use the tools. Back in the early 2000s we chased NIMDA and KLEEZ with the sneaker net attack. Even after disconnecting every computer from the network(phase 1) and running to each computer to stick in a floppy to remove both offenders (phase 2) it didn't work. WE still had to do it like 3 more times.

      I would hope each staffer and student who had to run the clean on their computers would get a discount on tuition or staff could ask for overtime?

      1. big_D Silver badge

        Tuition fees in Germany are already next-to-nothing - around 150€ - 250€ per semester.

        As to a better way? Either going to each machine with a USB stick and cleaning or going to each machine and replacing the hard drive (more secure, but more expensive and time consuming).

        As the malware spreads over the network, you have to disconnect the machine from the network, until it is clean, therefore any remote management tools are useless.

        1. Joe W Silver badge

          Actually this is not tuition but support for the students' society and (most of it) for the public transport ticket.

        2. John Robson Silver badge

          “ As the malware spreads over the network, you have to disconnect the machine from the network, until it is clean, therefore any remote management tools are useless.”

          Or you push all ports to a “dirty” vlan, isolated from the world - log in and clean, then move the port back... you are running managed switches aren’t you?

      2. Rasslin ' in the mud
        Thumb Up

        Inconveniencing the users drives home the lesson

        The number one problem with modern society is lack of penalties for bad behavior. Perhaps, and only perhaps, the idiots who ignore instructions about not opening attachments in emails will get a small part of the message as a result of the uni's approach.

    3. big_D Silver badge

      It is either the USB sticks or you re-image each machine.

      When we have had individual cases of malware, we just remove the old HDD/SSD and put in a newly imaged, clean SSD. As nobody is allowed to store data locally on the machine, that means that there are no problems with lost data.

      But given the size of the faculty, it is probably easier and quicker to do it this way, if they can be 100% sure that the malware is removed... But I'd want to be damned sure. Personally, I'd take the new drive approach, but the cost might be prohibitive, especially for an education establishment.

      Nice to see that faculty and students are on separate networks and that only the faculty network seems to have been affected.

      1. phuzz Silver badge

        You wouldn't need new drives for every single machine, but enough to start the process going. Then you take the infected drives, wipe them, re-image, and then use them for the next wave.

        1. big_D Silver badge

          True. When a customer got hit with crypto malware, we quarantined all the drives and put new drives in, in case the crypto was ever cracked... But that was only a small number of drives.

          If you don't need to keep them around for forensic reasons or "just in case" the crypto is cracked, then you can re-use them.

          1. Fatman

            re-use infected hard drives

            <quote>If you don't need to keep them around for forensic reasons or "just in case" the crypto is cracked, then you can re-use them.</quote>

            Just hope that the malware didn't infect, and alter the hard drives' firmware; otherwise you just might be royally fucked.

      2. Doctor Syntax Silver badge

        "As nobody is allowed to store data locally on the machine, that means that there are no problems with lost data."

        And look where that got KCL.

    4. Marty McFly
      FAIL

      Money & Jobs

      >I'd be really surprised if nowadays there isn't a more efficient and effective way of cleaning PCs than running about with USB drives and sticking green stickers.

      Sure, there are better ways. How much of the IT budget was allocated toward security, including backups? If it is like most universities, it was probably only a pittance.

      Besides, having a bunch of IT bods running around and looking busy will certainly create perceived value. Lowers the chance of getting caught in the next RIF if they are busy-bodies today.

  3. chivo243 Silver badge
    Facepalm

    That photo of the queue

    Looks like my days at uni when I had to do course selection, 5 days of queueing just to find out the class was full! I did meet some nice girls in the queue, that was the only bright side.

  4. 2+2=5 Silver badge

    Expensive

    > In order to get new credentials, the school is requiring students to appear in person,

    Bit of a bummer if you're on a sandwich course and have to fly back from wherever in order to get creds for your remote login.

    1. Warm Braw Silver badge

      Re: Expensive

      Bit of a bummer if you're on a sandwich course

      I didn't realise there was now a direct route to working for McDonalds, In the past, you had to take media studies and hope for the best...

      1. STOP_FORTH Silver badge
        Headmaster

        Re: Expensive

        There used to be a University of Hamburgerology in the US.

        38,000 is a big Uni isn't it?

        1. WolfFan Silver badge

          Re: Expensive

          Not really. UT Austin has 50,000 students, Palm Beach State has 60,000, Mimai-Dade College has 173,000 (not a typo, that’s one hundred and seventy three thousand) and those are just the ones I can think of immediately. The University of Michigan officially has space for 117,000 in it’s football stadium; they’ve crammed over 120,000 in on ar least three occasions. One quarter of the spots are in the student section, so they expect 30,000 students to show up for home games. You wanna see a line, show up near the stadium at any Big 10 school except maybe Rutgers or Maryland, they’re in the Big 10 so that the other 12 teams (I know, there are now 14 schools in the Big 10. Someone can’t count, must have played football at Michigan or Ohio State) have someone to beat. You’ll see a long line.

          1. Claverhouse Silver badge

            Re: Expensive

            I too thought it was large, so checked.

            Apparently 274,000 current students, and godaloneknows how many previous graduates in America, can proudly emblazon their T-shirts with CUNY.

            1. W.S.Gosset Silver badge

              Re: Expensive

              The witty ones' T-shirts spell it

              CNUY

        2. werdsmith Silver badge

          Re: Expensive

          Manchester is about 40,000 students. University of London is bigger, 160,000 full time + 50,000 distance learners.

      2. TeeCee Gold badge
        Coat

        Re: Expensive

        No, that's a SubWay qualification. McDonalds still want Media Studies grads, although they'll take anything from the LSE or SOAS if pushed.

        1. STOP_FORTH Silver badge
          Headmaster

          Re: Expensive

          https://en.m.wikipedia.org/wiki/Hamburger_University

          1. STOP_FORTH Silver badge
            Headmaster

            Re: Expensive

            Just downloaded a paper of educational stats. I knew university education had expanded in the UK, but I didn't realise there had been a sevenfold increase since I was there.

            They were much smaller institutions when I were a lad.

            Have you noticed how young all of the policemen are?

            1. TimMaher Bronze badge

              Re: Expensive

              What policemen?

              1. STOP_FORTH Silver badge

                Re: Expensive

                Good point, you used to see them walking around the streets. Round here (SW England), we sometimes see 'em on mountain bikes.

                1. the spectacularly refined chap

                  Re: Expensive

                  I usually see them in the (24 hr) MacDonald's in the local Asda around 5am. Most I can recall seeing is 11 officers in the Maccies and six cars in the car park.

                  You see that many and stop and think "presumably that is the entire complement of Police that are supposed to be patrolling Preston."

  5. Lazlo Woodbine Bronze badge

    Education institutions are an IT nightmare - so possibly done this way as pay back...

    Where I work we have 450 staff and 780 students (private boarding school) and around 400 PCs spread across two geographically remote sites.

    Administering the PCs is a nightmare because all the staff want to work their own way, and many stay logged into several computers almost permanently, so installing updates is pretty hit & miss without biting the bullet and booting them out.

    Also, some people will insist on powering down and turning the socket off.

    So yeah, if the university admins have to put up with stupid staff and students maybe they just pulled this stunt to piss them all off

    1. Doctor Syntax Silver badge

      Re: Education institutions are an IT nightmare - so possibly done this way as pay back...

      "Also, some people will insist on powering down and turning the socket off."

      It's called being green.

      1. bobsmith2016

        Re: Education institutions are an IT nightmare - so possibly done this way as pay back...

        "It's called being green."

        Yes, some education staff are kind of Naive, to put it politely.

  6. Miss Config
    Go

    ID IS Routine

    people have to show up with identification to get their passwords changed.

    People in countries where English is the main spoken language are mostly unaware of how routine ID is in Germany.

    I remember particularly a photo taken about 1900 where there was a policeman ( with helmet making him look a soldier from WW1 ) looking into the ID documents of ................................. a tramp.

    So ID is so important in Germany EVERYBODY has it.

    1. Captain Mainwaring

      Re: ID IS Routine

      If the same thing had happened at a British University, it does make you wonder what steps IT admin here would have taken to get around the problem. Can't imagine 38000 Brit students queuing up willingly in the rain to get a password reset.

    2. elgarak1

      Re: ID IS Routine

      Having an ID is mandated by law for every German over 18. It is a misdemeanor not keeping an up-to-date ID. As a German, you're not required to carry it with you at all times, though, although it saves time if you get stopped by police or do something that requires to identify you (like using public transportation without a ticket).

      1. elgarak1

        Re: ID IS Routine

        As a student, the uni issues a student ID, nowadays with photo and maybe some machine capability like a magnetic tape or chip. I should think that for resetting the password only this uni issued ID is required (you should carry this one. It's mostly a general public transportation ticket).

    3. spold Silver badge

      Re: ID IS Routine

      ...just implant a "chip" like the vet does. Now you can both ID them and do 2 factor authenctication. No more queues next time!

  7. EnviableOne Silver badge
    Joke

    Green Stickers Going cheap

    To All faculty of JLU, don't want to wait for your machine to be cleaned? need to get back on the network ASAP?

    This machine is clean Green stickers going fo ROCK BOTTOM prices.

    can't be hte first offering this excelent service

  8. cfrake

    Your papers are in order.

    1. W.S.Gosset Silver badge

      Your papers are on order.

  9. Anonymous Coward
    Anonymous Coward

    Fair enough

    Sounds like overkill maybe but it also seems fair and sensible.

  10. Big Al 23

    This is precisely the reason why hackers should be severely punished for their crimes.

  11. W.S.Gosset Silver badge

    I've said it before and I'll say it again

    There is NO substitute for hard copy.

  12. AndyFl

    End of term

    It is the end of term, half the students will be away from the university, foreign students will be home for the holidays. Anyone working on an assignment will be screwed until they go back after the Christmas holidays. I also wonder if there are any "distance learners" - they will not be happy travelling to the University from wherever they are just to reset a password. I *hate* 2FA but this is one of those cases where something like that would help things.

    I'm doing a Masters at Brunel almost 35 years after I first graduated. The whole place is wedded to Micro$oft without a Linux machine in the place. I don't think the IT support department even know what one is. Really disappointing.

    1. elgarak1

      Re: End of term

      No, it's not. In Germany, it's actually the middle of the term (Wintersemester). Traditionally, there are lectures up to Christmas Eve. I have also taken written exams in the last week before Christmas. There is a Christmas break starting with Christmas Eve till January 6th (holiday celebrating the [three] biblical magi).

      That said, the last week before Christmas is more festive, with administration and research winding down, and the Christmas lectures are a lot more showy (Physics does a chock full of demo experiments, Chemistry shows all the things blowing up etc.), so it's actually a good point in the term to do such a thing.

      1. elgarak1

        Re: End of term

        In most German universities, there are two terms ("Semester") per year, winter running from Oct 1st to March 31st, summer from April 1st to Sept 30th. The lectures are held typically beginning two weeks after the start date (the first two weeks for bureaucracy and orientation), and end some time in February resp. July. The lecture free time is often used for lab classes and such – there's a lot of free time there, but frequently students still need to attend something.

      2. Doctor Syntax Silver badge

        Re: End of term

        "Chemistry shows all the things blowing up etc."

        Intentionally?

        1. elgarak1

          Re: End of term

          Yes. Demo experiments. Fireworks, things lighting up, chemicals going boom. Has been getting less interesting the last, oh, three decades or so since safety regulations do not allow to do the more impressive stuff. ;)

          (The same in physics. They do not allow you to shoot arcs of lightning across the whole stage anymore, dammit! ;) )

  13. coconuthead

    insufficient pun quality

    The pun in the headline kind of falls flat if you know any significant amount of German. "Boot" is pronounced the same as English "boat", and indeed it is the same word, complete with the ship/boat distinction and the exception for submarines.

    1. Dave559 Bronze badge

      Re: insufficient pun quality

      Ja, ja, aber wir wissen das!

      That's what makes it special extra-groanworthy punning! ;-)

      1. STOP_FORTH Silver badge
        Happy

        Re: insufficient pun quality

        Wir sind in derselbe Boot.

        Top headline.

  14. arctic_haze

    Das reboot

    Kudos for the choice of the illustrations. This guy was my favourite Das Boot character.

  15. Version 1.0 Silver badge

    You have to do it this way because the latest attacks like this steal all the data before they encrypt it and send a BTC request. So all the email addresses and existing passwords are available to the hackers.

    If you watched Das Boot then you will remember how it ends...

  16. Maximum Delfango Bronze badge
    Thumb Up

    Looks like the queue outside any Apple store...

    When the latest beautiful shiny is blessed to the world.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020