Das Reboot: Uni forces 38,000 students, staff to queue, show their papers for password reset following 'cyber attack' Tens of thousands of students and staff at a university in Germany had to queue up this week after a malware infection on its campus network forced the college to reset everyone's account passwords. The Justus Liebig University Gießen (JLU) says that a "suspected cyber attack" this month has caused it to shut down most of its …
I suspect the digging out all the obscure places where service accounts are used, to update their password might be actually harder than going through 40k identified humans.
There is always that one critical app that no one knows how it actually runs.
This post has been deleted by its author
I left network administration and operations business some time in the 90s and am definitely not up-to-date with that kind of stuff. But I'd be really surprised if nowadays there isn't a more efficient and effective way of cleaning PCs than running about with USB drives and sticking green stickers.
"..a more efficient and effective way of cleaning PCs than running about with USB drives and sticking green stickers."
There has to be, but some educational institutes don't have the tools or techs to use the tools. Back in the early 2000s we chased NIMDA and KLEEZ with the sneaker net attack. Even after disconnecting every computer from the network(phase 1) and running to each computer to stick in a floppy to remove both offenders (phase 2) it didn't work. WE still had to do it like 3 more times.
I would hope each staffer and student who had to run the clean on their computers would get a discount on tuition or staff could ask for overtime?
Tuition fees in Germany are already next-to-nothing - around 150€ - 250€ per semester.
As to a better way? Either going to each machine with a USB stick and cleaning or going to each machine and replacing the hard drive (more secure, but more expensive and time consuming).
As the malware spreads over the network, you have to disconnect the machine from the network, until it is clean, therefore any remote management tools are useless.
“ As the malware spreads over the network, you have to disconnect the machine from the network, until it is clean, therefore any remote management tools are useless.”
Or you push all ports to a “dirty” vlan, isolated from the world - log in and clean, then move the port back... you are running managed switches aren’t you?
The number one problem with modern society is lack of penalties for bad behavior. Perhaps, and only perhaps, the idiots who ignore instructions about not opening attachments in emails will get a small part of the message as a result of the uni's approach.
It is either the USB sticks or you re-image each machine.
When we have had individual cases of malware, we just remove the old HDD/SSD and put in a newly imaged, clean SSD. As nobody is allowed to store data locally on the machine, that means that there are no problems with lost data.
But given the size of the faculty, it is probably easier and quicker to do it this way, if they can be 100% sure that the malware is removed... But I'd want to be damned sure. Personally, I'd take the new drive approach, but the cost might be prohibitive, especially for an education establishment.
Nice to see that faculty and students are on separate networks and that only the faculty network seems to have been affected.
True. When a customer got hit with crypto malware, we quarantined all the drives and put new drives in, in case the crypto was ever cracked... But that was only a small number of drives.
If you don't need to keep them around for forensic reasons or "just in case" the crypto is cracked, then you can re-use them.
<quote>If you don't need to keep them around for forensic reasons or "just in case" the crypto is cracked, then you can re-use them.</quote>
Just hope that the malware didn't infect, and alter the hard drives' firmware; otherwise you just might be royally fucked.
>I'd be really surprised if nowadays there isn't a more efficient and effective way of cleaning PCs than running about with USB drives and sticking green stickers.
Sure, there are better ways. How much of the IT budget was allocated toward security, including backups? If it is like most universities, it was probably only a pittance.
Besides, having a bunch of IT bods running around and looking busy will certainly create perceived value. Lowers the chance of getting caught in the next RIF if they are busy-bodies today.
Not really. UT Austin has 50,000 students, Palm Beach State has 60,000, Mimai-Dade College has 173,000 (not a typo, that’s one hundred and seventy three thousand) and those are just the ones I can think of immediately. The University of Michigan officially has space for 117,000 in it’s football stadium; they’ve crammed over 120,000 in on ar least three occasions. One quarter of the spots are in the student section, so they expect 30,000 students to show up for home games. You wanna see a line, show up near the stadium at any Big 10 school except maybe Rutgers or Maryland, they’re in the Big 10 so that the other 12 teams (I know, there are now 14 schools in the Big 10. Someone can’t count, must have played football at Michigan or Ohio State) have someone to beat. You’ll see a long line.
Just downloaded a paper of educational stats. I knew university education had expanded in the UK, but I didn't realise there had been a sevenfold increase since I was there.
They were much smaller institutions when I were a lad.
Have you noticed how young all of the policemen are?
I usually see them in the (24 hr) MacDonald's in the local Asda around 5am. Most I can recall seeing is 11 officers in the Maccies and six cars in the car park.
You see that many and stop and think "presumably that is the entire complement of Police that are supposed to be patrolling Preston."
Where I work we have 450 staff and 780 students (private boarding school) and around 400 PCs spread across two geographically remote sites.
Administering the PCs is a nightmare because all the staff want to work their own way, and many stay logged into several computers almost permanently, so installing updates is pretty hit & miss without biting the bullet and booting them out.
Also, some people will insist on powering down and turning the socket off.
So yeah, if the university admins have to put up with stupid staff and students maybe they just pulled this stunt to piss them all off
people have to show up with identification to get their passwords changed.
People in countries where English is the main spoken language are mostly unaware of how routine ID is in Germany.
I remember particularly a photo taken about 1900 where there was a policeman ( with helmet making him look a soldier from WW1 ) looking into the ID documents of ................................. a tramp.
So ID is so important in Germany EVERYBODY has it.
Having an ID is mandated by law for every German over 18. It is a misdemeanor not keeping an up-to-date ID. As a German, you're not required to carry it with you at all times, though, although it saves time if you get stopped by police or do something that requires to identify you (like using public transportation without a ticket).
As a student, the uni issues a student ID, nowadays with photo and maybe some machine capability like a magnetic tape or chip. I should think that for resetting the password only this uni issued ID is required (you should carry this one. It's mostly a general public transportation ticket).
It is the end of term, half the students will be away from the university, foreign students will be home for the holidays. Anyone working on an assignment will be screwed until they go back after the Christmas holidays. I also wonder if there are any "distance learners" - they will not be happy travelling to the University from wherever they are just to reset a password. I *hate* 2FA but this is one of those cases where something like that would help things.
I'm doing a Masters at Brunel almost 35 years after I first graduated. The whole place is wedded to Micro$oft without a Linux machine in the place. I don't think the IT support department even know what one is. Really disappointing.
No, it's not. In Germany, it's actually the middle of the term (Wintersemester). Traditionally, there are lectures up to Christmas Eve. I have also taken written exams in the last week before Christmas. There is a Christmas break starting with Christmas Eve till January 6th (holiday celebrating the [three] biblical magi).
That said, the last week before Christmas is more festive, with administration and research winding down, and the Christmas lectures are a lot more showy (Physics does a chock full of demo experiments, Chemistry shows all the things blowing up etc.), so it's actually a good point in the term to do such a thing.
In most German universities, there are two terms ("Semester") per year, winter running from Oct 1st to March 31st, summer from April 1st to Sept 30th. The lectures are held typically beginning two weeks after the start date (the first two weeks for bureaucracy and orientation), and end some time in February resp. July. The lecture free time is often used for lab classes and such – there's a lot of free time there, but frequently students still need to attend something.
Yes. Demo experiments. Fireworks, things lighting up, chemicals going boom. Has been getting less interesting the last, oh, three decades or so since safety regulations do not allow to do the more impressive stuff. ;)
(The same in physics. They do not allow you to shoot arcs of lightning across the whole stage anymore, dammit! ;) )
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
