E-mail to Your Friend(s)Print Friendly

Campus Network Security after the Snowden Incident

Mr. Leung Kwong-hon Philip, Director of Information Technology Services
Prof. P.C. Ching, Pro-Vice-Chancellor

In June this year, Edward Snowden, a contract employee at the National Security Agency of the US, disclosed to the media that US Government had hacked the networks of governmental agencies and the universities of other countries. The local media speculated that one of the targets was the Hong Kong Internet Exchange (HKIX) operated by the Chinese University.

The HKIX is managed by the Information Technology Services Centre (ITSC), whose director Mr. Leung Kwong-hon Philip said that the University had found no evidence that this backbone network had been hacked. According to his analysis, it is very unlikely that the US Government would hack the HKIX for surveillance purposes. First of all, the volume of data traffic at the HKIX reaches 2,592 terabytes per day, and this multitude of data is not saved in any form by the HKIX. It is nearly impossible for a hacker to break into the HKIX to download and transfer its data without being detected. Mr. Leung said, 'The HKIX serves as an exchange point for the internet traffic of local Internet service providers. If the person under surveillance sends a message to an address outside Hong Kong, it wouldn't normally go through the HKIX. So, if you want to spy on someone, an efficient way is to use phishing e-mails or Trojans to steal passwords.'

Mounting Threat

Although it is very unlikely that the HKIX would be a target of cyber espionage, it is true that universities around the world are increasingly coming under cyber attacks. According to an earlier newspaper report, the University of Wisconsin receives up to 100,000 hacking attempts per day. UC Berkeley says they are faced with millions of attempted break-ins every single week.

Mr. Leung said that the number of cyber attacks against CUHK is also alarmingly high. But the actual number depends on how attacks are counted. For example, should one phishing e-mail sent to 10,000 recipients be counted as one attempt or 10,000? If it is counted as 10,000, then the CUHK network gets thousands of break-in attempts a day. But the University counts that as one attempt only. So in its official records, the University is faced with hundreds of attempts per day. Mr. Leung added, 'There are many reasons that hackers would target a university. Some wannabe hackers may test their skills on university networks. Somebody has a grudge against a professor or a student may want to give them a hard time by sabotaging their computers. Some hackers may hijack a university network to launch attacks against other organizations. Some people may want to profit by stealing and selling the user names and passwords of teachers and students. Someone may attempt to steal research results with potential value from researchers.'

The Information Security Section (ISS) of the ITSC is responsible for coordination when dealing with cyber security incidents. But Mr. Leung said that these incidents usually involve a wide range of responsibilities and tasks, including identifying problems, informing the people concerned, fixing the problems, recovering the system, answering enquiries, and stepping up security. In other words, the whole ITSC is involved.

These incidents include phishing e-mails, hijacking of servers, website defacement, viruses and malware. In 2012, there were 87 incidents in total handled by the ISS, up 89 per cent from 2011. From January to August 2013 alone, the ISS handled 103 incidents. This surge reflects the fact that the University has increasingly become a target for cyber attacks.

Attack and Defence

The CUHK e-mail server handles 1.1 million e-mails per day. Seventy per cent of them are filtered out because they contain viruses, they're spam or they have other problems. Firewalls are installed in the application system networks of the University to detect abnormal data traffic, which may indicate break-ins and zombie computers under a remote control.

The ITSC meets IT technicians of different academic departments and administrative units to exchange the latest information, and there are plans to team up with them to regularly check the computers of their departments and units. Mr. Leung said, 'We rely on these IT technicians to safeguard the security of the computers of their departments and units. We hope that their chairpersons or heads could give them support.'

When dealing with hacking incidents, the ITSC sometimes has to report them to the police because in most of the cases the attacks did not originate on our campus, or even in Hong Kong. So the police has to get involved.

Concerted Effort Needed

Network security is a serious issue for the University. Prof. P.C. Ching, Pro-Vice-Chancellor said, 'Data is our asset. Every person and every organization will do their best to protect their assets by safeguarding their network and data security.' To safeguard CUHK's computer security, the ITSC needs the concerted effort of all CUHK staff and students. Mr. Leung said, 'Information security requires teamwork. For example, if you don't mind your house security, not only that your house will be robbed, the robbers may hide in your house and use it as a base to rob other houses in the same complex.'

Security and convenience have always been at loggerheads on the issue of computer security. Mr. Leung said, 'It's like public health. When everybody washes their hands frequently, they will have a lesser chance of contracting viruses.'

A university is a diverse community with different levels of understanding and expectation of information security. Its environment is also very different from that at a corporation or a government agency, because of the free flow of information it is trying to promote and its extensive connection with others from all over the world. This unique situation makes the task to strengthen information security more difficult. The Snowden incident may serve as a wake-up call to CUHK members. Professor Ching added, 'Internet security is one of our main concerns. The University will allocate necessary resources when they are needed to ensure that our equipment and technologies are sophisticated enough to fend off attackers.'