Computer Center Serving the UK's University System Has a Lot to Learn

Linda Musthaler
By | June 03, 2015

Posted in: ISP DDoS Protection , Hosting Provider DDoS Protection

We've posted several articles lately about DDoS attacks being aimed at educational institutions right about the time that important exams are being taken by a large percentage of students. (See Sorry, Kids, Your Final Exam Has Been DDoS'd and  High school student charged with a felony after DDoSing his school district.)

Now comes word that the University of London Computer Centre (ULCC) was unavailable for several hours on Thursday, May 21 due to a cyber attack. Experts believe the attack was clearly implemented to have "maximum impact" on a system that would have been at peak usage around exam time.

The outage affected millions of UK students who were unable to access ULCC's IT services to prepare for and take end-of-term exams.  The ULCC's learning platform, Moodle, provides services to more than 300 educational institutions. Universities affected by the hack included the University of Warwick, Queen Mary University of London, Birkbeck and Manchester Metropolitan University, and a number of university and education related websites. 

The attack began around 7:30 in the morning, and the technical staff provided hourly updates as to what was happening:

Thursday 21st May 2015

UPDATE - ULCC Network Outage

9.00AM

Further to our earlier communication our engineers have narrowed the fault down to an issue with our Firewall.

They are currently running through procedures to isolate the fault and re-establish connectivity.

You may experience intermittent access whilst we trying to fix the fault.

We will have a further progress meeting at 10am and will keep you posted on progress.

We apologise for the inconvenience.

10.00AM

Our own engineers are still running through the system checks and have re-set our firewalls and core network switches, which didn't fix the problem.

An engineer of our firewall supplier is en route to our data centre.

We are unable to provide a realistic time estimate to provide a fix.

11.00AM

Our engineers are working on fixing the networking problem which we believe being caused by issues with our firewall.

We are continuing to work on the issue and will have further updates in the next hour.

12.00PM

All our services are now up and running again! The networking issue was caused by a cyber attack.

We have taken action to block the source. An incident report will be produced and shared in due course.

We appreciate your patience, understanding and words of support on social media. 

What's shocking about this outage is that it happened to a computer center, where presumably they have a professional staff whose job it is to provide a reliable computing environment for the 300+ institutions that consumer ULCC services. Why was this organization not prepared for a DDoS attack, and why was the technical staff so inept at gauging the problem once it began? Surely there was someone on that team who could look at the impact on the firewall and determine an attack was underway. Shame on the ULCC for being so unprepared and for allowing its untimely outage to impact so many people at a critical time.

George Anderson, director at Webroot, said that over four hours of complete shutdown was not an acceptable time-period in most cases. "Hopefully this case will serve as a warning to other organizations, encouraging them to ensure that they have an effective strategy in place to make sure user experience is impacted as little as possible," he said.

Do you need a strategy for your organization? Technical experts at Corero are ready to help.

You May Also Be Interested In: