The College of Engineering at Pennsylvania State University's computer systems have been infiltrated by two separate groups of hackers stealing confidential information, a breach that investigators labeled as a sophisticated cyber attack on one of the most productive research universities of the country.
The university's computer network has been unplugged and would likely remain offline while the investigation continues and the system's security is being upgraded to eject the intruders.
A group of Chinese cyber terrorists is believed to have been taking advantage of the computers of Penn State's engineering department, gaining unlimited access to sensitive information, for more than two years.
The university has been known to partner with various business firms and even the U.S. government in developing different technologies for military and commercial applications. This security breach suggests that international spies are using universities as a backdoor to U.S. defense and commercial secrets.
The Federal Bureau of Investigation (FBI) warned Penn State administrators that the College of Engineering computer network was under cyber attack by an unidentified foreign entity of unknown scope last Nov. 21, 2014.
Penn State security experts immediately tried to classify the nature of the attack and also enlisted the services of FireEye's cyber security forensic unit Mandiant, which established that at least one of the two cyber attacks was accomplished by Chinese hackers, installing advanced malware to infiltrate the computer systems targeting the college's intellectual property.
"In order to protect the college's network infrastructure as well as critical research data from a malicious attack, it was important that the attackers remained unaware of our efforts to investigate and prepare for a full-scale remediation," stated Nicholas P. Jones, Penn State's provost and executive vice president.
The Chinese group has allegedly already launched several cyber attacks against other firms, including industries in defense and aerospace engineering as well as other universities, according to Nick Bennett, one of Mandiant's senior managers. The months-long investigation exposed how the hackers had installed several attack tools and so-called back doors since September 2012.
Meanwhile, the other cyber attacks were discovered to be collecting usernames and passwords beginning last year and could be the work of state-sponsored hackers, according to the investigators.
Penn State has already advised 500 public and private research partners associated with the College of Engineering of the security breach and potential risks. The university also sent notifications to 18,000 professors and students whose personal information, including social security numbers, were stored in computers accessed by the cyber criminals. Penn State will offer free credit monitoring to individuals whose personal data may have been compromised.