By Kira Guehring| April 1, 2021
Illustration by Florian Olivo
Campus reporter Kira unpacks the recent cybersecurity issues occurring within the Dutch education system and their impact on students.
The Dutch higher education system has encountered multiple cybersecurity issues in the last few weeks.
First, the Dutch Research Council (NWO) was hacked on February 8 by a criminal group. This resulted in the entire NWO network being inaccessible and delaying the upcoming decisions on grants. As a Dutch governmental institution, the NWO refuses to pay a ransom, despite the criminal group sharing documents on the dark web. As of March 5, the NWO has remained confident with this choice and is working on rebuilding the entire network. For now, the decisions on grants from the NWO are suspended.
A month later, on February 17, the University of Amsterdam (UvA) announced that an external party was able to access the joint ICT environment of the UvA and the Amsterdam University of Applied Sciences (AUAS). So far, there has been no significant disruption to education and research at the universities, as it was detected early by the Security Operations Center (SOC) and preventative measures were already in place.
Intervention from the Computer Emergency Response Team (CERT) prevented further damage and initiated an investigation. As this is ongoing, many details are currently unavailable to the public. To answer questions and concerns, the universities regularly post updates and have created an FAQ page on the cyber breach. The team was able to identify that professionals hacked the ICT systems with financial goals in mind. It has also been established that it is unrelated to the incident mentioned above at the NWO.
Due to the SOC and CERT’s swift response, the data has not (yet) been held for ransom, as was the case at Maastricht University in late 2019. The university’s students and employees could only access the computer systems and resume their studies and research after a ransom of nearly 200,000€ was paid. The higher education system learned from this, with the UvA and AUAS taking all recommended measures after the event occurred. Among them are establishing the CERT team and two-step verification for login.
Although acquiring personal data is not the motive behind the cyberattack, the third party can access the encrypted passwords. As a preventative course of action, all students and employees were asked to change their passwords before March 3. In the emails forwarded requesting this, it was also mentioned that the current password should be changed on all accounts – even if they are not linked to the university. If decrypted, they can be used to gain personal information from other platforms.
In addition to changing the password, students and staff have been asked to pay closer attention to phishing emails. These can be used to gain access to a personal account and possibly the wider network. In the update from February 19, the UvA included tips on detecting phishing.
On March 4 the UvA released another cybersecurity update stating that some employees’ emails and calendars will only be accessible through the VPN until March 10. This is due to a global vulnerability of Microsoft’s mail environment. This is unrelated to the recent hack and a patch is currently being implemented.
Whilst cybercrime has become increasingly more advanced in the past decade, so have initiatives by data analysts to prevent such breaches from occurring. Nevertheless, fallacies within the distribution systems occur, and therefore, it is important to not solely rely on external measures to protect personal data but rather approach cybersecurity carefully. After all, as Jim Barbaressi would state, “Data is the Currency of the Digital Age” and each type of currency is made to be handled with care.