Go phish: ‘Russian hackers’ target KU

Kingston University’s computer network could have been targeted by Russian hackers according to a cyber security expert.

Since the beginning of term, KU students and staff have been plagued by a huge number of phishing emails spamming their accounts.

Kevin Wharram, a cyber security consultant at payments tech giant Worldpay, traced two of the recent phishing emails to an IP address located in Orlando in Florida –  but warned that the emails almost certainly came from elsewhere.

“Even though the email was sent from America it doesn’t mean it originated there,” said Wharram.

“It’s quite possible the guy could be in Russia controlling that computer in America. This is how cybercriminals are able to commit credential theft and infect a whole computer network.”

Wharram said there was a strong chance that the phishing emails could be coming from a botnet system. Botnets are used by cybercriminals to infect millions of internet-connected devices at once and steal personal information.

“Credential theft is well and truly on the rise,” he said. “The problem is everywhere. It’s not just universities but other organisations as well.”

The revelations ome as a series of UK universities have been targeted by both criminals and spies from Russia, North Korea and countries in the Far East.

In the most recent KU hack, the Vice-Chancellor Steven Spier’s email account was targeted, which Wharram said is concerning.

“If the Vice-Chancellor has been hacked that is a massive worry,” he said. “Imagine if I sent an email posing as the Vice-Chancellor I could do anything, ask for payment, change someone’s grades, anything at all.

“A lot of times these emails get sent to CEOs and financial directives asking them to process payments urgently and then because people don’t have financial processors money is sent too easily.”

The attacks at Kingston University come after top universities like Oxford and Cambridge were targeted by hackers from Russia and the far east as well as after the Salisbury nerve agent attack carried out by Russia.

Meanwhile there has been added pressure put on Theresa May to appoint a cyber security minister in order to protect the country from the imminent threat coming from Russia, who are expanding their capability to carry out disruptive cyber attacks.

Wharram criticised the KU IT security team’s efforts to prevent these types of attacks from happening.

“From what I can see it looks like to get into the university email system all you need is your username and password,” he said. “That’s where the problem is as this makes it easy to capture credentials.

“The only way you are going to stop this is through using Two-Factor Authentication which is an app that you download and it gives you a unique code which you need to access your email account.”

Jason Hart, an award-winning expert in cyber security, said hacks like this are becoming more common and that universities are particularly prone to them because their security teams don’t understand how to prevent them.

“The emails could be coming from anywhere in the world, even somewhere controversial,” said Hart. “There are many reasons why Kingston could be a target. The university may not be a specific target but it may just be part of a wider phishing attack that is going on across many different demographics.

“This issue can be dealt with quite easily but it would need to start higher up in the university from the Vice-Chancellor and the trustees. They need to take ownership of the problem, action it and do something about it.”

Hart has worked with lots of universities who are facing similar problems, providing them with various plans to find out where the weakest problems are and solve them.

“You need to get universities to see security as a business issue,” he said. “The IT security at Kingston should be able to block these emails but it sounds like they aren’t doing that.”

The Kingston University IT security team failed to comment on this issue.

Hart was a former ethical hacker with 24 years’ experience in the information security industry and said that the repercussions of credential theft could follow Kingston students round for many years to come.

“If a student has been compromised and they don’t know it, they could potentially be compromised their whole life,” he said. “Ten years down the line when that student is working for a big company or organisation the hacker will continue to have their personal details and could cause further damage.”

“At the end of the day you’ve got to make security part of the culture at Kingston. It’s not a quick fix. You’re talking potentially two to three years, if not longer.”

To avoid falling victim to this type of crime the university recommends that you do not open any attachments or click on links in emails you are unsure about.

If you suspect you have been hacked change your password immediately and report the issue to the IT Security team.