Cyber-attack Harnesses StFX Network Power

 

Bitcoin business temporarily shuts down StFX services

StFX services such as Wi-Fi, Moodle, MesAmis, printing and student email accounts were down for the count starting the morning of November 1. These services and others gradually returned on Sunday following a 4-day hiatus. 

The university’s Facebook @stfxuniversity posted on November 2 that the “IT Services Team worked through the night making progress testing and analyzing the 150 servers within our network.” Each server is being evaluated rebooted after a thorough assessment that accounts for the time-consuming process. 

Kendra MacDonald, a Service & Support Administrator of IT Services notes the cause of this issue to be an organization harnessing power from the school’s network to mine bitcoin. 

MacDonald assured The Xaverian Weekly that the person, or people, doing ‘cryptocoin mining.’  behind this operation on StFX’s high-powered network did not access personal information from students’ accounts. 

StFX News details the act of ‘mining’ as “The malicious software attempted to utilize StFX’s collective computing power in order to create or discover bitcoin for monetary gain.”

Xaverian News Editor Evan Davison-Kotler worked in the corporate finance industry this past summer as a blockchain consultant. He expands on StFX’s announcement, “There’s essentially a set number of bitcoins that have can ever come into circulation. Mining is simply the process of releasing a new bitcoin into circulation. It’s a competition between lots of people on the network to solve a really hard cryptographic problem using computational power. The function of mining is essentially two-fold – it creates a resource-based method of obtaining Bitcoin, putting a bottleneck on the supply and a cost (power) associated with the procurement of the currency. The second element is security – the more individuals attempting to release a coin into circulation, the more secure the bitcoin network becomes; this is through really impressive and complex cryptography. The more bitcoins in circulation, the higher the mining difficulty for the next bitcoin, meaning the more power necessary to mine. In theory, increased power demands match increased price of bitcoin, meaning there is always a monetary incentive to expend the power necessary to release a new coin into circulation. We can obviously see the issue with this, where bad actors could attempt to infiltrate and repurpose existing servers and processors that they do not own, re-routing them to expend processing power on bitcoin mining.”  

Bitcoin is a cryptocurrency created by Satoshi Nakamoto. The idea for the cryptocurrency was first posted by Nakamoto in “Bitcoin P2P e-cash paper” dated November 1, 2008. 

The paper by Nakamoto, originally published in full on bitcoin.org, is the first trace of Nakamoto’s mysterious identity. To this day, documentaries and other sources speculate on whether Nakamoto is an individual or a group of people.  

An article titled “What is Bitcoin?” posted on the University of Toronto website March 17, 2014 defines in some detail what is Bitcoin and how it works. Jenny Hall interviews Yuri Takhteyev who was a status-only professor in the Faculty of Information about cryptocurrency. Takhteyev concludes that, “cryptocurrencies are probably here to stay.” 

Takhteyev correctly predicted the evolution of “cryptocurrencies” from the underground black-market into mainstream. The University of Toronto added three new courses this year. Portfolio Management Praxis Under Real Market Constraints, Blockchain Technologies and Cryptocurrencies, and Inventrepreneurship: Invention + Entrepreneurship are now courses taught to graduate students in the Faculty of Applied Science & Engineering.

The objective of Blockchain Technologies and Cryptocurrencies as an academic course of study is described by the University of Toronto in the U of T News, “This course will provide students with the concepts and mechanics of the blockchain technologies starting with Bitcoin, allowing them to identify business-relevant benchmarking criteria for blockchain technologies in accordance with their current and future impact on business processes.” 

Cryptocurrency has come a long way since Bitcoin was introduced ten years ago by Nakamoto. The study of blockchain technology by international universities in Qatar, Stanford, and Edinburgh validate Nakamoto’s global influence at the post-secondary education level.

The recent cyber-attack on StFX’s network is a reminder for our readers to remain critical and inform themselves before investing in cryptocurrency.

Enterprise systems professor David Mattie, who has over twenty years of experience in the IT services industry commented on the breach, “All it takes is one guy penetrating one server, out of our 500, to have all of StFXs data compromised. We spend the same amount of money as the University of Toronto does in our IT department, but we are always susceptible to being hacked. It does not matter how much money you spend on IT, you will never be able to be 100% secure unfortunately.”

StFX continues to investigate the matter and have yet to identify the culprit responsible for the cyber- attack.

 
 

StFX's "New" Torrenting Policy

 
 

Permission to torrent granted for academic purposes

Over the summer the IT services at StFX sent out notices that all torrent traffic on their network would be blocked going forward, unless an application was filled out requesting access for work or academic related uses. While the notice was sent out in the summer IT Services informed the Xaverian that torrent traffic has always been blocked by default on their network, and the notice should be more regarded as a reminder to staff, students, and faculty. 

For those not in the know, Torrenting is a method of sharing files between two or more users over the internet that has increased in popularity over the death of previous peer-to-peer networks like, Napster, Morpheus, and Kazaa in the early 2000s. Torrents rely on a torrent file that connects the user to any number of other users who also have part, or all, of the file they want to download. The file itself that a user wishes to download is not hosted by any website, but split up across any number of people. Torrents have existed in a grey area, legally, due to the method of sharing. However, attempts by copyright holders to exert their legal rights have been made with varying amounts of success. In some countries, ISPs (in Canada this would be EastLink, Bell, Vidéotron, Rogers, or Sasktel), have monitored the traffic of their customers and can cooperate with copyright holders to identify piracy and enforce corporate interpretations of copyright laws. In other cases, a copyright holder may upload a torrent file to a torrent search website and then as users download the file, the holder may be able identify piracy via the public IP address of pirates. While this has led to some success in prosecuting theft, it has also led to innocent people being prosecuted as it is not always the most accurate form of detection and can easily be avoided by using a VPN (virtual private network).

Users who use Torrent software are also at risk of downloading malware, viruses or other security breaches. The file being downloaded can always be disguised as the desired file but may be malware instead. Not all sites that offer torrent files for download are reputable and may contain malware instead of software, videos, or music that the user intends to download. When using torrent sites, always be sure to do proper research to avoid using websites of ill repute. Additionally, the software which users may download to use torrent files may also, in extremely rare cases, be itself malware of ransomware (in which a malicious person takes over the user’s computer and threatens to delete or share files from their computer unless a ransom is paid), which happened in 2016 to popular Mac OS torrent program, Transmission. There is also the very rare chance a malicious user will use a torrent user’s IP address (which becomes visible to the file host when downloading a torrent) to make a form of attack against the user. Although, this is extremely rare (if unheard of), it is technically possible. To avoid this potential security breach, be sure to use a VPN.

Invariably, when policies and laws are made about torrents the refrain of defence is that torrenting itself is not illegal and there are legitimate uses for torrents, which is true. Many companies use torrent-style software to distribute their software cheaply, like Blizzard did in 2006 to distribute World of Warcraft. However, the more likely truth is that the majority of torrents are made to share copyrighted material. Copyright holders are are, and have been, litigious to the extreme. Users charged with sharing even a single song have faced fines of tens of thousands of dollars, and while courts are slow to realise the absurdity of expecting huge sums of money for a single 99¢ infraction. Rights holders have even tried to charge “facilitators” of piracy, going after ISPs, institutions, and companies whose internet access was used to download copyrighted materials, which is perhaps the main reason that StFX has blocked all torrent access, as torrent bandwidth is, almost certainly, dwarfed many times over by the bandwidth usage of Netlfix and Youtube.

If you believe your need for torrents on campus has legitimate, academic, or business purpose, please contact IT@stfx.ca to request access.