Pennsylvania State University revealed Friday that Chinese hackers have been snooping around computers of its engineering schools for more than two years. The same engineering school which develops sensitive technology for the U.S. Navy.
“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to professors and students. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible.”
Penn State is one of the country’s largest and most productive research universities. The breach also highlights the very real breach of foreign spies using universities as a backdoor to American commercial and defense secrets.
After an FBI investigation notified the university of the breach, an investigation lasting several months eventually found two separate groups of hackers stealing data.
- The first group had been found to have ties with the Chinese government, according to investigators.
- The second group has not been identified but investigators believe it is the work of state-sponsored hackers.
University academic administrator Nicholas Jones said the investigation and remediation efforts have already cost Penn State millions of dollars.
Some of the top targets of Chinese hacking and intelligence operations over the years are – Massachusetts Institute of Technology, the California Institute of Technology, Berkeley, Carnegie Mellon, and Johns Hopkins. Beyond online forays by the Chinese to find vulnerabilities, they have also been alleged to send graduate students to U.S. schools, according to recent law-enforcement investigations.
“There is an active threat and it is against not just Penn State but against many different organizations across the world, including higher education institutions,” said Nick Bennett, a senior manager at Mandiant, a security division of FireEye Inc., which aided the university in the investigation.
Universities “need to start addressing these threats aggressively,” Bennett added.
Penn State also specializes in aerospace engineering, which holds particular interest to the Chinese government with its commercial and defense applications. The university is also home to its Applied Research Laboratory which makes for one of 14 specialized research centers in the country that work mainly for the military. With the hackers going undetected for two years, security experts note that hackers used connections between computers to move into highly secure networks, including defense contractors and government agencies, as well as the Navy.
Penn State has notified its partners, over 500 of them that include companies, government agencies and other universities of the breach and subsequent, probable risks. It has also notified its student body of 18,000 students and the faculty whose personal data which includes social security numbers were stored on the computers that were used by the hackers.