Penn State University, which develops sensitive technology for the U.S. Navy, disclosed last week that Chinese hackers have been sifting through its engineering school’s computers for more than two years.
As a huge research institution, Penn State offers a potential treasure trove of technology that’s already being developed with partners for commercial applications. The breach suggests that foreign spies could be using universities as a backdoor to U.S. commercial and defense secrets.
Because the hackers are so deeply embedded in the engineering school’s computer network, the system will be taken offline for several days while investigators work to get rid of the intruders.
“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to the campus community. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible.”
The FBI notified the university of the breach in November 2014, which led to an intense investigation that eventually found two separate groups of hackers stealing data.
The first group has been linked by investigators to the Chinese government. The second group has not been identified, the university says, but investigators believe it is also the work of state-sponsored hackers.
The investigation and remediation efforts have already cost Penn State millions of dollars, according to university provost Nicholas Jones.
U.S. engineering schools — Massachusetts Institute of Technology, the California Institute of Technology, Berkeley, Carnegie Mellon, and Johns Hopkins University — have been among the top targets of Chinese hacking and other intelligence operations for many years. These forays have been for both commercial and defense purposes, and universities have struggled to secure their computers against these advanced attacks.
U.S. officials said Chinese cyber and conventional espionage directed at American universities, companies and research laboratories has increased with the size and sophistication of Chinese computer spying.
According to investigators, the Chinese are focusing a good deal of their spying on the design and control of unmanned aerial, ground and undersea vehicles, along with the communications systems linking American reconnaissance and navigation satellites to ground stations.
In addition to online hacking, the Chinese have sent legions of graduate students to U.S. schools and have tried to recruit students, faculty members and others at both universities and government research facilities, several recent investigations show.
“There is an active threat and it is against not just Penn State but against many different organizations across the world, including higher education institutions,” said Nick Bennett, a senior manager at Mandiant, a security division of FireEye Inc., which aided the university in the investigation. Universities “need to start addressing these threats aggressively,” Bennett said.
Penn State has already notified 500 partners — companies, government agencies, and other universities — of the breach and possible risks. It has also notified 18,000 students and professors whose personal data, including social security numbers, were stored on one of the computers accessed by the hackers.
Jones said Penn State hopes to use its experience to help other universities that are also likely targets for advanced cyber spies and other intruders, providing information on the hack as well as advanced security measures the university is putting in place. “We don’t think we’re alone,” Jones said.