Following the Monday arrest of undeclared junior Garret Phillips for his alleged involvement in a minor breach of UT’s online security system last spring, some have raised safety concerns about the possibility of similar attacks causing more damage in the future.
An arrest warrant for Phillips was issued Friday in relation to the attack. Phillips was charged with breach of computer safety, a state jail felony with a penalty of up to two years, in prison Monday for his alleged involvement. Roger Wade, spokesperson for the Travis County Sheriff’s Office, said Phillips turned himself into police Monday afternoon and was arrested around 2:00 p.m. Phillips was released on bond around 5 p.m. that day.
Charles Bonnet, University of Texas Police Department sergeant, said last April’s “denial of service” cyber attack, which overloaded UT’s registration website and shut it down for a four-hour period, is very common worldwide and hard to control, even with the advanced technology used by the University. Although the University has added back-up websites that students can be redirected to in the case of a crash, this still leaves University websites vulnerable to such a threat, Bonnet said. He said this presents major safety concerns as the attacks become more common, because a denial of service attack could be used to disable a vital University website.
“You can use your imagination,” Bonnet said. “But we live in a world where everything is run by computers, and websites are very common, so if someone takes down a certain website, that can affect a great number of people. In this case, it was a few thousand students, but I’m sure you can imagine that it could be a lot worse.”
Bonnet said a denial of service attack on websites that contain important safety information could lead to serious safety issues, especially if they were taken down during an emergency situation.
Bonnet said this is the first attack of its kind the University has seen, but denial of service attacks are happening more frequently worldwide.
“[Denial of service attacks] are relatively easy to do, but the word we want to get out is just because it is easy to do and you may think it’s funny, that doesn’t mean it is not going to come with serious consequences,” he said.
Phillips directed comments on the situation to his attorney, Sam Bassett, who declined to comment because he is still investigating the case and whether anyone else had access to Phillips’ laptop at the time of the attack. According to Friday’s affidavit, UT Information Technology Office was able to trace the attack back to Phillips’ laptop.
According to a press release issued by the University Tuesday, other than the back-up websites, multiple security measures are in place to prevent cyber attacks from happening, including firewalls, routine system management, disablement of unnecessary network services, monitoring of system performance and usage, use of physical security controls, routine backup of critical University services, a “robust University network infrastructure” and relevant Information Technology Services procedures.
Printed on Wednesday, October 10, 2012 as: UT cyber attack generates fears over future of online security