A couple of weeks ago, the University of Virginia had to temporarily shut down its computer network after an attack by hackers believed to operate out of China.
Little information was made available about the hack at the time, though unnamed “officials” did say that the hackers had not been able to access anybody’s personal information, nor any of the “sensitive research material” at the university.
That doesn’t mean the hackers didn’t try, though.The cybersecurity firm Mandiant, which UVA hired to investigate the attack, recently concluded that the hackers’ intended targets were two specific university employees whose work is somehow connected to China (although, for obvious reasons, neither Mandiant nor the school is willing to detail exactly what sort of work those employees do).
Increased hacking threats
With all the recent stories about foreign hackers stealing data from various parts of the U.S. government – such as the 22 million security-clearance files stolen from the federal Office of Personnel Management – sometimes it’s easy to forget that, from the perspective of someone seeking to harm U.S. interests, government networks aren’t the only ones worth hacking.
Last November, for example, security researchers from Kaspersky announced that for at least four years, a hacking ring had successfully carried out an espionage campaign dubbed “Darkhotel,” which attacked and intercepted the Wi-Fi networks of expensive luxury hotels patronized by high-ranking corporate executives on business trips. The hackers planted keylogging software onto executives’ personal devices and piggybacked from there into confidential corporate networks — and, as a Kaspersky manager said at the time, the hackers’ targets were primarily “nuclear themed, but they also target the defense industry base in the U.S. and important executives from around the world in all sectors having to do with economic development and investments.”
Last March, researchers from Cylance made a similar discovery: hackers had breached the public Wi-Fi networks of almost 300 different hotels, convention centers, and data centers spanning 29 different countries. Unlike Darkhotel, which seemed to focus exclusively on high-end hotels, the Cylance hackers hit locations “all up and down the spectrum of cost, from places we’ve never heard of to places that cost more per night than most apartments cost to rent for a month,” as Cylance said at the time.
And, as The Daily Beast first reported last Friday, the hackers who targeted the University of Virginia were apparently interested in the email accounts of two specific employees. Although neither their names nor their positions have been made public, the university’s East Asia Center has dozens of employees – and the UVA Research Center has tenants including Northrup Grumman, Booz Allen Hamilton (Edward Snowden’s former employer) and other major U.S. government contractors.
Although UVA is over 100 miles from Washington, D.C., it also has government connections much closer than that. As The Daily Beast noted, “Some firms at the research park work for a large Defense Department installation in Charlottesville less than a mile away. It includes offices for the Defense Intelligence Agency, which is the Pentagon’s primary intelligence organization, as well as the National Ground Intelligence Center, or NGIC, which helps to assess the size and threat of foreign militaries.”
Granted, the fact that such facilities are connected to UVA doesn’t mean the UVA hackers managed to breach them — but it makes it much easier to understand why hackers in China would care about a couple of professors at a state school in the Old Dominion.