Pitch, Outline, & Bibliography

My name is Vivek Singh, and I will be graduating in May 2016 from Rutgers with a degree in ITI. I have a strong interest in taking my tech knowledge to the business and finance industry. I hope to work on Wall Street one day, and run my own start up. I have prior experience from working as intern at Healthfirst, and being a supervisor at the Rutgers Help Desk.

Outline

Intro

My research project is on how the students and affiliates reacted to the Rutgers DDOS attacks and what Rutgers has done for the future.

Literature Review

  1. Amount of Attacks
  2. Effect of Attacks
  3. Aftermath

In my literature review I want to explain when the attacks happened and the impact of each attack. This will then be followed up by how the students and affiliates reacted to it, and what Rutgers did to prevent this from occurring int he future.

Research Question

How did the DDOS attacks affect the Rutgers community?

Data Collection

I had collected articles, which explained the attacks that occurred last year and the impact of these attacks. I also collected an interview with the hacker, which states what they did and why they did it. I also collected what Rutgers has done to prevent this from occurring next year.

Data Analysis

These attacks are broken down to show what had happened each time. Also the interview from the hacker explains why they did it, who was asking them to do it, and how they did it. .

Data Presentation

I will use a powerpoint presentation, alongside a map possibly to show the chronological events..

Annotated Bibliography

DDOS Attacks What You Need To Know”

De, N. (2015, April 1). DDoS attack: What you need to know. Retrieved October 27, 2015, from http://www.dailytargum.com/article/2015/05/rutgers-ddos-attack-break-down

Summary

This article breaks down on what a DDoS Attack is and how it effected the Rutgers system. The article uses real life examples such as a robbery and explains how to look at the breach. The article then breaks down scenarios to how the attack could have happened or who could have done the attacks, and what the University is doing for future purposes.

De, N. (2015, April 1). DDoS attack: What you need to know. Retrieved October 27, 2015, from http://www.dailytargum.com/article/2015/05/rutgers-ddos-attack-break-down

Summary

The author had interviewed the attacker to see what their motive was and other questions. The hacker had admitted to getting paid by a third party and admits to being on campus of the attack. The attacker refuses to show how they were paid, but just states Bitcoin. They also state that they will stop once they stop being paid. They also show a snapshot of their screen of hacking. The article then acts questions regarding the attack, such as if the hacker was really hired by an third party candidate.

FBI Investigating Rutgers University in DDoS Attack

Abel, R. (2015, April 30). FBI investigating Rutgers University in DDoS attack. Retrieved October 27, 2015, from http://www.scmagazine.com/the-fbi-is-helpign-rutger-inveigate-a-series-of-ddos-attack/article/412149/

Summary

This article mentions the attack occurring at Rutgers and the FBI looking into the issue. The FBI will be working with the Rutgers PD to see who is behind the issue. The article states that as this attack has occurred a few times this year, the University was update everyone on how they are handling the situation.

“RUTGERS STUDENTS RESPOND TO LATEST DDOS ATTACK”

http://www.dailytargum.com/article/2015/05/rutgers-students-respond-to-     latest-ddos-attack

Summary

    This article shows how certain students from different departments reacted to the attacks as they occurred. Certain students stated how during finals they need access to the internet, and because they can’t, it hurts their productivity. Others stated how Rutgers, always has glitches in their system, and no one seems to know why. The article also goes to mention the name the presumed hacker went by, and the past and future of the Rutgers security field.

“Who Hacked Rutgers? University Spending Up To $3M To Stop Next                                Cyber Attack”

Heyboer, K. (2015, August 23). Who hacked Rutgers? University spending up to $3M to stop next cyber attack. Retrieved October 27, 2015, from http://www.nj.com/education/2015/08/who_hacked_rutgers_university_spending_up_to_3m_to.html

Summary

 This article goes into detail regarding the attack on Rutgers and implementations that followed. Rutgers states that they will be spending about $3M to companies such as FishNet who specialize in IT Security. This will then hopefully, update the old washed up security which Rutgers currently uses. The outside companies are supposed to test the system for fatal flaws and see what they can do to fix them. However, the University goes to state that they had to raise tuition this year by about 2.3%.

Apollonsky, D. (2015, July 1). Why did Exfocus Take Down Rutgers? An Interview & Analysis | Dimitry Apollonsky. Retrieved December 9, 2015, from http://apollonsky.me/exfocus-take-down-rutgers/

Karanasiou, A. P. (2014). The changing face of protests in the digital age: on occupying cyberspace and Distributed-Denial-of-Services (DDoS) attacks. International Review Of Law, Computers & Technology, 28(1), 98-113. doi:10.1080/13600869.2014.870638

Katie, P. (2015, May 1). Newark campus develops alternative plans for final exams as Rutgers network continues struggle against DDoS attack. Daily Targum, The: Rutgers University of New Jersey (New Brunswick, NJ).

Mansfield-Devine, S. (2015). Feature: The growth and evolution of DDoS. Network Security, 201513-20. doi:10.1016/S1353-4858(15)30092-1

Nazario, J. (2008). DDoS: DDoS attack evolution. Network Security, 20087-10. doi:10.1016/S1353-4858(08)70086-2

Yu, S. )., Tian, Y. )., Guo, S. )., & Wu, D. ). (2014). Can we beat DDoS attacks in clouds?. IEEE Transactions On Parallel And Distributed Systems, 25(9), 2245-2254. doi:10.1109/TPDS.2013.181

Pitch, Outline, & Bibliography

Map & More Data

Data: http://www.dailytargum.com/article/2015/05/rutgers-ddos-attack-break-down

This article breaks down on what a DDoS Attack is and how it effected the Rutgers system. The article uses real life examples such as a robbery and explains how to look at the breach. The article then breaks down scenarios to how the attack could have happened or who could have done the attacks, and what the University is doing for future purposes. The article does a good job in showing how the hacker was the robber and the University had it’s possession stolen before it knew what had actually happened. Then using the scenarios allows the audience to contemplate on how this attack could have occurred.

Data: http://www.scmagazine.com/the-fbi-is-helpign-rutger-inveigate-a-series-of-ddos-attack/article/412149/

This article mentions the attack occurring at Rutgers and the FBI looking into the issue. The FBI will be working with the Rutgers PD to see who is behind the issue. The article states that as this attack has occurred a few times this year, the University was update everyone on how they are handling the situation. I can use this to show the severity of the attack. With the FBI stepping in to check out the situation it will show how big of damage the University had taken from the attack.

Data: http://www.dailytargum.com/article/2015/05/rutgers-students-respond-to-     latest-ddos-attack

This article shows how certain students from different departments reacted to the attacks as they occurred. Certain students stated how during finals they need access to the internet, and because they can’t, it hurts their productivity. Others stated how Rutgers, always has glitches in their system, and no one seems to know why. The article also goes to mention the name the presumed hacker went by, and the past and future of the Rutgers security field.

Map & More Data

Data Collection

Data Collection: How did the DDOS Attacks effect Rutgers students and staff, and what was the meaning behind the attack?

Interview With Exfocus

How much are you getting paid?

$500 an hour.

Are you for real? Why would you do an interview with us if you’re getting paid?

Normally I don’t show myself, but the entity paying me has something against the school. They want me to “make a splash”.

Have you compromised any servers? To what extent?

In Rutgers itself? No. I have hundreds of exploited servers though. I’m connecting through a proxied one right now in fact.

On your twitter account, you posted some super private information including Social Security numbers & addresses. Where did those come from?

The ssn dump was from a school in Texas. Not from Rutgers. : I haven’t been ddosing anything for a while now, I stopped three hours ago.

Why can’t students access Sakai right now – if you’re not DDOSING it?

Your internet is down because RU is probably scared about overages with their transit provider. Whenever I do a ddos all rutgers websites that are still public facing (like rutgers.edu) go offline because their network port with zayo is saturated.

What are your plans for the future in terms of DDOSing and attacking the Rutgers cyber infrastructure?

When I stop getting paid – I’ll stop DDosing lol. I’m hoping that RU will sign on some ddos mitigation provider. I get paid extra if that happens.

At some point you said you were at the Livingston student center – outside of Sbarro. In this interview you said that you aren’t affiliated directly with Rutgers, did you lie then?

Yes

Why do you have a twitter account where you publically broadcast patronizing messages. Are you worried that this increases the risk of things getting back to you?

Public twitter is on clients request. The client hates the school for whatever reason. They told me to say generic things like that I hate the bus system and etc.

How’re you being paid?

Bitcoin

Can you link your bitcoin wallet to verify that this is at the request of a client?

No.

You’ve been attacking through a botnet right? How many infected computers are under your control?

I started off with 170k, currently sitting at 85k.

Have you ever attacked RU before?

During freshman registration the client requested it also – he didn’t want any publicity then though.

Any proof that you work for someone?

No.

Can we get a cropped screenshot of the bots in your botnet? No identifying info – just want to verify that you’re the one in control of them.

sure

Any last messages you want to communicate to the students at RU?

Im a fan of Taylor Swift

A lot remains to be said of whether or not Exfocus is telling the whole truth.

However there does seem to be evidence that points to him being the one who took down the Rutgers network. He has on multiple occasions, been able to correctly predict the length, and initial time of attack. This suggests that he is in contact with those responsible or responsible himself.

We found this post on hackforums.net where an individual going by the handle exfocus.hf offers to DDOS targets using a botnet that is 80,000 zombies strong. (the same amount that he claimed in my interview with him).

Do you think someone hired Exfocus to DDOS Rutgers, is he just a frustrated Rutgers student? Is he a total fake?

Let me know down in the comments below.

Edit 1: There have been similar reports on the Rutgers server crash that attribute the hackers to have come from China & Ukraine. This is not the case, the nature of a botnet is that a lot of infected computers from all over the world are used to send fake traffic to servers.

The hacker is not from Ukraine or China, although lots of the computers he has infected are.

Edit 2: NOBODYS PERSONAL INFORMATION WAS COMPROMISED – None of you are at any risk of identity theft because of Exfocus.

The author had interviewed the attacker to see what their motive was and other questions. The hacker had admitted to getting paid by a third party and admits to being on campus of the attack. The attacker refuses to show how they were paid, but just states Bitcoin. They also state that they will stop once they stop being paid. They also show a snapshot of their screen of hacking. The article then acts questions regarding the attack, such as if the hacker was really hired by an third party candidate.

I can use this article as a way that shows the exact messages from the hacker. This can be used because I can show that there was a motive behind the attacks. With that being said, the article would also help in showing how the hacker was in constant communication with social media sites such as Twitter.

Data Collection

Proposal # 1

Research Question/Argument:

I want to focus my research project on the DDOS attacks on Rutgers University servers last academic year. This proposal of mine will primarily focus on how students were effected by this and what was the motive behind the attack. As someone who works at the Help Desk at Rutgers University, and is a student, I can show how students reacted and what the alleged “hacker” has to say about everything. Through this I can possibly state what Rutgers intends to do to prevent this situation from occurring once more.

Research Question:

How did students and those affiliated with the University react during the attack? What was the actual motive behind the attack and what will be done to prevent these attacks from occurring in the near future? The articles which I found can support these questions.

What Is Your Data And How Are You Collecting It?

The information, which I have gathered are from articles that are scholarly and non scholarly. I also will try to incorporate a post from Reddit or Twitter as well. I will use the information and try to put the events together in chronological order as they occurred. This will then assist me in showing how people reacted to this as well. I will even use an interview, which I have of the alleged “hacker” that did this as well. I will then answer my questions and use the remaining articles to show what Rutgers will do in the near future.

Project Presentation Details

For my presentation I would like to show a timeline possibly which consists of the events that occurred during the attack. Then I would show possible slide show which would consist information regarding reactions from students and those affiliated with the University. I would also show a link to a  interview with the hacker. This would summarize my points and show the class who did what and how everyone reacted. I would then show a document showing increase in tuition.

Questions

My questions for the class is, who do you think really hacked Rutgers? What was their motive? If you could go back to before the hacks, what would you have done or finished? Do you believe that Rutgers is doing a better job by increasing the tuition?

Proposal # 1

Week 3 – Continued

DDos Attack: What You Need To Know

http://www.dailytargum.com/article/2015/05/rutgers-ddos-attack-break-down

Summary

This article breaks down on what a DDoS Attack is and how it effected the Rutgers system. The article uses real life examples such as a robbery and explains how to look at the breach. The article then breaks down scenarios to how the attack could have happened or who could have done the attacks, and what the University is doing for future purposes.

Research Methods/ Data Analysis

The article uses methods of using life examples to break down the attack. By using real life examples it explains to the audience on how the attack occurred and how the University was blindsided. The article does a good job in showing how the hacker was the robber and the University had it’s possession stolen before it knew what had actually happened. Then using the scenarios allows the audience to contemplate on how this attack could have occurred

Conclusions

The conclusion was that the University had old systems enabled, which did not allow them to foresee the attack. Once the attack had commenced, the University had a tough time adjusting to what was occurring. By allowing third party facilities to take over the Security aspect of IT, Rutgers will have better protection for the future.

How This Fits In My Project

I can use this article to show how the DDoS attack occurs, and use the example of the robber. I could show how tough it is to protect against a DDoS attack and what the University is doing for the future.

Why Did Exfocus Take Down Rutgers?An Interview & Analysis

Why did Exfocus Take Down Rutgers? An Interview & Analysis

Summary

The author had interviewed the attacker to see what their motive was and other questions. The hacker had admitted to getting paid by a third party and admits to being on campus of the attack. The attacker refuses to show how they were paid, but just states Bitcoin. They also state that they will stop once they stop being paid. They also show a snapshot of their screen of hacking. The article then acts questions regarding the attack, such as if the hacker was really hired by an third party candidate.

Research Methods/Data Analysis

The author of this article does an interview and directly speaks with the hacker. Through this they ask questions regarding the attack such as the motive and what is in for the hacker. As the hacker responds they do not give too much information, but enough to see that there probably was a third party candidate involved paying the hacker. The hacker states that they were on campus at the time. Looking at the data I can see that there probably had to be a third party candidate and that the attacker must have had some connection to the University.

Conclusion

In conclusion, the interview with the hacker shows that there is more than meets the eye. The hacker must have been hired and was being paid money. The third party candidate had allowed the hacker to continuously attack the Rutgers system. We won’t know the complete truth until the hacker is caught.

How This Fits In My Project

I can use this article as a way that shows the exact messages from the hacker. This can be used because I can show that there was a motive behind the attacks. With that being said, the article would also help in showing how the hacker was in constant communication with social media sites such as Twitter.

FBI Investigating Rutgers University in DDoS Attack

http://www.scmagazine.com/the-fbi-is-helpign-rutger-inveigate-a-series-of-ddos-attack/article/412149/

Summary

This article mentions the attack occurring at Rutgers and the FBI looking into the issue. The FBI will be working with the Rutgers PD to see who is behind the issue. The article states that as this attack has occurred a few times this year, the University was update everyone on how they are handling the situation.

Research Methods/Data Analysis

The article updates the status of the attack as they occurred. They mention how the FBI is now involved, and what they will be beginning to do. The article was to the point to what was occurring and that the University will give out more updates as they get fresh information.

Conclusion

In conclusion, the DDoS attacks on the University were no joke. They forced the FBI to become involved who will work with the University to see what had actually happened.

How This Fits In My Project

I can use this to show the severity of the attack. With the FBI stepping in to check out the situation it will show how big of damage the University had taken from the attack.

Week 3 – Continued