It is being reported on September 28, 2015 that Rutgers University’s computer system was attacked again. On Monday, the same hacker that has taken down their system at least four other times in the past year, did it again. An unidentified person(s) who goes by the name Exfocus on Twitter has claimed responsibility for the Denial of Service attack that interrupted internet service for thousands of students.
This latest infiltration came after Rutgers spent millions of dollars hiring three computer security firms and involving the FBI in preventing another attack. However, this did not stop the cyberhacker from taking down the schools computer service again.
“Exfocus says that he does not have a personal grudge against the university but he works for someone who does. An unidentified sponsor has allegedly been paying the IT intruder in Bitcoin to wreck the computer system at Rutgers.”
As is the usual modus operandi of the bandwidth bandit, taunting tweets preceded and followed the internet intrusion. Exfocus taunts the IT department via Twitter, Reddit and other social media. Below is a message from the cyber criminal from last April:
“The Rutgers IT department is a joke. This is the third time I have launched DDoS attacks against Rutgers, and every single time, the Rutgers infrastructure crumpled like a tin can under the heel of my boot. This is a surefire sign that somebody needs to be fired…The pure incompetence of the IT department just amazes me. They took a step in the right direction by hiring a DDoS mitigation provider, Incapsula, to assist them with the attacks. However, they ended up destroying connectivity and routes in the process. I did not launch any attacks on Tuesday. Why should I have? The inexperience and poor skills of the IT department ensured that I didn’t need to. I sat here watching them foolishly attempt to fix the routing issues, withdrawing and appending routes (there were some instances when I laughed at what they tried to do). Anyway, good on you for finally realizing that you needed a DDoS mitigation provider! However, I’m guessing you went with a large company who offered you the lowest bid, because out of all the providers you chose, you picked Incapsula over Verisign and Prolexic…Incapsula is OK for protecting websites, not a university. Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department. I’m fairly certain I could run circles around all of you with my eyes closed, and one leg amputated…Just to show you the poor quality of Incapsula’s network, I have gone ahead and decimated the Rutgers network (and parts of Incapsula), in the hopes that you will pick another provider that knows what they are doing. Furthermore, please fire all the people that made the decision to use Incapsula immidiately[sic.]. Exfocus out
As the haughty cybercriminal stacked up the denial of service strikes on Rutgers University, the reputation of the rogue computer whiz spreads further.
Neither the FBI nor officials at Rutgers have made an official statement regarding the DNS disruptions, however, criminal charges against the Exfocus are no doubt being discussed.
True Crimes Podcast 