Dammit Janet: University network suffers DDoS attacks

Infrastructure supporting academic services under sustained distributed denial of service attack coming from an unknown quarter.

Academics left unable to access Janet network
Academics left unable to access Janet network

UK university students have been left without access to the Janet academic network after its infrastructure came under sustained attack.

DDoS attacks started on Monday and are ongoing, according to the network's operator, Jisc.

In a statement on Jisc's Facebook page, the organisation said that the attacks "have resulted in reduced connectivity and disruption for all Janet customers”.

“Various blocks and filtering are being put in place to limit the impact of the disruption, but the details of each attack are subject to change,” it said.

Jisc added that it has had to reduce public updates via its Twitter account and the website as it suspects that “this information can be used to inform attacks”.

“We have also received a DDoS attack on www.jisc.ac.uk and have had to close the website until the attack is over. This has limited our communication channels with customers, but we are working to keep them informed. Customers affected have been contacted and are being provided with up-to-date information via alternative channels,” it said.

Tim Kidd, executive director, Jisc Technologies, said, “We understand the importance of connectivity to colleges, universities and other public sector organisations. We are doing everything in our power to ensure normal service is resumed as soon as possible, and in the meantime to minimise any disruption that users of the Janet network may be experiencing. We apologise for any inconvenience caused.”

Jisc, formerly the Joint Information Systems Committee, provides computing services to academic bodies and universities throughout the UK. At present, Jisc is unable to estimate when the service would be back up and running.

Richard Brown, director EMEA channels and alliances at Arbor Networks told SCMagazineUK.com the attacks are the latest in a “long line of DDoS attacks and highlights how any organisation that is reliant in any way on Internet services needs to ensure that the availability of those services is adequately protected”.

“It's an ongoing battle between attackers and organisations and it's clear that any industry isn't above being targeted,” he said. “DDoS is a well-understood threat, and businesses can protect themselves if they have the right technology, processes and people in place.”

Chris Boyd, malware intelligence analyst at Malwarebytes told SC that the most crucial thing is for Janet to see if it can deploy anti-DDoS technology to ward off the assault, “though with a large enough botnet even the best tech can buckle under the pressure”.

“Unfortunately any well-known entity is a potential target, and all we can do is map out a strategy ahead of time to deal with the impact of sustained denial of service assaults. Their best hope right now is to liaise with law enforcement and see if there's anything they can do to assist."

Mike Westmacott, cyber consultant at Thales UK, told SC that the Janet network is not the only system that is suffering from a DDoS attack at the moment: “Root DNS servers are currently under attack, with a number of similarities to the attacks against the academic network,” he said. “Such attacks, whilst an annoyance, are not usually likely to completely deprive affected users of access to systems and services.

“No reports of ransom requests have been made which would appear to reduce the possibility that a criminal gang was attempting to extort money – plus Janet would not be an obvious target as they do not have the level of finances available that would make for a successful operation. Owing to the distributed nature of the attack, direct attribution back to the systems from which the attack is coordinated will be difficult or impossible and take some time.”

Westmacott said in the absence of any specific target, ransom demand or publicity claiming responsibility there are few reasons for launching such an attack.

“One is that it is simply a live-fire exercise, dedicated to simply measuring the capability of a DDoS weapon, such that in the event that it is required then the correct scale of attack can be created such that genuine damage and cost will be incurred. Another is that it is a mistake, and that the authors of the attack did have a specific target in mind, but have released buggy code and the effect is not as intended, therefore they are remaining quiet.”