Western has joined other Canadian universities in a national security network to stop would-be hackers.
The CANARIE Network Joint Security Project unites 27 Canadian universities in a federally-funded effort to connect institutions through software that communicates threat data between its members.
If a CANARIE member finds a security exploit, they can notify other members, allowing them to amend their vulnerabilities. Before its security services, CANARIE was an information-sharing infrastructure between universities.
Jeffrey Gardiner, Western University's information security officer, said Western’s hackers are usually after the university's intellectual property and Western students' personal information.
A recent report by the Senate’s Working Group on Information Security, which Gardiner helped write, identifies two “crown jewels” within Western: PeopleSoft and Luminate Online.
PeopleSoft manages employee’s and faculty’s personal information and student information like course marks. Luminate Online is a fundraising software, and it contains financial specifics.
Cyber threats also come from all over the world. Gardiner said that Western has been targeted by independent amateurs and sophisticated criminals.
“It’s true that Western has been targeted by foreign governments. In the last couple of years, we’ve received evidence to suggest that research is being targeted,” he said. “We’ve also had cases where organized crime has tried to conduct large-scale fraud.”
He gave the example of an organized phishing campaign that began two years ago. The criminals emailed students, asking them to provide banking info to confirm if money was being transferred into an account.
The criminals then attacked Western’s human resources departments and changed the banking information provided to them.
If an attack comes from within Canada, Western can notify the RCMP. If it is from another Western country, the threat could be transferred to an organization like Interpol.
“I don’t really want to name the [attacking] countries, but they should be pretty obvious; ... some of the countries that love to hack are in Asia, for example,” he said. He also mentioned the Middle East, and the former Soviet Republics as possible attackers, and said they were usually second-world countries. Student info is usually accessed through phishing.
Gardiner said Western faces real cyber threats, and CANARIE is an asset in approaching them.
“When I can see the threats [across] the whole landscape, all the Canadian universities, that gives me a whole different level of perspective,” he said. Of the hackers, said “If you see it on the internet, you see it at Western.”