Experts investigating U of R cyberattack: Bad actors are sophisticated and rarely get caught

ROCHESTER, N.Y. -The University of Rochester revealed the attack late Friday. The FBI is now involved in the investigation. The university says 41,000 students, faculty and staff could be vulnerable.

The Identity Theft Resource Center, a 20 plus year non-profit organization that helps victims of identify theft, released a report that shows 1,802 cyber attacks in 2022.

The top pieces of information the attackers get are names and social security numbers, but the growing target is your drivers license.

“Today it’s a very valuable piece of information to someone who wants to commit an identity crime,” said James Lee, COO Identify Theft Resource Center.

I contacted Lee after the U of R revealed Friday that it was hit by a cyber attack and that every student, faculty and staff member could be impacted.

“This data breach, which resulted from a software vulnerability in a product provided by a third-party file transfer company, has affected the University and approximately 2,500 organizations worldwide,” the U of R wrote in a statement Friday. “At this time, we believe faculty, staff, and students could be impacted, but we do not yet know the full scope of the impact to university community members or which personal data was accessed, as the investigation is ongoing.”

Berkeley Brean: “In your experience, how long does it take for an institution like a university to figure out the damage that was done?”

James Lee, COO Identify Theft Resource Center: “This could be a very long tailed event. Maybe (the bad actors are) going to launch a series of ransom ware attacks. Maybe they’re going to commit some kind of identify fraud. Or they’ll set up new bank accounts and park money they’ve stolen from other people, but in your name and you won’t know about it.”

Or they could sit on it for years.

The U of R wants students, faculty and staff to change their passwords.

Martin Sanchez is a graduate student who uses software called Bit Warden that synchronizes passwords into one space so he has different ones for every account.

“And yeah, I’ve never had an issue with my accounts being stolen,” he said.

Lee says the bad actors are usually based in Eastern Europe and South Asia, and they’re so sophisticated, they have help call centers that help victims pay ransom.

“Oh, these are very well organized groups. Gone are the days when we think about a hacker being some kid sitting in their parents’ basement with a hoodie eating Twinkles and drinking Red Bull,” he said. “And what’s really interesting is a lot of the time a lot of the people who are working in them don’t even know that they’re not in a legitimate business.”

Berkeley Brean: “If they’re so well organized, do they ever get caught?”
James Lee: “Very rarely. There’s like a .00008% chance you will be caught and prosecuted for an identity crime at this scale.”