FBI leads investigation of RPI computer attack

Troy

FBI and State Police cyber squads are investigating a malware attack that has paralyzed computer systems at Rensselaer Polytechnic Institute since last week.

Since it was detected on Friday, the cyberattack has disrupted nearly all of the world-famous engineering and research school’s operations, officials confirmed.

“There was an attack. They took the systems offline. They’re slowly going through it,” said faculty members who spoke Tuesday about the situation only with a guarantee of no attribution. “It’s day five. We’re still offline.”

Students, faculty and staff have been scrambling for the past five days to establish alternative lines of communication with RPI’s internet, email, instant communications and telephone services disabled. During the tech blackout they’ve turned to Facebook, Reddit, Slack, Instagram, private emails and personal cellphones.

Richie C. Hunter, vice president of strategic communications and external relations for RPI, said the school temporarily suspended access to the network as it works with law enforcement and cybersecurity experts to determine the extent of the trespass.

“Accommodations have been provided to students with online exams impacted by the suspended access to the network. We will provide updates, to the extent we are able, as information becomes available,” Hunter said in response to Times Union inquiries.

But faculty, staff and students said they have received no information about exactly what is happening. As of Tuesday afternoon, they said, they’ve only seen the original announcement of the attack and two announcements about final exams and projects being canceled for Monday, Tuesday and Wednesday. RPI has advised employees not to log into the system to avoid any infection of non-university computers, university community members said.

Many RPI students have been taking classes online this year during the pandemic. The loss of access to the service made it impossible for students to log on for courses and related work. Those in the dorms have been left without university Wi-Fi access and there have been reports of difficulty accessing buildings.

Faculty members have been taking steps to ease students’ anxieties about completing courses and qualifying to graduate for the May 22 in-person commencement. “[We’re] here to make sure our students get the help and information they need,” one faculty member said. Another added that RPI’s departments and their faculty members have been coordinating efforts to reassure students, are taking special steps to deal with grading and are watching out for them.

For years, cyberattacks have caused damage to governments, companies, universities and other organizations. Drivers expect to pay higher fuel prices after an attack last week that shut down oil and gas pipelines running from Texas to New Jersey. The pipelines supply fuel to much of the Eastern Seaboard.

Such attacks are becoming more common and have affected people’s daily lives, including some recent incidents in the Capital Region. The city of Albany suffered a ransomware attack that wiped away the police department’s digital internal affairs files from 2018 and some of 2017. Last month, the Guilder-land school district suffered an attack that forced all high school students to learn remotely.

RPI has been quiet about whether it’s a ransomware or malware assault that has knocked out its normal day-to-day operations. As the name implies, ransomware attacks usually come with a demand for payment from attackers.

“I can confirm our office was contacted by RPI regarding a potential cyberattack, and we are assisting them as necessary. Due to the ongoing nature, I’m not able to provide any additional information,” said Sarah Ruane, a spokeswoman for the FBI’s Albany office.

Federal and state investigators apparently joined the investigation as it became clear that it was widespread and significant. The FBI is the lead agency in the investigation, with the State Police assisting, said Beau Duffy, a spokesman for the Division of State Police.

RPI has not said how or if the attack may have affected the $104 million in research contracts carried out by RPI professors and scientists. RPI affiliates have contracts with research offices of the U.S. Army, Navy, Air Force and Defense Advanced Research Projects Agency, the Defense Department’s research arm. A Defense Department spokesman was not immediately available to contact on the situation Tuesday.

The attack is disrupting faculty members who are applying for federal grants, which are usually done online and have strict application deadlines.

RPI suspended a portion of its COVID-19 testing program Monday during the outage. “Routine surveillance testing will resume when the campus network has been restored. No one will be penalized for missing a regular COVID test due to the network outage,” the university’s student life office said on Reddit RPI.

COVID-19 testing was held Monday for students with symptoms, those who believed they’d been exposed, varsity athletes who recently traveled and students who needed to be tested before going home for the summer. RPI held scheduled administration of Pfizer second doses Monday.

The Rensselaer County Health Department has not been contacted by RPI but is prepared to step in to provide assistance, said Richard Crist, the county’s director of operations.

The situation developed during RPI’s final exam period. Over the weekend, the university canceled final exams and projects due Monday and Tuesday. The school announced Monday night that it had canceled final exams and projects for Wednesday too.