On Monday, Mar. 27, students and faculty reported issues with internet connectivity on campus. Students could be heard discussing the issue throughout the day, often complaining about the irregular internet connection. “I was annoyed because I had a lot of work to do online that day and the Wi-Fi kept cutting in and out, no matter where you were on campus,” explained Josh Botel ‘25.
The cause was unknown until an email was sent explaining the situation. At approximately 2 a.m. on Mar. 27, the College became a target of a serious network attack that was initially prevented by the College’s firewall and internet service provider (ISP). Later that morning at 8 a.m., the volume of the attack increased drastically, and internet access was unavailable campus-wide. This attack was later mitigated via ISP and other vendors two hours later.
“[At] around 10 a.m., we identified the type of network attack (Distributed Denial Of Service known as DDOS) and implemented some countermeasures to restore internet and network services,” explained José Dieudonné, chief information officer at the College. “At around 4 p.m. the attack escalated in severity again. At one point more than 50,000 computers around the world were involved in the attack, continuously sending malicious traffic (over 850,000 sessions/second) to the College.”
Later at 6 p.m., the College began to engage with other network protection services to counter this specific type of attack. These services aided in restoring internet connection at midnight after what was described as a “rather expensive, sophisticated and difficult to mitigate” cyberattack, according to Dieudonné. “In the last two weeks Health and Human Services, FBI and various state agencies have reported other institutions, mainly healthcare, being targeted by this specific type of attack.”
Dieudonné explained the various measures taken to combat the attack. “We partnered with Cloudfare, a cloud based leader in network attack protection services.”
“We were able to restore full internet services at around 12:45 a.m. on Tuesday.”
José Dieudonné
Individuals across campus had different experiences with the lack of internet connection throughout the day.
Giovanna Evans ‘25 said “I wasn’t really impacted by the lack of connection during the day. I just didn’t have Wi-Fi for three hours and decided to watch TV during that time until the Wi-Fi was restored. After that I was able to do my homework so I was fairly unbothered by the whole situation.”
“I was more frustrated than anything,” shared Caleb Wakefield ‘25. “When the internet went down my teachers were unable to use presentations and things like that. This also kept me and other students from doing our assignments online. I was lucky enough to have a hotspot, but at the same time, I couldn’t listen to music for the whole day. At some point, you get used to things like this because of how bad Muhlenberg’s Wi-Fi is.
“At first I just thought it was another typical day of bad Wi-Fi and I didn’t think anything of it until they sent out the email later that day.”
Caleb Wakefield ’25
Following the cyberattack, Dieudonné gave precautionary measures for students to stay vigilant while using the internet. He recommends that students “secure devices, use strong passwords, perform computer updates regularly, use multifactor authentication, install good antivirus software and don’t give out personal information.” Additionally, all cybersecurity incidents should be immediately reported to the Office of Information Technology (OIT) so the staff can respond appropriately.
The word “cyberattack” comes with a certain sense of confusion and seriousness. With the constant advancement of technology, privacy concerns become more pressing as these attacks occur on a global scale. Luckily for Muhlenberg, “There is no evidence to suggest that any College data or systems were compromised during the attack,” said Dieudonné. “We take the duty to protect employees’ and students’ privacy very seriously. Even when troubleshooting a crisis like that, we take every precaution to ensure that this information provided to partners and vendors is anonymized or aggregated in a way that protects our community’s privacy.”
