IT Department Fights Phishing Attacks
By ARYAN AGARWAL, NICHOLAS BAKER, and AARYAN PATEL
When an Exonian thinks of the IT Department, automated emails come to mind. Reminders to change passwords, issues with logging into the wifi network, and replacements for our cracked laptops — this seems to be a rigorous summary of the department’s job.
In reality, the IT Department is the glue behind our entire school. Especially in the context of the recent phishing attack, their importance has become increasingly clear. But ask a student to put a name to a face in the department, and they fail. It doesn’t make sense that we know so little about such an instrumental organization. That’s why, this week, The Exonian went behind the scenes to report exactly what goes on, interviewing members of the department as well as students on campus.
In its structure, the IT department is split up into five teams, each with its own specialization.
One of these teams is on the business side of things. Director of IT Services Scott Heffner told us, “We have an entire team, our Projects Management Organization, that works with all of our different business units. So we have a person that works with finance, one with HR, and these people act as partners to those departments.” This team helps to ensure that IT is aligned with the Academy’s needs. This team runs all IT-related projects from gathering requirements to design through final implementation.
Heffner added, “Alongside the Project Management Organization, we have a team dedicated to all things data. This team ensures that all our applications can share data automatically, that the data is defined and understood throughout the Academy in the same way, and that the data is of high quality.”
Donna Archambault runs the Customer Support Services team in the Data Center, Phillips Hall Basement, and the Academy Building Basement. Heffner explained, “They’re the team that provides direct end user support and training when you call, email or stop by one of our locations. They also run the Phillips Hall Computer lab and provide event support in Assembly Hall and Mayer Auditorium.
Additionally, the department has a team in charge of IT Infrastructure. Heffner said that this team builds and manages, “our wired and wireless network (including all network cabling), our firewalls, email system and most of our security technology. They’re the ones who responded during our recent phishing attack. They’re also involved in every construction or renovation project on campus.”
Another part-time staffed office is the DSS Copy Center. Matt Wentworth, a member of the staff, explained, “We offer a variety of services that would be expected of a copy center such as making copies, printing, binding, cutting, proofing submitted jobs, signage, posters, and limited document design.” When necessary the team also outsources jobs to external printing vendors when the in-house equipment is not sufficient.
“Our DSS staff is also involved with the Academy’s Formsite implementation as well as the internal Sharepoint,” Wentworth continued. “In those roles the DSS staff assists with form creation, site maintenance, and end user training on the platforms.”
The final unit is a team of three full-time employees in the end-user technology unit. This group manages and operates all of the end-user devices, peripherals, printers, and audio/visual (A/V) equipment across campus. Wentworth described their work as consisting of “being a steward of the academy’s IT assets.” In other words, “we are involved in departmental system requests and software evaluations, purchasing and receiving of assets to be added into the asset system, tracking the equipment through the life of that asset, supporting the hardware through the deployment lifetime, retrieval of the equipment at the end of lifecycle, and disposal of this equipment in an appropriate manner,” Wentworth continued.
The IT department carries out many implementations and build outs in its projects. Heffner explained a few examples, “We’re working on replacing the point of sale system in Grill over spring break, and we’ll be implementing Google Workspace for Education over the summer.” The change to Google G-Suite is a significant event, bringing needed replacements to much of the software that Exonians currently use.
The past five years have also consisted of a large turnover from something called Colleague to newer and more innovative technology. “If you’re familiar with Colleague, we had it for thirty one years, and it was the main system that ran all school operations. It was a great system in its day, but it’s a dinosaur,” Heffner explained. “So in 2019, we began moving to what we call best-of-breed solutions. That means an individual solution for HR, one that’s great for finance, etc.” Rather than continuing with Colleague, a highly customized solution that had little room for flexibility, the school has adopted a more modern method. Exeter now utilizes multiple specialized technologies for different purposes.
Wentworth also gave insight into smaller projects from last year. He said, “During the last spring break we were able to refresh our entire printer fleet throughout campus, providing new equipment with more functionality. Another example was during the fall term, we relocated the entire copy center operation from the Academy Building to the Data Center in preparation for the upcoming Academy Building renovation project.”
Despite all of these responsibilities, the IT Department itself doesn’t choose what to work on. Heffner explained that, “at the end of the day, it’s not our decision which projects to do. We want to work with the school to pick the projects that they believe will bring the best benefit to everyone.”
For example, Heffner explained that recently, “we had a meeting with a bunch of the faculty department heads and it was pretty clear that we absolutely had to get Google. Once all that was mapped out, it just made sense and we’re moving ahead with it.”
Though much of the work is planned, unanticipated duties can arise. Members of the Exeter community remember the night of Tuesday, Jan. 28 when students received an email from Heffner.
“This evening, the Academy was the target of a sophisticated phishing attack,” read the email. The attack entailed two compromised student accounts being hijacked, and sending links to Microsoft Forms en-masse to Exeter emails. “I received an email advertising a job from an Exeter student, claiming to pay $600 a week. It did seem a little too good to be true but [some friends and I] went ahead and filled it out,” described lower Myles Oluwo.
However, the intent of these forms seems slightly bewildering: “If you filled out the form and hit submit, it would submit your data to whoever the bad actors were. However, we’re not sure why they wasted the effort. The data [the form asked for] wasn’t especially sensitive. It was a weird attack,” stated Heffner. This sentiment was also conveyed by students, “The form was honestly more normal than I expected. It was just asking for your school address, your email, phone number, and your name,” Oluwo added.
Despite this, the IT Department worked diligently to ensure that the attack remained fairly benign: “My team and I were up past midnight blocking the forms at the firewall so that people couldn’t accidentally go to it,” described Heffner.
Also, the IT department is now focused on how the original attacks were hijacked. “We’re bringing in cyber forensics experts …. we’re just making doubly sure that there wasn’t something else behind that form. We’re still not fully clear on how the original Exeter accounts were hijacked. We actually think that those accounts were compromised separately.” The IT department also made sure to let all members of the community know to reset their MFA (multi-factor authentication) tokens, in case they had been subverted.
“We also have a tool called PhishAlert a tool for community members to report possible instances of phishing,” Heffner added. “Tuesday night, during the attack, we had over 450 alerts from users when I stopped counting. It was a great response from the community that helped us to stop the attack before it grew out of control.”
The IT department is integral to so many aspects of Exeter life. Just as the Exeter community came together to aid the IT department during the phishing attack, the department hopes that community members continue to engage with its operations. Wentworth remarked, “It is rewarding for us to see something that we assisted in deploying getting frequent use. So, if there are any suggestions for how something could be adjusted, or perhaps rethought, that is always preferred to seeing something sit dormant because it never met the needs of the deployment.”
