Cyber attack on ASUCR website decreases transparency

Tim Baca/HIGHLANDER
Tim Baca/HIGHLANDER

As a result of a cyber attack that shut down the ASUCR website, members of ASUCR have decided to switch to an older server under the domain name, ASUCRexchange.ucr.edu, which still holds remnants of its old merchandise store that closed in 2012.

As of press time, the new website lacks information about ASUCR’s elected student representatives, office personnel and upcoming committee meetings, which could potentially leave the student body in the dark about recent happenings within ASUCR.

“There were a series of problems with the old website ranging from no tech support by UCR as we used a WordPress website (open) to multiple malicious attacks and vulnerabilities,” explained ASUCR Marketing and Promotions Director Ravin Rathod, whose position involves overseeing the website.

According to a report that the Highlander obtained from UCR Computing and Communications, the original website’s servers on WordPress became infected by a Trojan, a malware virus which generally forces websites and their computers to lose control to a third party and cause sensitive data to be compromised, forcing the website offline from Sept. 17, 2014 through Oct. 24, 2014.

In October 2014, ASUCR officials opted to switch from the WordPress to an OmniUpdate server, which official university websites, including ASUCR, had used prior to September 2010. The switch was made to protect ASUCR’s website within the university’s antivirus firewalls, which did not protect the website when it operated under WordPress, according to Payroll and Budget Accountant Amy Carrizosa.

As a result of the attack, website responsibilities were shifted from Rathod to Carrizosa, who has been in charge of updating the website with senate meeting minutes and other important documents as provided by Rathod. In addition, ASUCR is looking to contract someone with technological expertise to build a new website, which Rathod says will occur sometime in the “near future.”

According to ASUCR bylaws, Rathod still holds a position which requires him to “oversee the updating and maintenance of the ASUCR website.” Currently, there is no set procedure for shifting job responsibilities from the marketing and promotions director to another.

The original ASUCR website currently redirects its visitors to the ASUCR Exchange site, which provides basic documents and services for student organizations, such as how to receive funding and links to discounted amusement park tickets. However, the names, biographies and goals for members of ASUCR are still absent from the new website, but can be found on a linked ASUCR elections website, which also lists all of the candidates who have run for or won an executive or senate position over the past few years.

Elections website viewers may potentially find it difficult to distinguish elected student representatives who are in office unless they cross-reference the biographies with the final elections results.

“I will do my best to quickly have these put up,” Rathod said and furthered that press releases will be posted online to keep the student body updated on the senate.

Recent announcements are also being redirected to ASUCR’s various social media websites such as Facebook, which has been updated throughout the academic year.

A post was made on the ASUCR Facebook page and a campuswide email was also sent to the campus on Sept. 16, 2014 — nearly two weeks before the start of the academic year — about the technical difficulties associated with the original website. No further updates have been provided.

Student concerns about the recent ASUCR website became apparent when third-year biochemistry major, Kushal Sonawala, spoke during a Nov. 19 meeting last year.

According to Sonawala, the senate meeting minutes were no longer being updated on the website. “I’m not even sure what anybody’s doing (at ASUCR). I should know because I’m a student,” Sonawala stated.

ASUCR President Nafi Karim responded that the attack on the original website made it hazardous for the student body and general public to access. “So currently, we’re working diligently to have another website up, which is safer for the whole student body,” Karim said at the time. “We apologize for not having the senate meetings up. We’ll try to get it up as soon as possible.”

Though there are still changes being made, the current ASUCR website is secure and now includes an updated list of senate meeting minutes.

 Correction: The website was down from Sept. 17 through Sept. 19, 2014 and from Oct. 22 through Oct. 24, 2014. The previous ASUCR site was also protected by UCR firewalls. The Highlander regrets the errors.

Facebook Comments