Akash Sama­roo

Lead Ed­i­tor-Pol­i­tics

akash.sama­roo@cnc3.co.tt

The Uni­ver­si­ty of Trinidad and To­ba­go (UTT) says a cy­ber­at­tack tar­get­ing its dig­i­tal learn­ing plat­form did not, to its knowl­edge so far, re­sult in any sig­nif­i­cant breach of sen­si­tive stu­dent da­ta, as the in­sti­tu­tion moved to re­as­sure stu­dents, staff and the pub­lic amid con­cerns over pos­si­ble leaks.

While UTT it­self was not hacked, the dig­i­tal learn­ing hub it us­es, Can­vas Learn­ing Man­age­ment Sys­tem (CLMS), was com­pro­mised.

The hack forced UTT to shut it down and block ac­cess on Thurs­day night, mere hours be­fore its ex­am­i­na­tions yes­ter­day, which have now been post­poned to next week as a re­sult.

UTT was not the on­ly vic­tim in what was de­scribed as a “big hack”.

Thou­sands of oth­er ter­tiary-lev­el in­sti­tu­tions, in­clud­ing Har­vard Uni­ver­si­ty, that al­so use the CLMS were com­pro­mised.

UTT prin­ci­pal Pro­fes­sor Re­an Ma­haraj told Guardian Me­dia that, as it stands, the uni­ver­si­ty be­lieves on­ly their stu­dents’ uni­ver­si­ty-as­signed email ad­dress­es were leaked.

While up to yes­ter­day af­ter­noon, UTT was still as­sess­ing the full ex­tent of the hack, Pro­fes­sor Ma­haraj said, “At UTT, we use what we call a sin­gle sign-on au­then­ti­ca­tion sys­tem, and we al­so use a mul­ti-fac­tor au­then­ti­ca­tion, for en­hanced se­cu­ri­ty. So, be­cause of that, the on­ly da­ta that would be ac­cessed there would be their UTT email. So, as far as we know, there’s no cre­den­tial loss, no da­ta that be­longs to stu­dents that would be out there, un­less a stu­dent us­es UTT email in some­thing which we would have no con­trol over.”

He added, “I don’t think there’s much per­son­al da­ta that would be in the dark web be­cause the learn­ing sys­tem doesn’t have any per­son­al da­ta in there oth­er than their email ad­dress­es.

“So right now, we’re work­ing to­wards de­vel­op­ing a plan to ed­u­cate them on how to deal with any phish­ing is­sue that might come up.”

Pro­fes­sor Ma­haraj said the cam­pus de­cid­ed to post­pone ex­ams yes­ter­day be­cause stu­dents study­ing on Thurs­day night would not have had ac­cess to on­line ma­te­r­i­al through CLMS due to the hack.

Yes­ter­day, UTT prin­ci­pal con­firmed the CLMS was back on­line.

“We’re do­ing some clean­ing up. We’re check­ing to see the dam­age, if there were any cor­rupt­ed files and ask­ing in­struc­tors now to clean up, our lec­tur­ers to clean up and re­load if nec­es­sary, and to re­al­ly nor­malise the op­er­a­tion,” he ex­plained.

The UTT prin­ci­pal sought to as­sure that the school is work­ing to­wards full restora­tion and that im­proved se­cu­ri­ty for the learn­ing plat­form is on their agen­da.

“We’re al­so look­ing to take this as a les­son to im­prove our ca­pac­i­ty to deal with these is­sues as it comes up and have al­ter­na­tive modes of dis­sem­i­na­tion of in­for­ma­tion should these un­for­tu­nate sit­u­a­tions arise.”

Mean­while, Ter­tiary Ed­u­ca­tion Min­is­ter Prakash Per­sad told Guardian Me­dia that he is sat­is­fied with how the mat­ter is be­ing han­dled by UTT. He too stressed that this was not a tar­get­ed at­tack on the lo­cal in­sti­tu­tion but rather the learn­ing man­age­ment on­line sys­tem that is used by thou­sands of schools.

“We post­poned the ex­ams un­til next Fri­day. The stu­dents are stressed, but that’s the best we can do.”

Yes­ter­day af­ter­noon, he told Guardian Me­dia that the full ex­tent of the hack is still to be de­ter­mined.

“We’re try­ing to as­sess ex­act­ly if any stu­dents’ in­for­ma­tion, if they (hack­ers) put it on the dark web, and that takes some time.”