Cyber Incident Victim: Joint Academic Network
Date:
Dec 2015
Location:
United Kingdom
Summary
The UK academic and research network Janet experienced a persistent distributed denial-of-service (DDoS) attack causing prolonged connectivity disruptions across universities and research institutions. The attack overwhelmed network resources, forcing widespread outages that affected DNS services, hindered access to online platforms like Vision and Office 365, and disrupted academic activities for students and researchers. Network operators identified the attack and attempted mitigation measures, though intermittent issues persisted, leading to a decision to withhold public updates to avoid aiding attackers. No ransom demands were reported during the incident. Users resorted to alternative DNS solutions to bypass service degradation while the organization continued efforts to stabilize the network.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 7, 2015, the UK's academic and research network Janet, operated by Jisc, experienced a distributed denial-of-service (DDoS) attack that disrupted connectivity for universities and research institutions nationwide. The attack persisted without interruption into the following day, December 8, causing prolonged service degradation across the network. Jisc's engineering and security teams promptly identified the DDoS as the source of the outage and initiated efforts to trace the attack's origin while implementing technical countermeasures to block malicious traffic. Initial interventions provided temporary network stabilization, but the attackers adapted their methods, leading to renewed connectivity issues that forced many academic users offline. By December 8, the operational strain prompted Janet to cease public updates via its official Twitter account, citing concerns that real-time status reports were enabling attackers to refine their assault strategies. The sustained nature of the attack overwhelmed network resources, creating cascading access problems for students, faculty, and researchers attempting to use Janet-dependent services.
Technical impacts included severely degraded DNS resolution performance, with Jisc informally suggesting affected users switch to Google Europe's DNS servers as a temporary workaround. Multiple cloud-based applications hosted on Janet infrastructure became inaccessible, with specific user reports confirming outages for Microsoft Office 365 and the Vision collaboration platform. The disruption forced academic staff and students to abandon digital workflows, as evidenced by social media accounts describing researchers reverting to physical law reports in libraries due to inaccessible online legal databases. The attack affected all levels of the UK academic community, from undergraduate students to senior researchers, with Twitter serving as an ad-hoc outage reporting platform where users documented their inability to conduct routine academic activities. No ransom demand or threat actor communication was reported to Jisc during the incident, distinguishing it from typical DDoS-for-ransom campaigns where extortion attempts precede or accompany attacks. Network operators maintained continuous mitigation efforts throughout both days without publicly disclosing technical specifics of the attack vectors or the identity of the perpetrators.