Cyber Incident Victim: Joint Academic Network
Date:
Apr 2016
Location:
United Kingdom
Summary
The academic network Janet experienced multiple distributed denial-of-service (DDoS) attacks, initially disrupting external international access and causing widespread network slowdowns across connected institutions. Subsequent attacks further degraded services, prompting ongoing mitigation efforts including traffic filtering blocks. The incidents occurred during peak academic periods, exacerbating operational strain on university IT departments and helpdesks due to heightened student activity near deadlines. This followed similar prior attacks that had already led to the permanent removal of open public access to the network as a protective measure. Service improvements were observed following mitigation responses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Janet academic network, a UK government-funded educational infrastructure, experienced distributed denial-of-service (DDoS) attacks beginning on 15 April 2016. The initial attack disrupted services on that Friday, with the network operator Jisc confirming the incident through status updates. Attacks resumed on the morning of 18 April at approximately 10:00, causing continued operational challenges. These disruptions manifested as slow network performance across connected institutions, with Bournemouth University publicly confirming via Twitter that its systems were affected by the Janet network slowdown. The attacks specifically impacted international connectivity, potentially hindering access to websites outside the UK during peak academic periods near term deadlines.
Jisc responded by implementing traffic blocks while conducting ongoing investigations into the attacks. By the afternoon of 18 April, the organization reported service improvements, though monitoring continued. This incident followed a previous week-long DDoS campaign against Janet from 1-8 December 2015, which had prompted Jisc to permanently remove open public access to the network as a security measure. The timing of both April attacks coincided with critical academic periods, amplifying operational strain as students intensified coursework submissions. Institutional IT departments faced heightened support demands while managing degraded network performance, though no data breaches or system compromises were reported in connection with the DDoS incidents.