Evil hackers have penetrated the outer defences of a universitys security! They are claiming to have stolen the entire contents of the universities email database. A total of 5TB!! They are holding the university to ransom over its contents. If the university does not pay them 5,000 dollars they will publish the contents of all the rejection letters for the faculties papers!!! If the exchange server is connected to the Internet by a 1Gbps connection. Assume a 10% protocol overhead, ignoring any other attributes of TCP/IP, and assuming the hackers were able to use the entire bandwidth, how long would it take them to transfer the 5TB off the system?

The IT department of the university uses a network flow monitoring system to detect unusual patterns in network traffic. Assuming that the normal profile for email access for a single user ranges from 1-10MB per session, users check their email about 10 times a day on working days and the university's exchange server hosts mail for 500 users. How long would it take the hackers to copy the database from the server and not be detected by the network flow monitoring system?

The attack may have used a vulnerability in the Exchange server that was public since at least June 2021. The ransom letter claiming all email was copied was sent in October 2021. Is the claim of the hackers realistic given that IT has not noticed any unusual network traffic during that time period? What else could the hackers do, besides copying the data slowly and continuously, to disguise their activity?