In the early days of 2011, the Massachusetts Institute of Technology learned that it had an intruder. Worse, it believed the intruder had been there before.
Months earlier, the mysterious visitor had used the school’s computer network to begin copying millions of research articles belonging to Jstor, the nonprofit organization that sells subscription access to universities.
The visitor was clever — switching identifications to avoid being blocked by M.I.T.’s security system — but eventually the university believed it had shut down the intrusion, then spent weeks reassuring furious officials at Jstor that the downloading had been stopped.
However, on Jan. 3, 2011, according to internal M.I.T. documents obtained by The New York Times, the university was informed that the intruder was back — this time downloading documents very slowly, with a new method of access, so as not to alert the university’s security experts.