Hackers throw campus info caution to the wind

Oct 04, 2012 by Nancy Owano report

(Phys.org)—For 53 universities, this was the week that brought a line of enquiry they could well do without: How much damage are we dealing with? Hackers on Monday threw thousands of personal records from 53 universities online, posted to Pastebin. Affected schools included Harvard, Stanford, Cornell, Princeton, Johns Hopkins and University of Zurich. Identity Finder reported the exploit involved e-mail addresses and names of students, faculty and staff along with usernames and passwords. Only some were encrypted while others were in plain text. Although the hackers claim to have posted 120,000 accounts, Identity Finder could confirm less than that.

Numbers vary according to different news accounts; some estimated around 40,000 accounts were exposed while others estimate numbers closer to 36,000.

Team GhostShell, which describes itself as a publisher of worldwide, claimed responsibility for the attack Their motive was not data theft for but winning attention toward problems in today's . They criticized tuition costs and other issues.

"We have set out to raise awareness towards the changes made in today's education, how new laws imposed by politicians affect us, our economy and overall, our way of life. How far we have ventured from learning valuable skills that would normally help us be prepared in life, to just, simply memorizing large chunks of text in exchange for good grades."

They spoke against soaring tuitions fees "so much that by the time you finish any sort of degree, you will be in more debt than you can handle and with no certainty that you will get a job, to Asia, where strict & limited teachings still persist and never seem to catch up with the times and most of the time fail to prep you up for a world where foreign affairs are crucial in this day and age."

Some of the servers they breached had already been compromised. They found the servers were already malware injected. According to Identity Finder, there was evidence that in some cases they had been inside the universities' systems for at least four months. The technique they used to gain access to the information is described as SQL injection. Hackers' commands can cause a database to "dump" its contents. The rogue SQL commands result in dumping the database contents to the attacker. An article expressing concern about these types of attacks in SecurityWeek earlier this year noted that SQL injection attacks are well known security threats and yet they are growing in prevalence. "The ease of spawning these attacks, paired with the surplus of vulnerable websites and applications available to go after, make this type of data breach a prime choice for ."

Reacting to the hacker news, some students set up sites to help those who may be affected go through the leaked data to see if they could spot their information.

Explore further: Japan court orders Facebook to reveal revenge porn IP addresses

Related Stories

Spotlight falls on Sony's troubled cybersecurity

Jun 03, 2011

(AP) -- Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the company's stricken cybersecurity program.

Hackers claim new Sony cyberattack

Jun 03, 2011

Hackers have claimed to have compromised more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

Hackers claim stealing SonyPictures.com passwords

Jun 02, 2011

Hackers claimed on Thursday to have stolen more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

Hackers target Bethesda videogame studio

Jun 13, 2011

US videogame studio Bethesda Softworks on Monday said its websites were hit with a cyberattack over the weekend and warned that hackers may have stolen some user data.

Recommended for you

Twitter looks to weave into more mobile apps

2 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

3 hours ago

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

Fighting cyber-crime one app at a time

9 hours ago

This summer Victoria University of Wellington will be home to four Singaporean students researching cyber threats. The students have been working with Dr Ian Welch, a lecturer in Victoria's School of Engineering and Computer ...

Is big data heading for its 'horsemeat moment'?

11 hours ago

There have been so many leaks, hacks and scares based on misuse or misappropriation of personal data that any thought that "big data" could provide benefits rather than only opportunities for harm may be ...

User comments : 5

Adjust slider to filter visible comments by rank

Display comments: newest first

bhiestand
not rated yet Oct 04, 2012
I'm not sure what's more disappointing: all these top schools failing to protect from simple SQL injection or hackers releasing student information because they want to help the students.
tarheelchief
1 / 5 (3) Oct 04, 2012
Is it possible tuition is too high because professors,maintenance personnel,support clerical staff,and administrators refuse to take any cuts to lower the tuition costs?
I had first thought the hackers were after relevant information for corporations doing research on their upcoming hires for this would explain hacking into the college systems to find the truth as opposed to the resumes they had gotten from past failures.
I also thought it might have been an effort by the universities to find out the truth about unprepared and lazy students who had forged recommendations,work histories,and school activities to gain entrance into these institutions where they took up space and enraged the alumni.
obama_socks
1 / 5 (7) Oct 04, 2012
While they were at it, these brilliant hackers should have done all of us a favor and extracted the college records of Barack hussein Obama who claims to have attended Harvard and Columbia University...but refuses to divulge his grades, any degrees, and other pertinent information. His own Democrat Party did not vet him thoroughly before nominating him as a candidate for the Presidency.

So hackers - do something useful that would be advantageous to all Americans.

Enquiring minds and the Republican Party want to know.
alfie_null
5 / 5 (1) Oct 05, 2012
This activity, with the alleged rationale of decrying tuition costs, which resulted in 100% collateral damage, makes little sense.
Here's an alternative that works better for me: some group of one or more figured out a way to steal data from several universities. Wanting to gain notoriety from publicizing their activity, they had to struggle to come up with some sort of semi-rational altruistic-like (likely to resonate with their audience) reason for doing so.
Wolf358
not rated yet Oct 05, 2012
Our local State University's President gets a _yearly bonus_ which would pay the wages and benefits of 4 maintenance workers. Please don't assume that _everyone_ enjoys the same wages; Administration is in a much higher economic class than the rest of the staff/faculty.
Thanks!

Is it possible tuition is too high because professors,maintenance personnel,support clerical staff,and administrators refuse to take any cuts to lower the tuition costs?
I had first thought the hackers were after relevant information for corporations doing research on their upcoming hires for this would explain hacking into the college systems to find the truth as opposed to the resumes they had gotten from past failures.
I also thought it might have been an effort by the universities to find out the truth about unprepared and lazy students who had forged recommendations,work histories,and school activities to gain entrance into these institutions where they took up space and enraged the alumni.