Personal information from 53
institutions worldwide made public
BY NICOLE PERLROTH
Hackers have published online
thousands of personal records from 53 universities around the world, including Harvard,
Stanford, Cornell, Princeton, Johns Hopkins and the University of Zurich.
THE GROUP OF HACKERS, CALLING
THEMSELVES Team GhostShell, claimed responsibility for the attack on Twitter,
and on Monday it published 36,000 e-mail addresses and thousands of names,
usernames, passwords, addresses and phone numbers of students and of faculty
and staff members, to the Web site Paste bin. In most cases, the data were
already publicly available, but in some instances the records included
additional sensitive information like students’ dates of birth and payroll
information from university employees.
Typically, hackers seek such
information because it can be use steal identities or crack bank accounts, or
because it can be sold on the black market. Universities make ripe targets
because they store vast numbers of personal records, often in decentralized
servers. The records can be gold mine because students often have pristine
credit reputations and do not monitor their account activity and credit scores
as vigilantly as adults do.
Dozens of universities have been
plagued by breaches recently. Last August alone, the University of Rhode island
warned that students and faculty members that their information may have been
exposed. And at the University of Arizona, a student discovered a breach after
a Google search exposed her personal information – and that of thousands of
others at the university Smaller computer breaches at Queens College in New
York City and Marquette University in Milwaukee were also reported.
In this case, the hackers said they
were not motivated by profit but to “raise awareness towards the changes made
in today’s education.” In a message accompanying the stolen data, they bemoaned
changing education laws Europe and spikes in tuition fees in the United States.
But they also noted that in many cases, the servers they breached had already
been compromised.
“When we got there, we found that a
lot of them have malware injected,” the hackers wrote on Paste bin.
To breach servers, the hackers used
a technique known as an SQL injection, in which they exploit software
vulnerability and enter commands that cause database to dump its contents. In
the case of some universities, the hackers breached multiple servers.
Hackers have struck a variety of
targets, including university computer.
Identity Finder, a company that
works to prevent identify theft from security breaches, analyzed the published
data and said they appeared to be legitimate. The company analyzed the data and
found 36,623 unique e-mail addresses and tens of thousands of names of name of
students and of faculty and staff members, as well as thousands more usernames
and passwords, some encrypted but many stored in plain text.
Aaron Titus, a spokesman for
Identity Finder, said that in analyzing the hackers attach methods; there was
evidence that in many cases they had been inside the universities, Systems for
“at least four months.”
Lisa Ann Lapin, a spokeswoman for
Stanford University in California, said that the university had discovered the
breach Tuesday evening. She confirmed that two departmental Web Sites belonging
to the university had been entered but said that the servers had been
“secured”.
“Our information security officers
consider the breaches to be minor in nature,” Ms. Lapin said, “No restricted or
prohibited data was compromised, nor was any sensitive or other personal
information that could lead to identity theft.”
At colleges across the country,
some students set up sites that allowed students and faculty members to search
the leaked data for their information. For instance, at the University of
Pennsylvania, Matt Parmett, a junior, created a Web site that made it possible
for classmates to search the leaked data by name.
No comments:
Post a Comment
Good and Informative Suggestion / Comments are well come