Over 50 universities hacked in education protest
Apparently, hackers have managed to intrude into, and copy data from, the servers of more than 50 universities. The hackers made mirror links to the compromised data available at pastebin.com – the data includes email addresses, user IDs, passwords and private addresses. A group called Team Ghostshell has claimed responsibility for the concerted action.
The hackers said that their campaign, "Project Westwind", was designed to highlight shortcomings in the educational system. For example, they criticised excessive course fees in the US and hastily implemented higher education reforms across Europe. In addition to Harvard and Stanford, the hackers said that they also targeted universities in Moscow, Tokyo and Rome, as well as four German universities: TU Berlin and universities in Heidelberg, Freiburg and Göttingen.
The director of Freiburg University's data processing centre told The H's associates at heise online that the data on pastebin includes nothing that couldn't also be accessed in a browser. Apparently, the information is limited to a list of the Mathematics and Physics Department's professors and staff with no private information. Despite this, the affected department's server has temporarily been taken down so that it can be analysed and its log files checked for security holes.
Responding to heise online's query, TU Berlin has now confirmed a hacker attack executed through SQL injection. However, none of the central systems run by the university's main data processing centre have been affected. Apparently, the hackers targeted a decentralised departmental database – a custom development for seminar registrations – and compromised the data of about 1,200 users. According to the TU, the server has been taken offline and all affected users have been informed.
Heidelberg University has also confirmed attacks on its systems, saying that web servers of three different institutes that are run by the departments themselves have been affected. Apparently, the university's central servers and those of its data processing centre were not targeted. The hackers managed to compromise one server using SQL injection, and the same is thought to be true for the other servers. However, the university said that less than 100 users and their local accounts on these servers have been affected. To mitigate the attack, the passwords and access privileges for the affected databases have been reset. The university added that it is currently also checking its PHP scripts for any SQL injection attack vectors similar to those of the script that was probably the target of the successful attack.
Team Ghostshell said that it tried to keep the leaked information to a minimum, and that about 120,000 accounts were disclosed. The group also pointed out that many of the attacked university servers had previously been infected with malware. Security firm Identity Finder has already analysed the data and its CEO, Aaron Titus, estimated that the hackers needed at least four months to infiltrate all of the servers and harvest the data. However, instead of the reported 120,000 compromised user accounts only 40,000 could be identified, he added.
The only two attacks on a UK University, Cambridge, were somewhat less impressive. Three administration accounts for a system at the Addenbrooke's-Hospital-based Cambridge Institute for Medical Research and the text of a job advertisement was the result of one attack. The other, an attack on University Library, seems to be, in its entirety, a short commentary on the work of Henry James Johnstone, a late-Victorian Australian artist.