In an attack that took advantage of security holes, hackers have planted unauthorized pages inside university servers. No schools knew that the pages existed on their servers. Seems like that no personal info was compromised, those these pages were put in place to help the hackers make money.
University sites unwittingly host hacker pages
To create these unauthorized pages, these hackers exploited security holes in departmental, student, and uploading functionality. These pages appear to be intended to send website traffic to for-profit websites. By having links and data on college and university websites, which are usually considered authoritative, the hackers are able to not only improve their rankings in search engine results and their profits, they are able to create the appearance that colleges and universities are endorsing their product. When university webmasters and I.T. departments were contacted, they confirmed that they weren’t aware of these websites. At 3 p.m. Wednesday, many of the contacted universities were removing these hacked pages.
The domain names that these unauthorized pages link to are owned by Street Smarts. Attempts to call Street Smarts resulted only in being told “wrong number” when asking for the company or the technical contact listed on the site registration. Shortly after these phone calls, these websites were taken offline. In 2008, there was a similar hack of both government and educational websites. The 2008 attack, rather than loading websites onto dot-gov and dot-edu websites, used JavaScript to redirect those pages to latest-mortgages-rates.com, creditloansrates.com, and myhome-loan-expert.com. There is a phone number that is out of service in Texas listed on the educational websites hacked. The sites redirected in 2008 also use that exact exact same phone number. The HTML, Java, and CSS code on both the redirected and unauthorized online websites are almost exactly identical. To put it simply, the exact same company likely perpetrated both attacks.
Risk to the student’s personal information
This hack of educational web sites tries to make money off phony info and exploits the good name of schools. The security holes do not appear to have let any personal info of students or universities out. Hackers could get info in to the websites, however they couldn’t get any out — probably. If security holes like this aren’t fixed, though, they can later be used to gain access to info like social security numbers. With a majority of the administration of higher education happening online, it is essential that universities and colleges make certain that private info remain just that – private.
The danger lurking within security exploits
Security breaches like this mean that scammers are more effortlessly gathering personal details without website visitors ever knowing. The webpages created for this attack look very much like legitimate university websites. Visitors who go to these web sites and enter personal info might be opening themselves up to identity theft and fraud.
Universities affected
The colleges, universities, and educational institutions affected by this attack are not listed in complete here. A search for these unauthorized pages showed these 50 schools as the first victims. If you act as the webmaster or administrator of a website on dot-edu or dot-gov domain names, you should do an extensive search for unauthorized pages.
- Beacon University
- Harvard University
- McNeese University
- Northeastern Illinois University
- Cornell University
- Georgia Tech
- The Browning School
- Valparaiso University
- Los Rios Community College District
- East Central University of Oklahoma
- Rutgers University
- Yale University
- University of Texas Medial Branch
- Stony Brook University
- Saint Xavier University
- Hardin Simmons University
- Arizona State University
- Stanford University
- Austin Independent School District
- Smith College of Massachusetts
- Highpoint University
- Rensselaer Polytechnic Institute
- Catholic Theological Union
- University of Washington
- Westminster Theological Seminary
- Lake Forest College in Chicago
- Southeastern Louisiana University
- American Samoa Community College
- Columbia College of Chicago
- University of Arkansas Fort Smith
- UC San Diego
- University of Scranton
- Piedmont Technical College
- Assumption University of Thailand
- Chemeketa Community College
- Information Sciences Institute at the University of Southern California
- University of Tennessee Martin
- The City University of New York
- Milwaukee Institute of Art & Design
- Instituto Guatemalteco Americano
- The University of Utah
- Juniata College
- Ohio State
- California State Christian University
- Sharif University of Technology
- The University of North Carolina at Chapel Hill
- Brigham Young University
- The University of Arkansas
- The University of Virginia
