In an attack that took advantage of security holes, hackers have planted unauthorized pages inside university servers. No schools knew that the pages existed on their servers. Seems like that no personal info was compromised, those these pages were put in place to help the hackers make money.
University sites unwittingly host hacker pages
To create these unauthorized pages, these hackers exploited security holes in departmental, student, and uploading functionality. These pages appear to be intended to send website traffic to for-profit websites. By having links and data on college and university websites, which are usually considered authoritative, the hackers are able to not only improve their rankings in search engine results and their profits, they are able to create the appearance that colleges and universities are endorsing their product. When university webmasters and I.T. departments were contacted, they confirmed that they weren’t aware of these websites. At 3 p.m. Wednesday, many of the contacted universities were removing these hacked pages.
The domain names that these unauthorized pages link to are owned by Street Smarts. Calling the phone number listed on the registration details for the domains resulted only in being told “wrong number”. The websites owned by this company appeared to be taken offline shortly after calls for remark were made. In 2008, a comparable hack of educational and government websites was found. This 2008 hacker attack embedded JavaScript into domains ending in dot-edu and dot-gov that redirected visits to government and educational websites to one of three pages, or pages that differed only in name — myhome-loan-expert.com, latest-mortgages-rates.com and creditloansrates.com. Some of the web sites uploaded in this most recent attack on educational sites involved an out-of-service phone number in Texas. A search of that phone number revealed, nevertheless, hundreds more websites with this exact exact same JavaScript-coded redirect. The HTML, Java, and CSS code on both the redirected and unauthorized sites are almost exactly identical. To put it simply, the same company likely perpetrated both attacks.
Risk to students’ personal info
This hacking of educational sites exploits the good name of schools and tries to make money off phony information. This security hole does not appear to have released any details. Put simply, hackers could get information in, but not out. Security holes like this could be later used, though, to gain access to social security data, financial info, and grades. With a majority of the administration of higher education happening online, it is essential that universities and colleges make certain that private details remain just that – private.
Why security exploits are dangerous
A security breach like this can make it easy for scammers to gather personal information without visitors to the website ever knowing. The unauthorized webpages, on first glace, look like legitimate websites that belong on University servers. Identity theft and fraud are both risks of entering personal info on web sites such as this.
The university websites affected
This is not a complete listing of educational institutions affected by this attack. . If you act as the webmaster or administrator of a site on dot-edu or dot-gov domain names, you should do an extensive search for unauthorized pages.
- Beacon University
- Harvard University
- McNeese University
- Northeastern Illinois University
- Cornell University
- Georgia Tech
- The Browning School
- Valparaiso University
- Los Rios Community College District
- East Central University of Oklahoma
- Rutgers University
- Yale University
- University of Texas Medial Branch
- Stony Brook University
- Saint Xavier University
- Hardin Simmons University
- Arizona State University
- Stanford University
- Austin Independent School District
- Smith College of Massachusetts
- Highpoint University
- Rensselaer Polytechnic Institute
- Catholic Theological Union
- University of Washington
- Westminster Theological Seminary
- Lake Forest College in Chicago
- Southeastern Louisiana University
- American Samoa Community College
- Columbia College of Chicago
- University of Arkansas Fort Smith
- UC San Diego
- University of Scranton
- Piedmont Technical College
- Assumption University of Thailand
- Chemeketa Community College
- Information Sciences Institute at the University of Southern California
- University of Tennessee Martin
- The City University of New York
- Milwaukee Institute of Art & Design
- Instituto Guatemalteco Americano
- The University of Utah
- Juniata College
- Ohio State
- California State Christian University
- Sharif University of Technology
- The University of North Carolina at Chapel Hill
- Brigham Young University
- The University of Arkansas
- The University of Virginia
