Information security firm expresses concern at hacking of universities

Information security firm commissum expresses concern about the fact that a group of criminal hackers has hacked into computers at more than fifty leading universities around the world.
 
 
Spread the Word
Listed Under

Tags:
Computer Security
Information Security
Infosec
Hacking

Industry:
• Information security

Location:
Leith - Edinburgh - Scotland

Oct. 9, 2012 - PRLog -- A group of criminal hackers known as “Gh0stshell” has hacked into computers at more than fifty leading universities around the world, and has published on the web some of the personal data retrieved.  The hackers claim that the attack is a protest at declining educational standards and facilities.  The stolen data published on the web includes thousands of names, phone numbers, email addresses and even usernames and passwords from some of the computers that were compromised.

The attack was mounted using a well-known technique called “SQL injection”,  where an attacker exploits a database that powers a website, making use of errors in the configuration of user input on the web page.   The attack focused on smaller departmental server computers rather than central university servers.  It is likely that departmental servers will be less secure and less frequently updated with new security fixes than central machines.  Hence they may present an easier target for hackers.

One of the UK universities affected was Edinburgh University, in Scotland, which suffered breaches of three servers.  These were located in the Department of Biological Sciences, the Roslin Institute (which researches animal biology), and the Students’ Union.  The published information included names, email addresses and passwords (many in cleartext).

commissum is an information security company located in Edinburgh (see http://www.commissum.com).  Briony Williams, a security consultant at commissum, commented, “As Edinburgh University is in a sense our ‘home’ university, we take a particular interest in security breaches that affect it. This successful hack is a convincing demonstration of the extent of vulnerabilities in smaller departmental servers, which may not receive the same emphasis on security as the larger central machines. It is important for any university to invest the resources necessary to protect its data, whether intellectual property or personal data.  A university’s intellectual property is a potential source of revenue, while personal data may be used for identity theft. In both cases, loss of confidentiality could result in severe consequences if data got into the wrong hands.”

Since discovery of the attack in early October, many servers have been secured at the affected universities, and some web pages have been taken down.  Passwords have been reset where necessary, and at least one university is inspecting its website source code to identify similar vulnerabilities.

Briony Williams of commissum comments again: “It is encouraging that steps are being taken to prevent these particular servers from being hacked again in this particular way. However, there is a much broader need to secure all servers, and to close this general loophole on all university websites where it exists. The Gh0stshell hackers claim (probably spuriously) to be protesting at educational standards, but what they have actually achieved is to issue a wake-up call for university departmental IT officers. If nothing else, this could represent a positive contribution to the information security of university departments”
End
Source:
Email:***@commissum.com Email Verified
Phone:+44 845 644 3217
Zip:EH6 6LB
Tags:Computer Security, Information Security, Infosec, Hacking
Industry:Information security
Location:Leith - Edinburgh - Scotland
Account Phone Number Verified     Disclaimer     Report Abuse
commissum PRs
Trending News
Top Daily News
Top Weekly News



Like PRLog?
9K2K1K
Click to Share