Inside university servers, unauthorized pages have been planted by hackers. No schools knew the pages existed on their servers. Seems like that no personal info was compromised, those these pages were put in place to help the hackers make money.
Resource for this article: Hackers plant pages on university web sites by Personal Money Store
Hacker pages hosted on university web sites
The hack on dot-edu extension web sites used departmental web sites, student pages, or upload functionality to create these fake pages. For-profit sites are the intended "target" of the links on these unauthorized pages. Having pages on a university domain means that the hackers create the appearance the university endorses these pages – which improves search engine rankings and profits. When university webmasters and I.T. departments were contacted, they confirmed that they are not aware of these websites. At 3 p.m. Wednesday, numerous of the contacted universities were removing these hacked pages.
Hacked pages linked to Street Smarts of Ohio
The company in Ohio called Street Smarts owns the domain names that these unauthorized pages link to. Calling the phone number listed on the registration info for the domains resulted only in being told "wrong number". Shortly after the calls for remark, the web sites appeared to be taken offline. There was a similar hack of government and educational sites in 2008. The 2008 attack, rather than loading web sites onto dot-gov and dot-edu web sites, used JavaScript to redirect those pages to latest-mortgages-rates.com, creditloansrates.com, and myhome-loan-expert.com. Some of the websites uploaded in this most recent attack on educational web sites included an out-of-service phone number in Texas. That phone number is also used on hundreds of sites with the JavaScript redirect posted in 2008. A look to the HTML, JavaScript and CSS code that runs both the redirected web sites and also the unauthorized online websites reveals the websites share nearly identical code. To p! ut it simply, the very same company likely perpetrated both attacks.
Personal details of students at risk
The hacking attack takes advantage of the good name of schools while making money off phony information. This security hole does not appear to have released any information. In other words, the hackers could get info in, but apparently couldn’t pull data from the university computer systems. If security holes like this aren't fixed, though, they can later be used to gain access to data like social security numbers. With a majority of the administration of higher education happening online, it is essential that universities and colleges make certain that private info remain just that – private.
The danger lurking within security exploits
Security breaches like this mean that scammers are more effortlessly gathering personal information without site visitors ever knowing. The webpages created for this attack look very much like legitimate university sites. Visitors to the site who enter their personal details could very effortlessly be opening themselves up for fraud or identity theft.
Schools that had their websites hacked
This is not a complete listing of educational institutions affected by this attack. These are merely 50 schools which were found to have unauthorized pages with a single search. You should do a very extensive search for these unauthorized pages if you are the webmaster or administrator for an educational website.
- Beacon University
- Harvard University
- McNeese University
- Northeastern Illinois University
- Cornell University
- Georgia Tech
- The Browning School
- Valparaiso University
- Los Rios Community College District
- East Central University of Oklahoma
- Rutgers University
- Yale University
- University of Texas Medial Branch
- Stony Brook University
- Saint Xavier University
- Hardin Simmons University
- Arizona State University
- Stanford University
- Austin Independent School District
- Smith College of Massachusetts
- Highpoint University
- Rensselaer Polytechnic Institute
- Catholic Theological Union
- University of Washington
- Westminster Theological Seminary
- Lake Forest College in Chicago
- Southeastern Louisiana University
- American Samoa Community College
- Columbia College of Chicago
- University of Arkansas Fort Smith
- UC San Diego
- University of Scranton
- Piedmont Technical College
- Assumption University of Thailand
- Chemeketa Community College
- Information Sciences Institute at the University of Southern California
- University of Tennessee Martin
- The City University of New York
- Milwaukee Institute of Art & Design
- Instituto Guatemalteco Americano
- The University of Utah
- Juniata College
- Ohio State
- California State Christian University
- Sharif University of Technology
- The University of North Carolina at Chapel Hill
- Brigham Young University
- The University of Arkansas
- The University of Virginia
No comments:
Post a Comment