In an attack that took advantage of security holes, hackers have planted unauthorized pages inside university servers. None of the schools knew of the pages’ existence. The pages sent more money and traffic to the hackers, though it doesn't appear any personal info was breached.
Source for this article: Hackers plant pages on university websites by Personal Money Store
Higher education websites host hacker pages
The attack on university web pages with dot-edu extensions appeared to use file uploading or departmental sites to create unauthorized pages. These websites seem to send traffic to websites that are for-profit. The links on these college web sites helped the hackers improve search engine rankings, also as creating the appearance the university was endorsing the page. When university webmasters and I.T. departments were contacted, they confirmed that they weren’t aware of these web sites. Universities were already removing these pages as of 3 p.m. Wednesday afternoon.
Unauthorized pages linked to "Street Smarts" business in Ohio
The company Street Smarts is the registered owner of the domain names belonging to the redirected sites and also the unauthorized sites. Calling the phone number listed on the registration data for the domains resulted only in being told "wrong number". The web sites owned by this business appeared to be taken offline shortly after calls for remark were made. There was a similar hack of government and educational websites in 2008. This 2008 hacker attack embedded JavaScript into domains ending in dot-edu and dot-gov that redirected visits to government and educational websites to one of three pages, or pages that differed only in name — myhome-loan-expert.com, latest-mortgages-rates.com and creditloansrates.com. Some of the websites uploaded in this most recent attack on educational sites included an out-of-service phone number in Texas. That phone number is also used on hundreds of websites with the JavaScript redirect posted in 2008. A look to the HTML, JavaSc! ript and CSS code that runs both the redirected sites and also the unauthorized sites reveals that the sites share nearly identical code. Both attacks were likely perpetrated by the exact same company, in other words.
Was personal data at risk
The hacking attack takes advantage of the good name of schools while making money off phony information. The security holes do not appear to have let any personal data of students or universities out. Hackers could get information in to the web sites, but they couldn't get any out — probably. If security holes like this aren't fixed, though, they can later be used to gain access to details like social security numbers. Since higher education is happening online a growing number of often, security holes like this need to be closed as easily as possible.
The danger lurking within security exploits
A security breach like this can make it easy for scammers to get personal data without visitors to the site ever knowing. The webpages created for this attack look very much like legitimate university web sites. Visitors who go to these sites and enter personal information might be opening themselves up to identity theft and fraud.
The university websites affected
The colleges, universities, and educational institutions affected by this attack aren’t listed in complete here. These are merely 50 schools that were found to have unauthorized pages with a single search. You should do a very extensive search for these unauthorized pages in case you are the webmaster or administrator for an educational website.
- Beacon University
- Harvard University
- McNeese University
- Northeastern Illinois University
- Cornell University
- Georgia Tech
- The Browning School
- Valparaiso University
- Los Rios Community College District
- East Central University of Oklahoma
- Rutgers University
- Yale University
- University of Texas Medial Branch
- Stony Brook University
- Saint Xavier University
- Hardin Simmons University
- Arizona State University
- Stanford University
- Austin Independent School District
- Smith College of Massachusetts
- Highpoint University
- Rensselaer Polytechnic Institute
- Catholic Theological Union
- University of Washington
- Westminster Theological Seminary
- Lake Forest College in Chicago
- Southeastern Louisiana University
- American Samoa Community College
- Columbia College of Chicago
- University of Arkansas Fort Smith
- UC San Diego
- University of Scranton
- Piedmont Technical College
- Assumption University of Thailand
- Chemeketa Community College
- Information Sciences Institute at the University of Southern California
- University of Tennessee Martin
- The City University of New York
- Milwaukee Institute of Art & Design
- Instituto Guatemalteco Americano
- The University of Utah
- Juniata College
- Ohio State
- California State Christian University
- Sharif University of Technology
- The University of North Carolina at Chapel Hill
- Brigham Young University
- The University of Arkansas
- The University of Virginia
No comments:
Post a Comment