back to article Hackers leak 120,000 student records in raid on world's top unis

Hackers have attacked the world's top 100 universities in a protest against tuition fees and what's deemed to be a falling quality of education. Anonymous-affiliated Team GhostShell dumped information from 120,000 user accounts and student records after raiding servers at institutions including Princeton, Harvard, Cambridge …

COMMENTS

This topic is closed for new posts.
  1. Matt Bryant Silver badge
    Facepalm

    So they hacked academic records at unis?

    Meh. Happens on an almost daily basis it's just not aired in public. And the real irony is it will be self-defeating - the unis will have to upgrade their security and have to extract the money from fees.

    1. Mindsmi

      Unfortunate... here's exactly what they got.

      As common as the hacks are, it doesn't mean that it's not a bad breach. Identity Finder analyzed the breached data and found the following:

      • 36,623 Unique Email Addresses

      • 1 Bank Account Number

      • No credit card information

      • No social security numbers

      • Tens of Thousands of student, faculty, and staff names

      • Thousands of Usernames, Hashed and Plain-Text Passwords

      • Thousands of Addresses and Phone Numbers

      • Several Dates of Birth, Citizenship, Ethnicity, Marital Status, and Gender Information

      • Payroll Information, Employee IDs

      • Database Schema Information

      Source: http://www.identityfinder.com/blog/post/Large-Scale-Coordinated-SQLi-Attack-on-Higher-Education.aspx

  2. David Ward 1

    looked at the Cambridge "leak" and... how dull. 3 user id's from an old job advert, I wonder how hard they tried in this case? All security breaches should be taken seriously but if this is the sum total of what could be got I am appeased and very surprised.

  3. Anonymous Coward
    Anonymous Coward

    Am I the only one not impressed?

    Unhappy with something - there comes Anonymous. Nothing positive, mind you, wouldn't want to ruin a track record there now, would we?

    Wake me up when they manage to do something positive. Although that means I may sleep forever. Zzzzz.

    1. The BigYin

      Re: Am I the only one not impressed?

      The Anons were doing something positive when they were going after the Cult of Scientology.

      Then there was...err...no; I think that's it.

  4. Matt Hamilton

    Dinosaurs?

    And if you look at the University of Bristol 'leak' all they have is the schema for a database in the Geology dept detailing dinosaur species.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dinosaurs?

      OH NO THEIR DINO SCHEMA GOT OUT?

    2. Mr_Pitiful
      Happy

      Re: Dinosaurs?

      Nice schema!

      1. Anonymous Coward
        Anonymous Coward

        Re: Dinosaurs?

        One of the hackers allegedly goes by alias doyouthinkhesaurus

    3. Mike Flex

      Re: Dinosaurs?

      A dinosaur database, you say?

      That'll be Oracle then.

      (There are nice dinosaur displays in the Will Memorial building and in the adjacent Bristol Museum.)

    4. Random Moniker

      Re: Dinosaurs?

      Won't somebody think of the dinosaurs?

    5. Anonymous Coward
      Anonymous Coward

      Re: Dinosaurs?

      They should really update that schema. It's not bad but went out with the... oh, wait.

  5. B-D
    Headmaster

    First one to post the Bobby Tables XKCD gets to clean the sharpie marks off the digital whiteboard.

  6. Zaphod.Beeblebrox
    Facepalm

    So lemme get this straight...

    To protest the fees that students have to pay, Anonymous hacks the universities' servers and posts the students' info. So now not only is the students' info made public, they will have to pay higher fees to cover the cleanup of this mess.

    Have I got that right? What am I missing that makes this a positive thing that will help change the world etc.?

    1. Anonymous Coward
      Thumb Down

      Re: So lemme get this straight...

      Perhaps the twats are dumb enough to believe that the only people at the top 100 Unis are well-off and not affected by tuition fees, hence fair game.

      That ain't so at all, and there'll be plenty of students paying their own way who will be affected.

      Tossers.

  7. Destroy All Monsters Silver badge
    Facepalm

    Oh Really?

    "a protest against tuition fees"

    More like, make up some shitty cause after you have penetrated the network and hoovered up random stuff. Not too hard, seeing that there are math profs doubling as system administrators and whatnot.

    Really, cretinonymous: the tuition fees are HIGH because there are people who can, and want to PAY FOR THEM (possibly because they get subsidized by the state in the first place). Deal with basic economic principles.

  8. mark 63 Silver badge

    usernames from an ad? you mean like email addresses?

    and a db scema?

    so what was the 120,000 thing?

  9. disgruntled yank

    splendid

    Next let's protest against the cost of health care by leaking patients' records.

    1. David Webb

      Re: splendid

      Don't be silly, we protest the cost of health care by hacking the system and killing all the computers, and turning off life support, that'll teach them for giving us free health care! Bloody communists if you ask me.

    2. Pooka

      Re: splendid

      Why would they need to? Surely the NHS are perfectly capable of leaving them on nearby trains, park bins or no longer used building (delete according to current fashion) on their own without anonymous getting their hands dirty.....

  10. steve444

    Well there are hundreds of student and staff records from Manchester Uni's chemistry department on there...

  11. Roger Stenning
    FAIL

    OK, so to make a point...

    ...anonymous publish personally identifiable data - names, email addresses and passwords, belonging to students who are being forced to pay the fees in the first place. Now for the Faculty members I can just about follow the childish thinking behind publishing the stuff, however wrong and fucking retarded it might be, but then they went after the students as well?

    Someone tell me how the fuck that helps the poor bastards?

    To remind these fucktards, It was politicians who made the decision to charge fees in seats of higher education over here. Not students. not faculty members. Why didn't you Anonymous keyboard warrior chickenshits go after the politicians instead? Oh yeah, too difficult, and oh yeah, they might send the lads in black choppers after you, wouldn't want a real-deal Call Of Duty delivery on your doormat now, would you? Might upset mummy and daddy a bit. Might make 'em ground you for oh, all eternity.

    These anonymous people must either be the most retarded halfwits in the universe, or merely a bunch of "fuck everyone" fucktards who can't hold down a proper job for more than a picosecond.

    They seem to think it's funny.

    I think it's a fail of the highest order. And that's the polite version.

    1. Destroy All Monsters Silver badge
      Headmaster

      Re: OK, so to make a point...

      > being forced to pay the fees

      No-one is being forced to pay anything. What is happening is, people pay to get into a club. That's all there is to it.

      University Guildsmen and Anticapitalism

      Students incur heavy debts in their own speculative endeavors, vying for entry into highly esteemed universities. They thus emerge from their training with unwieldy debts, dupes of university speculation, with no sure employment prospects and little job experience. As with all other things, the surfeit of university degrees on the labor market decreases the value of each and every individual degree. Students speculate not only because the inflated tuition costs of certain universities signal that degrees are valuable, thus leading to malinvestment, but also because individuals do require a certain amount of general knowledge to be successful in today's job market. The university promises increased literacy, complex mathematics, and a certain level of cultural sophistication. These are certainly useful studies for salesmen, primary and secondary educators, and engineers, but it still is not true that the university guild system and government regulation are required to promote those studies when the market has a vested interest in them — just at a lower cost.

      1. Roger Stenning
        Flame

        Re: OK, so to make a point...

        Oh, don't be a sodding arsehole. There are jobs requiring degree level qualifications; I don't begrudge them this requirement (who wants a doctor operating on them who has NOT got the right qualifications, for example?) but to say that it's paying to get into a fucking 'club' is quite frankly the biggest load of complete bollocks that I've heard in my 48 years on this mortal coil, and I drive heavy vehicles for a living, and have heard pretty much every sodding sea story known to man, so again, don't be a sodding arsehole.

        1. mark 63 Silver badge

          Re: OK, so to make a point...

          agreed roger,

          but i'm curious why a heavy vehicle driver is reading theregister?

          it's not really the sort of thing a non IT profesnl would read, not even a "home it enthusaist" or I.T part timer

          1. Tank boy
            Facepalm

            Re: OK, so to make a point...

            "i'm curious why a heavy vehicle driver is reading theregister?

            it's not really the sort of thing a non IT profesnl would read, not even a "home it enthusaist" or I.T part timer"

            Didn't realize that there was some sort of prerequisite for reading articles on the internet. Guess Roger and I will make it a point to get your permission to read anything on The Register Mark63. I'll get right on that... As soon as you figure out how to use spell check.

            1. mark 63 Silver badge
              Trollface

              Re: OK, so to make a point...

              Hey , sorry tank boy , read what you want obviously.

              i just said I'm curious.

              thinking more about it , people can be intrested in what they want i guess.

              I suppose i was just thinking of the more business centric articles,

              like "Juniper chops workforce by 5.3 per cent"

              Theres plenty of other interesting stuff. botnets n such.

              would it be bad to suggest Roger the trucker is just interested in the bacon butty-off?

              *runs like hell*

              1. Anonymous Coward
                Anonymous Coward

                You'd better run boy..

                Currently running my own manufacturing business, that is in no way connected with the IT sector, and have been for 10+ years.

                I've always read ElReg.

                Used to design front ends to HVAC systems, software documentation and give training courses in such systems. Was an 'on site tech' for a year and an instore tech for another year.

                Most of my days are now spent driving one of my fleet of vans. If you think I have no reason to read the reg, just post me your address, and I'll park one of my vans where the sun don't shine. You condescending tw@.

          2. tony trolle

            Re: OK, so to make a point...

            I read it. -I.T part timer for the past 12 years

          3. Roger Stenning
            Pint

            Re: OK, so to make a point...

            I'll echo Tank Boy and Tony Trolle - you don't have to work in IT to read the Register :-) I also like to know what's going on in the tech world: The Register allows me to do this in nice, easy, byte - I mean bite - sized chunks :-)

            As it happens, I used to work IT, before I got out and found that I enjoyed shifting heavy metal a shedload more - I also don't have to deal with moronic users who can't find their backsides with a map compass and bit of string, let alone recognise that they've forgotten to hit the power button on the desktop. These days, I deal with the punters, mechs and techs that keep the country fed and moved. I don't recommend it to everyone, but for me at least, it's been remarkably more satisfying, if not as well paid. Job satisfaction counts for a lot!

  12. 404
    Black Helicopters

    +1 for the rant...

    .)

    Blackhawk icon for the possibility this was cover for grabbing other stuff of interest...

  13. Anonymous Coward
    Anonymous Coward

    Not Oxford?

    Pleasantly surprised Oxford isn't on here. Back when I was there, there were at least the following vulnerabilities:

    > university core routers discoverable (like, the ones at either end of the North-South Oxford fibre link), with the web interfaces enabled, and default admin password unchanged

    > college CCTV systems discoverable, with the web interfaces enabled, and default admin password unchanged

    > college lunch system SQL database accessible from intranet, with sa password set to "sa" - very easy to get someone else (like, some poor sap doing a year abroad) to pay for your lunch*

    > unmanaged college switches which would let you get away with MAC spoofing

    > college printers in computer rooms all over the city visible and unsecured on Windows (sending single pages with rude messages on to rival colleges was always a good drunken prank)

    Disclaimer: I didn't personally access any of the above infrastructure - just laughed my tits off while my mates did it, and felt the off pang of sympathy with the college BOFH and PFY who were on a piss-poor salaries having to put up with some of the best and brightest in the country dicking all over their infrastructure...

    * don't worry we bought him plenty of beer when he got back

    1. Anonymous Coward
      Anonymous Coward

      Re: Not Oxford?

      Of course not - they only checked the top universities.....

      Dons flame proof suit and waits.

  14. Anonymous Coward
    Anonymous Coward

    Alternatively...

    Perhaps the person behind it is due to go to Uni next year and wants to see the systems tightened-up before his data is up there, ready to be lifted?

    1. Destroy All Monsters Silver badge
      Headmaster

      Re: Alternatively...

      Did you mean "due to go to jail next year"?

      First one who makes a prison rape joke using "tightened-up" should be banhammered, btw.

  15. Anonymous Coward
    Anonymous Coward

    a protest against tuition fees that doesnt work

    i think all fees and entrance requirements should be abolished. And doors and gates. Only a fascist would suggest that university should be so exclusive and not a single person on this planet should be prevented from just walking into Cambridge any time they like and listening to the lectures FOR FREE. OF COURSE that's better than the present system. Far better to let everyone in and train them all up. A rising tide lifts all boats, bitch.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: a protest against tuition fees that doesnt work

      And the other thing is, the nature of work itself is changing.

      We've past the tipping point. What I mean by that is, we are now totally dependent as a species on electricity and internet communications. So we're fucked if it goes down anyway. Why do we have to go to university at all when a two week course on how to use Google is just as good for 90% of jobs? Consider the implications of that.

      Of course, Google operated by people is a stopgap until we have Google operated by autonomous robots, and then later, Google itself will take over all intellectual work on the planet.

    3. DavCrav

      Re: a protest against tuition fees that doesnt work

      "Far better to let everyone in and train them all up. A rising tide lifts all boats, bitch."

      OK, obvious troll is obvious, but who builds the hangars for all these lectures? And who marks the homework?

      1. Anonymous Coward
        Anonymous Coward

        Re: a protest against tuition fees that doesnt work

        In medieval times a bunch of hustlers and cryptofascists figured out that they could get free money from the Bourgeoisie by charging them money in return for free knowledge.

        That is the root of our modern system where you pay your money and get no choice.

    4. Gaius
      IT Angle

      Re: a protest against tuition fees that doesnt work

      This is actually how the Sorbonne in Paris works. You only need to be enrolled to sit the exams.

    5. David Ward 1

      Re: a protest against tuition fees that doesnt work

      You would be surprised at how easy it is to walk into most lectures in Cambridge "FOR FREE", it is more of a struggle getting people to come to lectures than keeping them out. If you want to get personal tuition, lab classes, exams and a degree certificate, that is another story. Since the costs of things other than lectures scale with the number of people involved and someone has to pay for it.

  16. jacobbe
    Facepalm

    cant believe IT pros still being caught out with simple hacking techniques.

    nothing much is there. all the email addresses for all the staff at university of manchester is probably on the website anyways.

  17. jacobbe
    IT Angle

    look ive got Stephen Mottley 's password! but not in clear text : | L\c4x.\02\d9u\c7\e3f\da\bc\c7\fa,\80~4\9c\a0

  18. Should I Change My Password

    120K records, however only 15K passwords

    Was a long day however we reviewed all the files and found that only 15,000 of the 120,000 records contained an email address and a password. We've updated our repository for anyone interested in checking. I won't put the link (there's enough link spam in the world already) but feel free to google Should I Change My Password.

  19. Senior Ugli
    IT Angle

    all the github links are down for me? surely they would not host such naughtyness

  20. Anonymous Coward
    Anonymous Coward

    Comical

    "<nick> Why do you think Mathematics isn't taught in most "modern" countries?

    Do you really think governments want countries full of people who can think things through and find the right answers to questions? - Anonymous"

    Yeah, because a government wants a populace that can't produce goods and services, serve in the military, tend to the sick, teach, provide infrastructure or form a government. Sure. That makes total sense. And if mathematics is not taught in "modern" countries, just where to the Elite Cabal of the Blessed Echelon Night (or whatever) get their education?

    Morons.

    Mathematics may well be taught badly (too much reliance on calculators etc) but that is a totally different argument.

  21. Britt Johnston
    Black Helicopters

    Re: a two week course on how to use Google is just as good for 90% of jobs

    Hey AC! That endangers all who still believe thinking is free. Next week there'll be a Googletax of £9000 p.a.

    Reminds me of my wife, then 18, being served a bill for schooling via her parents after she skipped an East European country.

  22. Anonymous Coward
    Anonymous Coward

    All those email addresses leaked

    This would never happen to the register

  23. Anonymous Coward
    Anonymous Coward

    SANITIZE YOUR INPUT

    FFS, it isn't difficult...

  24. The Alpha Klutz
    Thumb Up

    money money money money

    money!

    Get some lecturer who can barely speak english, get him to read out some books, bingo, you just made 9 grand * 300 students. I should set up a university. So easy to make money and kids are dumb so they wont question that what they're learning is useless.

    1. Matt Bryant Silver badge
      Pirate

      Re: money money money money

      "Get some lecturer who can barely speak english....." It's a bit harder than just that in the UK. For a start, you have to get acredited otherwise you cannot receive studant grants. Even if you operate as a private "university" you still have to adhere to certain government standards. Not that has stopped "proper" unis selling degrees for funding in the past (http://www.guardian.co.uk/uk/2004/aug/01/universityfunding.highereducation).

      But who needs student grants and having to pay for lecturers? You could always start an IT training company, then you can get all types of UK and European small business and unemployed training grants AND charge for effectively reading students "The Dummys' Guide To Windows". I've seen 5-day Windows 7 courses going for £695+VAT per student, free to the unemployed (i.e., paid for by the dole office), which works out at over £40K per annum per seat if you can keep the classes full.

      /Yeaaargh, it's a scholastic pirate's life for me!

  25. Boris S.

    Off to prison

    These hackers must have flunked reality 101. Now they will be off to jail 101 where they will get a good dose of reality.

    1. Anonymous Coward
      Anonymous Coward

      Re: Off to prison

      we'll just have to hope they've already taken soap 101 and shower 101

      1. Anonymous Coward
        Anonymous Coward

        Re: Off to prison

        It's unlikely that they are that smart... They are hackers after all.

  26. Anonymous Coward
    Anonymous Coward

    You can look at it as getting into £50 grand debt to fund an education addiction

This topic is closed for new posts.