05:22 AM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly

Team GhostShell Exposes 120,000 Records From Universities

Calculated attacks turn up hundreds of thousands of vulnerable records at 100 universities across the globe, hacker group says

The hacktivist group TeamGhostShell says it has embarked on a new campaign to expose data and vulnerabilities at 100 of the top universities around the world.

In a posting on Pastebin Monday, TeamGhostShell released some 120,000 records from universities such as Oxford and Harvard. The campaign, which the group has dubbed "Project WestWind," has revealed vulnerabilities in university systems that could put hundreds of thousands more records at risk, the group says.

"After carefully filtering the [university servers] that we've already leaked before and the ones where Anonymous has in major operations, we have eventually got together a new fresh list," the posting says. "The majority of them should be here. Also, some of us decided to go ahead and add vulnerable links to the other ones anyway, which you can find at the bottom, at 'Other Universities.'

"We tried to keep the leaked information to a minimum, so just around 120,000+ accounts and records are here, leaving in their servers hundreds of thousands more," the group states. "When we got there, we found out that a lot of them have malware injected. No surprise there, since some have credit card information stored."

The group says its goal is to raise awareness of problems in the modern education system. The posting does not discuss how the data was obtained or how much data the group was able to expose.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/5/2012 | 3:24:03 AM
re: Team GhostShell Exposes 120,000 Records From Universities
Universities have traditionally had a
very open attitude towards information. They also have a ton of
personal data and their security departments are understaffed. All
of that makes them a prime target for hackers.

Matthew Cohen
User Rank: Apprentice
10/3/2012 | 2:09:24 PM
re: Team GhostShell Exposes 120,000 Records From Universities
Identity Finder analyzed the data breach and found:
-* 36,623 Unique Email Addresses-* 1 Bank Account Number-* No credit card information-* No social security numbers-* Tens of Thousands of student, faculty, and staff names-* Thousands of Usernames, Hashed and Plain-Text Passwords-* Thousands of Addresses and Phone Numbers-* Several Dates of Birth, Citizenship, Ethnicity, Marital Status, and Gender Information-* Payroll Information, Employee IDs-* Database Schema Information

Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.