Hackers plant pages on university websites

Harvard Hacked Page

This webpage, posted on the Harvard University website, claims to represent the "University of Connecticut School of Business" but it's actually an unauthorized page created by a hacker. Screenshot taken 6-30-10.

In an apparent exploitation of security holes, for-profit hackers have uploaded unauthorized pages to hundreds of universities’ websites. None of the schools knew of the pages’ existence. These pages were planted with the intent of making the hackers money, though it appears no personal information was compromised.

Hacker pages on higher ed websites

The attack on university web pages with dot-edu extensions appeared to use file uploading or departmental websites to create unauthorized pages. These pages appear to be intended to send website traffic to for-profit websites. By having links and information on college and university websites, which are generally considered authoritative, the hackers are able to not only improve their rankings in search engine results and their profits, they are able to create the appearance that colleges and universities are endorsing their product. From conversations with webmasters and information technology departments of universities around the country, it seems that these websites have flown almost entirely under the radar. Every webmaster and information technology department contacted confirmed that these websites were not created by, nor authorized to be on, their websites. As of 3 p.m. Pacific Time Wednesday, many of the universities contacted were already removing these unauthorized pages.

Street Smarts of Ohio linked to unauthorized pages

The company Street Smarts is the registered owner of the domain names belonging to the redirected websites and the unauthorized sites. Attempts to call Street Smarts resulted only in being told “wrong number” when asking for the company or the technical contact listed on the website registration. Shortly after the calls for comment, the websites appeared to be taken offline. In 2008, a similar hack of educational and government websites was discovered. This 2008 hacker attack embedded JavaScript into domains ending in dot-edu and dot-gov that redirected visits to government and educational websites to one of three pages, or pages that differed only in name — myhome-loan-expert.com, latest-mortgages-rates.com and creditloansrates.com. Some of the websites uploaded in this most recent attack on educational websites included an out-of-service phone number in Texas. A search of that phone number revealed, however, hundreds more websites with this exact same JavaScript-coded redirect. A look into the HTML, JavaScript and CSS code that runs both the redirected websites and the unauthorized sites reveals that the websites share nearly identical code. In other words, they were most likely written by the same company that perpetrated the 2008 attack.

Risk to students’ personal information

This hacking of educational websites exploits the good name of schools and tries to make money off phony information. Thankfully, it does not appear that the security holes that allowed these websites to be posted allowed any information out. In other words, the hackers could get information in, but apparently couldn’t pull information from the university computer systems. However, if security holes such as this are not fixed, they can often be used to gain unauthorized access to social security numbers, grades, financial information, etc. With a majority of the administration of higher education happening online, it is essential that universities and colleges make sure that private information remain just that — private.

The danger of security exploits

A security breach such as this can make it easy for scammers to gather personal information without visitors to the website ever knowing. The webpages created for this attack look very much like legitimate university websites. Visitors to the website who enter their personal information could very easily be opening themselves up for fraud or identity theft.

Universities affected

This is not by any means an exhaustive list of universities, colleges and educational institutions affected by this attack. These are merely 50 schools that were found to have unauthorized pages with a single search. If you are the administrator or webmaster for a dot-edu or dot-gov domain, you should ensure your domain does not contain unauthorized pages.

  • Beacon University
  • Harvard University
  • McNeese University
  • Northeastern Illinois University
  • Cornell University
  • Georgia Tech
  • The Browning School
  • Valparaiso University
  • Los Rios Community College District
  • East Central University of Oklahoma
  • Rutgers University
  • Yale University
  • University of Texas Medial Branch
  • Stony Brook University
  • Saint Xavier University
  • Hardin Simmons University
  • Arizona State University
  • Stanford University
  • Austin Independent School District
  • Smith College of Massachusetts
  • Highpoint University
  • Rensselaer Polytechnic Institute
  • Catholic Theological Union
  • University of Washington
  • Westminster Theological Seminary
  • Lake Forest College in Chicago
  • Southeastern Louisiana University
  • American Samoa Community College
  • Columbia College of Chicago
  • University of Arkansas Fort Smith
  • UC San Diego
  • University of Scranton
  • Piedmont Technical College
  • Assumption University of Thailand
  • Chemeketa Community College
  • Information Sciences Institute at the University of Southern California
  • University of Tennessee Martin
  • The City University of New York
  • Milwaukee Institute of Art & Design
  • Instituto Guatemalteco Americano
  • The University of Utah
  • Juniata College
  • Ohio State
  • California State Christian University
  • Sharif University of Technology
  • The University of North Carolina at Chapel Hill
  • Brigham Young University
  • The University of Arkansas
  • The University of Virginia

Other recent posts by bryanh