Online hackers are everywhere, even on university websites.
Photo: Thinkstock

In an attack that took advantage of security holes, hackers have planted unauthorized pages inside university servers. None of the schools knew of the pages’ existence. These pages were planted with the intent of making the hackers money, though it appears no personal information was compromised.

Hacker pages hosted on university sites

To create these unauthorized pages, these hackers exploited security holes in departmental and student websites and used upload functionality. For-profit web sites are the intended “target” of the links on these unauthorized pages. The links on these college sites are helping the hackers improve their search engine rankings while creating the appearance that the university is endorsing their pages. From conversations with webmasters and information technology departments of universities around the country, it seems that these web sites have flown almost entirely under the radar. Universities were already removing the unauthorized pages as of 3 p.m. Wednesday afternoon.

Ohio business Street Smarts linked to hacked pages

The business Street Smarts is the registered owner of the domain names belonging to the redirected web sites and unauthorized pages. When called for remark, the phone number listed on the site registration was apparently a “wrong number.” Shortly after the calls were made, the sites appeared to have been taken offline. There was a similar hack of government and educational websites in 2008. In the 2008 attack, rather than loading websites onto dot-gov and dot-edu websites, hackers used JavaScript to redirect those pages to latest-mortgages-rates.com, creditloansrates.com and myhome-loan-expert.com. There is an out-of-service Texas phone number listed on the hacked educational web sites. The same phone number is also used on hundreds of sites with the JavaScript redirect posted in 2008. The HTML, Java and CSS code on both the redirected and unauthorized websites are almost exactly identical. So most likely the exact same business may have perpetrated both attacks.

Personal details of students at risk

The hacking attack takes advantage of the good name of schools when making money off phony information. Thankfully, it doesn’t appear the security holes that allowed these Web sites to be posted allowed any data out. Hackers could get info into the Web sites, however they couldn’t get any out — as it seems. If security holes like this aren’t fixed, though, they can later be used to gain access to sensitive information like social security numbers. Since higher education is happening online more and more, security holes like this have to be closed as quickly as possible.

The danger of security exploits

Website visitors could put their personal data at risk from security breaches like this, without them ever knowing. On first glance, these hacker-created sites appear to belong on the dot-edu servers. But visitors who go to these sites and enter personal data could most likely be opening themselves up to identity theft and fraud.

The university websites affected

This is not a complete listing of educational institutions affected by this attack. This is only the first 50 schools that appeared in a search for unauthorized pages. If you are the administrator or webmaster for a dot-edu or dot-gov domain, you need to ensure your domain does not contain unauthorized pages.

Post By bryanh (1,420 Posts)

Connect

Do you have a fantastic idea related to this article, but just don't have the money you need to start your own company or side-business? Get the loans you need from https://personalmoneynetwork.com to help get your new company underway, from the small loan professionals at PersonalMoneyNetwork.

Sources

Share this article

PG&E to pay $70 million for pipeline tragedy

PG&E to pay $70 million for pipeline tragedy

Pacific Gas and Electric Co., a northern California utility, has agreed to pay $70 million to the California town of San Bruno for a pipeline explosion that killed eight people in 2010. Company says it’s remorseful The San Francisco-based power company’s president, Chris Johns, released a statement Monday, saying PG&E is sorry and eager to […]

Judge stabbed and deputy shot in Washington courthouse

Grays Harbor County Courthouse

Following a standoff in a Washington state county courtroom Friday, a man reportedly escaped after shooting a sheriff’s deputy in the shoulder and stabbing a judge in the neck. The man is still at large. Treachery among the tree farms The incident occurred Friday afternoon in the western Washington town of Montesano, which bills itself […]

Microraptor was one flashy little dinosaur

Microraptor fossil

A team of Chinese and American scientists have found that Microraptor, a small four winged dinosaur that went extinct about 130 million years ago, was likely black and almost certainly had glossy, iridescent feathers. Until now, the coloring of extinct creatures was a matter of pure speculation. That may no longer be the case. The […]

Autocorrected message leads to school lockdown

Homage to the Sun

Adjacent schools in Georgia were locked down for two hours Wednesday after a text message reportedly warned of a “gunman” on campus. Later, it was learned that the message was the result of a smartphone autocorrect function, attempting to “fix” the misspelled slang word “gunna.” A series of mixups A series of mixups led to […]