10-04-12 | Blog Post
The University of Michigan and Michigan State University were targeted in a hack attack that included a series of top global universities – 100 of them. According to AnnArbor.com, MSU servers were accidentally hacked, as GhostShell thought they belonged to UM.
Harvard, Princeton, John Hopkins, New York University and even the University of Rome and Tokyo University were on the roster of records stolen from university databases in an SQL injection by the hacker group called GhostShell.
According to ZDNet.com, an information dump on Pastebin revealed 120,000 stolen records contained email addresses, passwords, IDs and student and faculty names. AnnArbor.com reports that UM servers containing information about library and maintenance programs were hacked, as well as a student government website revealing UM usernames. No sensitive information from UM, i.e., passwords, was released, as the UM Office of the Vice President for Global Communications revealed in a statement.
This case highlights yet another hacktivist group has targeted the universities to raise awareness of tuition fees, politics, teaching regulations and employment, as revealed in statement by the group. They also raise awareness to security – they claim that many of the databases had already contained malware, and that many were also storing credit cardholder data on their servers.
How does an SQL injection work? SQL injections can enter a website via a form – SQL queries are typed in a form and sent as an attempt to command the database to send information to the hacker. An open port in a network firewall allows Internet traffic to access university websites, but it can also leave databases vulnerable to malicious attacks.
How can you protect your organization against a similar SQL injection attack? Employing a web application firewall (WAF) can detect and prevent these type of attacks. See the diagram below:
As a physical device sitting behind your virtual or dedicated firewall, a WAF scans incoming traffic to web servers for malicious attacks that could affect the web application server. A WAF monitors traffic and uses dynamic profiling to accept normal users and traffic while filtering out potential attacks.
If the servers did contain credit cardholder data as the hacker group claims, then they should be abiding by PCI DSS, which lists a strict set of standards and technical security tools that every organization must use (if they collect, store or process credit cardholder data). And that list includes using a web application firewall (alternatives include either manual or automated code review).
Hacktivism has been popularized by the group Anonymous that has hacked numerous websites and federal organizations in effort to raise awareness on the issue of Internet regulation, as demonstrated by the bill SOPA (Stop Online Piracy Act). Read more about this in Go Daddy Suffers From Significant Outage; DNS Servers Down.
Find out more about the technical security tools you can use to protect against many different types of attacks or vulnerabilities in our Technical Security Services. No security strategy is complete without addressing Physical Security or Administrative Security.
Looking for more information on PCI hosting requirements, recommendations, and the foundation of a secure PCI compliant data center?
Download our PCI Compliant Hosting white paper now for a complete guide to PCI hosting with IT vendors.
University of Michigan Servers Hacked as Part of Political Statement on Higher Education
GhostShell Leaks 120,000 Records from Top 100 Universities
GhostShell University Hack: By the Numbers