Hackers breach a Johns Hopkins University server and upload student information when uni doesn’t respond to extortion demands
Scott Dance reports:
Names and contact information of as many as 1,300 current and former Johns Hopkins University biomedical engineering students were posted online Thursday, stolen by someone claiming to be part of the hacker group known as Anonymous.
The server that was breached did not contain Social Security or credit card numbers, or any other data that would make identity theft a concern, university spokesman Dennis O’Shea said.
The hacker was attempting to extort the university for further access to its servers, threatening to post the information online unless officials handed over server passwords, O’Shea said. The university did not comply, he said.
Read more on Baltimore Sun.
Note: I am not linking to the data dump, which may have been removed already, but a message posted online yesterday says:
Anonymous here doing nothing but being complete dicks and trolling hundreds of innocent people. You see, recently, we hacked into the “secure” databases of John Hopkins University and acquired roughly 103MB of raw text data detailing the layout and content of their SQL “infrastructure”. Normally, this information probably wouldn’t be released, but as we’re about to explain, John Hopkins University deserves it.
We sent a series of emails to the personal email accounts of staff working at the University, including their personal telephone numbers in the subject line in the hopes that they would be tempted to read what was inside. In these emails, we essentially told them to give us access to their computer network or else we would leak their SQL databases to the masses. In reality, we had no intention to extort such access out of this university, we were merely trying to scare the shit out of them.
In these emails, the staff at John Hopkins University was given 24 hours to comply with our false demands or consequences would never be the same. And since none of these fucktards took a moment out of their day to respond to Anonymous, we decided we should fuck them.
In this release, you will find the personal details — phone numbers, names, email addresses and occupations of dozens of staff members of the Biomedical Engineering branch of John Hopkins University. You will also find, further down in the release, the same details on hundreds of students at the university whose only crime was putting their trust in a system which left their information open to a simple vulnerability in an ivy league school…
Yes. An Ivy League School left their databases open to literally one of the most simple web application vulnerabilities you can find. If that isn’t reason enough to smack the shit out of them, we don’t know what is. Perhaps next time, such institutions will think twice before resorting to total retardery when constructing their websites.
For those of you who think this is harsh and uncalled for — we say, “good.” Anonymous doesn’t fuck around. We gave you our demands, John Hopkins, you didn’t reply, and now you are being taught a lesson. In addition, when we told the staff members of JHU that we had all their data and all their base, we explained that this would be entirely their fault if they did not comply.
So… You want someone to blame for what has just happened here? Blame it on Lawrence Schramm. His phone number is: 410-XXX-XXXX. [redacted by DataBreaches.net]
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us — Always.
And no, despite what the hackers claim, Johns Hopkins University is not an Ivy League school. And it’s Johns Hopkins, not John Hopkins.
And rather than making the university look bad, the hackers have actually made them look good for not giving in to their demands.