Metropolitan State U. disclosed breach, but what about other .edu targets of Abdilo?

On December 31, a self-described teenage hacker from Australia who calls himself “Abdilo” claimed to have hacked into dozens of education entities by exploiting SQLi vulnerabilities. Metropolitan State University acknowledged they were breached, but what is going on with the other educational entities that were allegedly hacked, too?

Abdilo claims that he started attacking .edu sites back in August, and by October had 80 .edu sites compromised.  He also claims to have numerous .gov, .mil, and business companies, but this post is only focusing on the education sector attacks, as we haven’t seen any public disclosure from most of them. Do they even know they were allegedly hacked?

Abdilo claims to have hacked public and private educational entities in the U.S. and elsewhere. His list, below, is edited  to only include the .edu entities he claims to have hacked, with his comments:

Here are some of the sites i messed with:
every *.k12 site is vuln to sql injection.
MetroState.edu(I broke into you cause i like 22 jump street, thanks for the 22k ssns)
MSU.edu(no reason)
cam.ac.uk(fuck steven hawkings)
liv.ac.uk(Top school my ass)
stanford.edu(some guy found a sqli in you then i found a better one… fuck you)
yale.edu(so easy)
harvard.edu(was a challange but they are dumb)
ncsu.edu(thanks for the 6k sqlis digitalganster.com loved it LOL)
arizona.edu(I sqlied you 4 times while obnoxious called you up on the phone to troll you and tell you, then we decided to fuck with you by dumping your database 4 times then asking for booty pix else we release it)
catholic.edu.au(Fuck Catholics? lol I have no reason I just did it for the hell of it)
goodnews.vic.edu.au(Badnews I has all ur records)
goodshepherd.edu.au(Why are all christian schools vuln to sqli besides liberty.edu?)
mercy.vic.edu.au(NO MERCY FOR YOU)
stpaulba.sa.edu.au(…. I have nothing funny to say lol)
stjosephsbrackenridge.qld.edu.au(Seriously another chirstian school)
gatech.edu(Nice alexa rank)
uky.edu(you are yuky)
vmi.edu(fuck you have a shit alexa rank)
miami.edu(I was watching dexter and wanted to get into your police station… this was close enough for me)
berkeley.edu(you fixed it don’t worry, twas funny having a sqli in a 1.5k alexa rank site)
case.edu(Fuck the law)
utep.edu(Your facts are really messed up ;))
wartburgseminary.edu(No idea why I attacked you lol your name is a bitch to type)
uthscsa.edu(Meh)
covenant.edu(Meh)
hws.edu(Meh)
uoregon.edu(LOL university of oregon… you mad?)
utexas.edu(Cosmo ;))
uchicago.edu(S****** ;))
rutgers.edu(Idk thought you were a news agency)
ncmc.edu(You have no alexa rank.. at all)
spst.edu(Alexa: 2,063,219…….)
sxu.edu(Nice domain, that is all)
norwalk.edu(Damn you tiny)
ufl.edu(You were worth the time and effort)
iwcc.edu(meh)
iupui.edu(meh)
cwru.edu(meh)
umbc.edu(meh)
fsu.edu(LOL U DUMB AS FUCK)
princeston.edu(LOL easy)

And that, allegedly, is just some of the .edu sites attacked. Abdilo writes:

I cannot remember the majority of edu/gov i have sqlied, i didnt keep a good enough record and one of my hdds is now… melted and destoryed.

Note that the University of Kentucky was recently mentioned on this blog in the context of a post about hacks mentioned on #TeamCarbonic’s web site by @MarxistAttorney. And although they informed this blog that they were investigating those claims, they never got back to DataBreaches.net with any statement as to whether they had found confirmation of a breach – by anyone.  Berkeley was also mentioned recently on this blog, but without exploring the data dump, it is not known to me whether this is the same hack as Abdilo claimed.

Abdilo claims that he wanted to see what would happen, and notes that despite all his attacks on .edu, .gov, and .mil, “no cops came calling.”

One would think they would.

In the interim, if anyone is aware that any of Abdilo’s other targets have subsequently acknowledged being hacked, please use the Comments section below to let me know.

About the author: Dissent

Has one comment to “Metropolitan State U. disclosed breach, but what about other .edu targets of Abdilo?”

You can leave a reply or Trackback this post.
  1. Zer0DayDan - January 19, 2015

    Abdilo appears to hail from Australia and you can follow his rants on Twitter @abdilo_.

    A reverse WHOIS lookup on the email address used to register LizardStresser (9ajjs[at]zmail[dot]ru) shows this email has been used to register a number of domains tied to cyber-crime, including sites selling stolen credit card data and access to hacked PCs.

    A more nuanced lookup at Domaintools.com using some of this information turns up additional domains tied to Abdilo, including bkcn[dot]ru and abdilo[dot]ru. Another domain that abdilo registered — http://x6b-x72-x65-x62-x73-x6f-x6e-x73-x65-x63-x75-x72-x69-x74-x79-x0[dot]com — is hexadecimal encoding for “krebsonsecurity.”

Comments are closed.