Jan 072015

Add the University of Hawaii  and Cornell University to the universities that have been hacked by @MarxistAttorney.

The U. of Hawaii data dump, which DataBreaches.net is not linking to, does not contain student or employee personal information, but in addition to acquiring the root username/password, “Attorney” also got the mac addresses, service tags, usernames and more of each and every computer/smart board in their University. The dump only contained approximately 2,000 of the 65,000 lines of data he acquired, he tells this site.

DataBreaches.net emailed U. of Hawaii to ask them to confirm or deny the breach and provided them with the vulnerable url that had reportedly been used to access their system. They promptly acknowledged the inquiry and stated they were investigating, but as of the time of this posting, have not replied with any confirmation or denial.

Long-time readers may recall that during 2009 – 2011, the University of Hawaii had a number of data breaches that resulted in a critical report from Liberty Coalition and a class action lawsuit that was settled in 2012.

Cornell University also appears to have been hacked by @MarxistAttorney. That data dump includes non-sensitive employee contact information (names, work e-mails and phone numbers), as well as what appears to be information on the university’s utilities accounts information (power, heating, gas, etc.) Cornell did not respond to an inquiry by this site as of the time of this posting.

In an interview this week, DataBreaches.net asked @MarxistAttorney about his motivation for hacking universities. While his earlier comments referred to hacking for the “lulz” and to undermine IT departments, he also notes that he hacks to protest:

I am a University student myself, and I am already knee-high in debt. You shouldn’t be forced to pay crazy high tuition fees just because you want to pursue an education and not work at some shit shack like McDonald’s. I can see myself spending half my life after graduating just paying off loans and I don’t want that for myself or anyone else. This is my way of protesting. I hope that by dumping the data of this University, and the various other ones I have done in the past, that they will consider lowering the tuition fees, or making it free to attend university, so students don’t need to suffer like me and millions of others have. Not to mention, this is a University we are talking about here, the fact that they can’t audit their own site and fix sqli vulnerabilities shows how disappointing the monkeys for IT Teams they have.

“Attorney” says that most of his hacks, like these two, exploit SQLi vulnerabilities. In the U. of Hawaii case, the vulnerability has already been patched, Attorney tells this site, but the damage was already done.

  4 Responses to “U. of Hawaii and Cornell University hacked by @MarxistAttorney”


  2. Unfortunately Mr ‘MarxistAttorney’ is not smart enough to twig that he will go to jail for this. So his student loan issue is becoming quickly irrelevant. Protest he may, but it is like urinating on a hot stone. It won’t change anything and only get you a criminal record. Well done man!

  3. “MarxistAttorney”, you do realize that it takes millions of dollars every year for a university to be able to offer you the education that enabled your attacks? Without tuition there would be no way to operate, other than receive state and federal funding which has been dramatically reduced in the wake of the financial crisis. Your attacks are mis-placed and the irony of your logic is laughable.

  4. @Not Relevant
    You’re moronic, I will never get caught.

    You realize that EDU Facilities DO NOT pay taxes. Not to mention schools get by fine with Federal & Provincial funding, not to mention the amount of donations Universities receive. Before you say something, make sure you think it through.

Sorry, the comment form is closed at this time.