Universities hacked, data dumped by @MarxistAttorney (Update4)
There’s someone else I need to follow, as he/they seems to be hacking a number of universities and colleges.
In a post on Pastebin yesterday, @MarxistAttorney (web site) claimed a number of hacks, including,
California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, and Abertay University.
For each entity, there is a data dump for proof of claim; other data dumps are linked from his web site. DataBreaches.net is not linking to the individual data dumps, but has reached out to each of the universities mentioned above to ask them if they will confirm or deny that they have been hacked and that those are their data. The University of Kentucky has already acknowledged our inquiry and states that they are investigating the claimed hack.
This post will be updated as more information or responses become available, but in a quick attempt to verify the claims, DataBreaches.net found that one of the data dumps that had been labeled California State University had originally been posted elsewhere as a hack of the San Diego Zoo with attribution to “Paw Security(@PawSecReturns) #Op4Pawz.”
Google searches of strings in some other dumps did not locate any duplicates or previous postings.
Does “Attorney” have a gripe against U. of Maryland that contributed to it being targeted? Perhaps, as this tweet suggests:
— Carbonic (@teamcarbonic) December 10, 2014
Attorney has not yet responded to an inquiry sent by this site asking him why he is targeting universities in general and these universities in particular.
Update: In response to this site’s inquiry, “Attorney” emailed the following statement and posted a copy of it on Pastebin:
Greetz to @TeamCarbonic.
In response to this – http://www.databreaches.net/universities-hacked-data-dumped-by-marxistattorney/?utm_medium=twitter&utm_campaign=fk7h35y573m&utm_source=twitterfeed
I targeted universities for the sole pleasure of the “lulz” that came out of this. It is true, I have thousands upon thousands of logins, employee ids, and various other sensitive information regarding the universities. What I intend to do with this data is publicize it to undermine the idiots at the IT Team.
Apart from an initial response from U. of Kentucky saying that they were looking into things, DataBreaches.net has received no responses yet to the inquiries it sent to the universities asking them to confirm or deny they were hacked.
This might be a good time to remind everyone that no federal agency has really taken any point or serious interest in investigating data breaches in the education sector. The FTC claims it does not have authority over non-profits under Section 5 of the FTC Act. They have not responded substantively to this blogger’s analysis and EPIC’s analysis that the FTC does have authority under the Safeguards Rule if financial information is involved.
Update 2: A spokesperson for Abertay University responded to the inquiries from DataBreaches.net with the following statement:
The data to which you refer appears to have been hacked from a satellite site – www.daretobedigital.co.uk – which was set up to promote an annual computer games design competition which we run. While it carries the University’s branding, it is separate from the University’s main site – www.abertay.ac.uk – and is hosted on commercial servers, not the
University’s own servers. We are investigating the hack in conjunction with the commercial hosting company.
Update 3: On January 8, four days after notification, the U. of Maryland responded: “We take these matters seriously and are investigating the matter.
Update 4: This post did not mention Fordham University as an entity hacked by @MarxistAttorney, yet a representative from Fordham U. submitted a statement from the university in the Comments section below, presumably because #TeamCarbonic’s listing of universities on their web site includes Fordham.