UPDATE: University Computers Hacked
Update: the Oxford University computer network’s security has also been compromised.
11am, 31 August 2012
Both Oxford and Manchester University have also been hit by cyber attacks, as the #OpFreeAssange movement picks up pace.
The compromised Oxford server is owned by the Department of Physics, and hosts a number of development websites and sites set up for “experimental groups”, Oxford University said.
“It appears that access was gained because some directories were inadvertently enabled for searching thereby exposing a list of the existing files. Some of these files had relaxed permissions and were therefore readable,” a University of Oxford spokesperson said.
“A file or two were read, one of which had a password to a database containing publicly available scientific papers. This was the only content of the database and it held no sensitive information whatsoever. No system files or confidential materials were accessed or modified.”
The group claiming responsibility for the attack are The Wiki Boat Brazil, an associate of the Anonymous movement.
The Manchester attack was on a server which hosts a service allowing students to access the University’s computer network when not on campus.
The hacker claims not to be affiliated with the Anonymous movement.
Some of the other servers attacked by the Manchester hacker
A number of Cambridge University web resources have been hacked, with details of usernames and passwords leaked online.
A group claiming to support Julian Assange published the information with the promise that unless “the right thing” is done, more will follow.
The information includes seventeen CRSIDs of academics within the Centre for Research in the Arts, Social Sciences and Humanities, as well as administrator login details for several departments, including the Fitzwilliam Museum.
The hackers’ message.
Also targeted were the Sector of Biological and Soft Systems, the Department of Chemical Engineering and Biotechnology and the Centre for Applied Research in Educational Technologies.
Raven accounts of undergraduates appear not to have been affected at this stage.
The hackers, a network who call themselves NullCrew, have a political agenda. A message accompanying the leak reads: “There is much more where this came from, and don’t think this is the end. NullCrew, along with the whole Anonymous movement isn’t near finished with you. And we never will be, until the right thing is done with Julian Assange. Next time it will be worse, we guarantee it.”
At least one of the attacks was carried out via an SQL injection, a method which involves writing to a database through an unprotected form on a website, such as a search bar. This gives hackers control of the database, allowing them to return information stored in it or even delete it entirely.
It is not clear why Cambridge was a target. However, last month, an attack on Yale revealed over 1,200 usernames and passwords. Past attacks have also been directed at large corporations such as electronics manufacturer Asus.