Ohio University Compromised for Over a Year!

Use Netsparker


A year? A whole year? A few days I can take, but surely if an Admin doesn’t know what’s going with his machines for a year….compromised for a year, there is something wrong.

An unprecedented string of electronic intrusions has prompted Ohio University to place at least one technician on paid administrative leave and begin a sweeping reorganization of the university’s computer services department.

Bill Sams, Ohio University’s chief information officer, said he initiated the reorganization on Friday. The Athens, Ohio-based university is reacting to recent discoveries that data thieves compromised at least three campus computer servers.

In a disclosure that hasn’t been widely reported, one of the compromised servers, which held Social Security numbers belonging to 137,000 people, was penetrated by U.S. and overseas-based hackers for at least a year and possibly much longer, Sams said in a phone interview Sunday with CNET News.com.

Pretty bad right? Universities should be on high alert after the previous incidents..

At least one security expert was astonished that a compromise could go undetected for so long.

“That’s unbelievable,” said Avivah Litan, security analyst with research firm Gartner. “I have never heard of that much of a delay. Why would it take a year to discover this? It doesn’t make any sense.”

What’s also alarming to Litan is that a year-long compromise could go undetected at a time when universities should be operating on high alert. Over the past year, numerous media reports have chronicled security breaches at such schools as Notre Dame, Purdue and Georgetown universities.

It is a problem for universities though, they usually have budgets problems and have to make do with Open Source solutions (which is fine if you have skilled people), setup by untrained people, who learn on the fly.

Then they have underpaid, overworked sys-admins, what do they expect? Plus it’s an educational facility, so they have to keep the knowledge free.

Pretty tough situation.

Ohio got screwed this time though, and it got out into the public domain.

The culprits who broke into the other two servers made off with health records belonging to students treated at the university’s health center, as well as Social Security numbers of an additional 60,000 people.

“We had a failure of both policies and procedures,” Sams said. Asked why, when so many schools were succumbing to computer attacks, Ohio University wasn’t quicker to order a security audit, Sams replied: “Should we have? Yes. Did we? No.”

Let’s hope the others learn some lessons.

Source: News.com

Posted in: Hacking News

, ,


Latest Posts:


Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.


Comments are closed.