A team of hackers claims to have broken into more than 120,000 computer accounts at dozens of universities to protest what it sees as the high cost and low quality of higher education.
The group, called “Team GhostShell,” claimed responsibility on Monday for the computer attacks in a post to an online bulletin board. The post listed the universities that were the group’s targets, including Harvard University and the Universities of Cambridge and Tokyo.
In an analysis of the attacks, Identity Finder, a data-protection company, found that more than 35,000 e-mail addresses, thousands of user names, and other information had been compromised.
Leaders of Team GhostShell called its latest attack “Project WestWind,” and they said the goal was to protest higher-education systems around the world. “We have set out to raise awareness towards the changes made in today’s education, how new laws imposed by politicians affect us, our economy and over all, our way of life,” the message states. “Tuition fees have spiked up so much that by the time you finish any sort of degree, you will be in more debt than you can handle and with no certainty that you will get a job.”
Most of the attacks occurred on Web sites within the universities that were created independently by faculty members or departments, said Aaron Titus, Identify Finder’s chief privacy officer. “Universities are made to facilitate the free flow of information,” he said. “Trying to rein in departments and individual professors and get them to behave in a secure manner is an ongoing security risk factor for all universities.”
The overall impact of the break-ins on universities has been minor. The team claimed that it had breached five servers at the Johns Hopkins University, but this was “a low-impact event for Johns Hopkins,” said Dennis O’Shea, a university spokesman. “Most of the leaked data was old and out of date, and the issues we are more concerned about are being addressed.”
Mr. Titus, of the data-protection company, argued that individual students whose passwords had been intercepted could be at risk for identity theft.
Team GhostShell has gained notoriety for its alleged involvement in past attacks, including “Project Hellfire,” a large-scale data breach in August that released about a million records and accounts from companies and organizations, including the CIA.
On Wednesday leaders of the group bragged about their activities on a Twitter feed. “Alright, fun’s over,” Team GhostShell tweeted. “We’re sailing back to the East and getting ready for the new project.”
For more coverage of computer-security problems stemming from the decentralized nature of many campus networks, see the following articles from The Chronicle:
- “Rounding Up ‘Rogue Servers’” (7/8/2005)
- “Insecure and Unaware” (5/7/2004)
- “‘More Holes Than a Pound of Swiss Cheese’” (9/29/2006)