Stanford University is warning everyone who uses its information technology computer network to change their passwords while it investigates an “apparent breach” of security by a hacker who might have downloaded an entire database of information.
Or not.
Stanford Chief Financial Officer Randall Livingston warned that “the school does not yet know the scope of the intrusion,” but the hacker taking credit for the invasion, “Ag3nt47,” tweeted a claim to have downloaded the whole database. If true, health information, personal financial information and Social Security numbers could be compromised.
The attack was reported on Wednesday, and so far no material has been posted that would indicate what, if any, material was downloaded. A hacker using the same handle claimed credit in May for invading the websites of Stanford, Harvard University and the Massachusetts Institute of Technology. Personal information of staff and students from all three schools was posted online at the time.
The website Blipwars published what it said was an exclusive interview with Ag3nt47 after the May attacks. The hacker took credit for also breaching security at Rutgers, NASA, Mazda, Suzuki and Isuzu. “I targeted these sites for one reason, that reason being they are big name sites,” he wrote. “These sites should be very secure. Yet, they are not. . . . The school should worry more about the students safety instead of draining their pockets dry.”
The Stanford cyberattack is the latest in a series of assaults on research universities, most of which are thought to be from China. The New York Times says there are millions of hacking attempts weekly. “The attacks are increasing exponentially, and so is the sophistication, and I think it’s outpaced our ability to respond,” Rodney J. Petersen, head of the cybersecurity program at Educause, told the Times. Educause is a nonprofit alliance of schools and technology companies.
For now, Stanford officials aren’t sure what the scope of the breach is because only a tiny bit of information has surfaced. Billy Gallagher at TechCrunch said the material posted so far was scraped from the Stanford Institute for Computational and Mathematical Engineering website and was already publicly available.
–Ken Broder
To Learn More:
Investigating Apparent IT breach, Stanford Urges Users to Update Passwords (Stanford University)
Stanford University Is Investigating an Apparent Security Breach, Urges Community to Reset Passwords (by Billy Gallagher, TechCrunch)
Stanford University Computers Breached (by Seth Fitzgerald, NewsFactor)
Stanford Network Breached; Hacker Reportedly Claims Responsibility (by Joseph Serna, Los Angeles Times)
Universities Face a Rising Barrage of Cyberattacks (by Richard Pérez-Peña, New York Times)