McMaster University’s servers' security breached in hacktivist protest

In retaliation to perceived decline of post secondary education and inflation of tuition rates, a team of anonymous hackers has directed their animosity at the top educational institutions across the globe, including McMaster.

McMaster was one of 100 universities worldwide whose servers were compromised last week in a mass scale hacking scandal known informally as “ProjectWestWind.”

Four McMaster servers were hacked into, along with more than 120,000 computer accounts and over 35,000 e-mail addresses from other universities, including Harvard University, New York University and Tokyo University. Secure information has leaked onto approximately 120 cyberlockers and mirror sites splashed across the Internet.

McMaster University Technology Services reported security breaches pertaining to The Canadian Centre for Electron Microscopy, Brockhouse Institute for Materials Research, the Origins Institute, and the Department of Mathematics and Statistics.

According to an update by the Office of Public Relations, most files that were accessed contained information that is “older and, in most cases, publically available.” No credit card information, user names or passwords were disclosed, but information such as degree dates were.

The information that has been acquired from these departments following the security breach has been leaked to a vast number of publically accessible large scale “data dumps” online.

“No sensitive information was pulled from our server: only the data from the database tables … only public information was exposed,” said the McMaster Department of Mathematics and Statistics on their website.  The site has been progressively disabling parts of their website in attempts to fully secure all student information from future attacks.

The hackers allegedly have access to high security information from a number of other universities, including stolen student and faculty passwords, student IDs and other personal student documentation, hundreds of thousands of secure records and university credit card information.

The group responsible for the high security breach is infamously known as Team GhostShell, a “hacktivist” group black listed for their notorious wide scale security hackings aimed at protesting social and political issues.

The group gained notoriety and public exposure after executing “Project Hellfire” last August which allegedly exposed millions of secure records and accounts from high profile companies and agencies including breaches to the Pentagon, the CIA and numerous banks.

The hacktivist group reportedly works in collaboration with the infamous group identified as “Anonymous” a larger hacktivist group known for high profile government website hackings, such as the one in April against surveillance policies, and hackings in support of the Wall Street Occupy Protest.

On a post released earlier this month by Team GhostShell, the hackers announced that the global scale university security breach was in direct protest to the increasing inflation of post-secondary tuition rates and the dramatic decline in education quality seen in higher education systems around the world.

Aaron Titus, Chief Privacy Officer for Identity Finder, an Internet security firm responsible for looking into the mass scale hackings, stated in a news release that “Based upon casual sampling of time stamps in the data set, it appears that the hackers spent at least four months aggregating the information prior to the release.”

Of the 120,000 student and faculty accounts breached, Identity Finder has reportedly only confirmed approximately 40,000 exposed accounts.

McMaster’s Technology Services Department has proceeded with system-wide scans and implementation of preventative mechanisms to ward off future hackings aimed at the University’s servers.

Not only did the hackings draw attention to the lapse in overall university security across the board, but the group also stated that malicious malware had been plaguing a vast amount of the servers prior to their executed security infiltration, further calling into question the extent to which student information is secured

The breach posed a strong warning to the universities whose security was compromised regarding the states of their networks.