You are viewing this article in the AnnArbor.com archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see MLive.com/ann-arbor
Posted on Wed, Oct 3, 2012 : 3:15 p.m.

University of Michigan servers hacked as part of political statement on higher education

By Kellie Woodhouse

A group of anonymous hackers from around the world found an unorthodox way to express frustration with rising tuition and "raise awareness" of perceived problems in higher education.

The hackers didn't rally around college funding, or pen protest signs about tuition increases.

Instead, they hacked the severs of hundreds of the worlds very best universities.

Saying they wanted to increase awareness about pressing higher education issues, the anonymous hackers this week infiltrated three University of Michigan servers and publicly leaked the raided information.

Military Cyberdefense_Wood.jpg

AP photo

No personal data was compromised, U-M officials said.

The group, Team Ghostshell, is part of growing number of anonymous hackers dubbed "hactivists" who expose information, often sensitive in nature, to make a political statement.

In this case, on Oct. 1 Team Ghostshell hacked three U-M servers and four Michigan State University servers as a part of an effort to leak 120,000 records from the top 100 universities in the world.

The four MSU servers appeared to be hacked accidentally, with Team Ghostshell thinking they belonged to U-M.

Servers at Princeton, Harvard, Cambridge and universities in Moscow, Rome and Tokyo were also raided.

The group hacked the systems in order to raise "awareness towards the changes made in today's education," including the rising costs of tuition and legislation dealing with higher education, according to a statement.

The hacking comes after high-profile breaches of the Pentagon and CIA by the unidentified group Anonymous.

"Groups like Anonymous and Ghostshell are not necessarily doing these things for personal profit," said Paul Howell, chief information technology officer at U-M. "Rather these are groups that tend to be doing these sorts of crimes more or less to make political statements."

At U-M, servers containing information about library and maintenance programs were hacked, along with a student government website that contained usernames, which were released publicly by the leak. However U-M student usernames are already available through the school's online directory.

"They were just names, no hashed passwords or anything," Howell said. "There were some hashed data, (but) nothing was sensitive."

Some passwords and sensitive information from other universities were leaked —and the group made a veiled threat to expose credit card information it presumed to have access to— but Howell said "the claims that the group made were a bit exaggerated in terms of damage."

"We tried to keep the leaked information to a minimum," a Ghostshell member wrote in the statement, "so just around 120,000-plus accounts and records are here, leaving in their servers hundreds of thousands more."

U-M servers repel hundreds of automated hacking attempts a day. The servers also experience attempted breaches by individuals looking to misuse personal information and credit card numbers for profit. Between 2007 and 2011, the school reported one wide-scale electronic breach of sensitive information. In July 2007 university databases were hacked and names, addresses, Social Security numbers and birthdates of students were exposed.

Hackers that hack for the sake of making a political statement remain relatively rare, but are growing in number.

"That has been noted as on the increase," Howell said.

And while apparently no sensitive U-M information was released by Ghostshell, the breach nonetheless provides an opportunity for U-M to further secure its online data.

"It's something that we all appreciate and try to defend against," Howell said. "We're taking a closer look to see exactly how the data was copied out."

Kellie Woodhouse covers higher education for AnnArbor.com. Reach her at kelliewoodhouse@annarbor.com or 734-623-4602 and follow her on twitter.

Comments

Matthew Cohen

Fri, Oct 5, 2012 : 2:17 a.m.

Universities have traditionally had a very open attitude towards information. They also have a ton of personal data and their security departments are understaffed. All of that makes them a prime target for hackers. A friend of mine had his personal information stolen twice in the same year from different schools. Matthew Cohen www.ntobjectives.com

Richard Carter

Thu, Oct 4, 2012 : 4:02 p.m.

Just like out-of-staters... mixing up U of M and MSU.

T.P.

Thu, Oct 4, 2012 : 1:32 p.m.

Correct spellings of: 'servers' and 'breach' (breech is something else entirely related to childbirth). - Your town's daily tech blogger

Mickey

Thu, Oct 4, 2012 : 12:53 p.m.

The irony in this "protest" is interesting. I work in higher education information technology, and one of the things (certainly not the only one) that is driving higher education costs up is the amount of technology security we have to put in place to protect against exactly these kinds of ridiculous and pointless acts. Ever-increasing demands for additional technology is also a big cost for higher education and education in general.

1bit

Thu, Oct 4, 2012 : 10 a.m.

Interesting story, Kellie. You've got a couple typos to fix, though, as it is "servers" not "severs".

alan

Thu, Oct 4, 2012 : 12:41 a.m.

I don't see the "political protest" connection.

Jaime Magiera

Thu, Oct 4, 2012 : 4:11 a.m.

Well, they made a statement in connection with the hacks. Of course, it doesn't really raise awareness in terms of finding solutions or provide solutions it itself. That's the overall flaw of anonymous, lulzsec and antisec in general. They are very misguided on what actually creates changes and improvements in society.

Joe Hood

Thu, Oct 4, 2012 : 12:21 a.m.

How come the story wasn't framed into one of those "Ann Arbor Best Place" stories that seem popular? Our university is so good it made the cracker world's top 10. I'm guessing the security assessments are only preliminary in nature.

Angry Moderate

Wed, Oct 3, 2012 : 10:16 p.m.

What a bizarre form of protest. Try writing a letter to your Congressman about changing our ridiculous student loan policies that enable schools to drive up tuition costs.

Lisa

Wed, Oct 3, 2012 : 11:46 p.m.

And why did they need to "raise awareness" of an issue nearly everyone is painfully aware of?

Soulful Adrenaline

Wed, Oct 3, 2012 : 10:50 p.m.

LOL, um yeah.

xmo

Wed, Oct 3, 2012 : 8:01 p.m.

See hackers like MSU, they don't like Michigan! "The four MSU servers appeared to be hacked accidentally, with Team Ghostshell thinking they belonged to U-M."

Lisa

Wed, Oct 3, 2012 : 7:51 p.m.

"Look at me mommy! Look at me!" Instead of just showing off, why don't these people do something that would make the world a better place.