University of Michigan servers hacked as part of political statement on higher education

By Kellie Woodhouse Higher education reporter

Posted on Wed, Oct 3, 2012 : 3:15 p.m.

A group of anonymous hackers from around the world found an unorthodox way to express frustration with rising tuition and "raise awareness" of perceived problems in higher education.

The hackers didn't rally around college funding, or pen protest signs about tuition increases.

Instead, they hacked the severs of hundreds of the worlds very best universities.

Saying they wanted to increase awareness about pressing higher education issues, the anonymous hackers this week infiltrated three University of Michigan servers and publicly leaked the raided information.

AP photo

No personal data was compromised, U-M officials said.

The group, Team Ghostshell, is part of growing number of anonymous hackers dubbed "hactivists" who expose information, often sensitive in nature, to make a political statement.

In this case, on Oct. 1 Team Ghostshell hacked three U-M servers and four Michigan State University servers as a part of an effort to leak 120,000 records from the top 100 universities in the world.

The four MSU servers appeared to be hacked accidentally, with Team Ghostshell thinking they belonged to U-M.

Servers at Princeton, Harvard, Cambridge and universities in Moscow, Rome and Tokyo were also raided.

The group hacked the systems in order to raise "awareness towards the changes made in today's education," including the rising costs of tuition and legislation dealing with higher education, according to a statement.

The hacking comes after high-profile breaches of the Pentagon and CIA by the unidentified group Anonymous.

"Groups like Anonymous and Ghostshell are not necessarily doing these things for personal profit," said Paul Howell, chief information technology officer at U-M. "Rather these are groups that tend to be doing these sorts of crimes more or less to make political statements."

At U-M, servers containing information about library and maintenance programs were hacked, along with a student government website that contained usernames, which were released publicly by the leak. However U-M student usernames are already available through the school's online directory.

"They were just names, no hashed passwords or anything," Howell said. "There were some hashed data, (but) nothing was sensitive."

Some passwords and sensitive information from other universities were leaked —and the group made a veiled threat to expose credit card information it presumed to have access to— but Howell said "the claims that the group made were a bit exaggerated in terms of damage."

"We tried to keep the leaked information to a minimum," a Ghostshell member wrote in the statement, "so just around 120,000-plus accounts and records are here, leaving in their servers hundreds of thousands more."

U-M servers repel hundreds of automated hacking attempts a day. The servers also experience attempted breaches by individuals looking to misuse personal information and credit card numbers for profit. Between 2007 and 2011, the school reported one wide-scale electronic breach of sensitive information. In July 2007 university databases were hacked and names, addresses, Social Security numbers and birthdates of students were exposed.

Hackers that hack for the sake of making a political statement remain relatively rare, but are growing in number.

"That has been noted as on the increase," Howell said.

And while apparently no sensitive U-M information was released by Ghostshell, the breach nonetheless provides an opportunity for U-M to further secure its online data.

"It's something that we all appreciate and try to defend against," Howell said. "We're taking a closer look to see exactly how the data was copied out."

Tags: University of Michigan,