As websites and web service providers all over the world are patching the huge hole left as a result of #heartbleed and their entire security apparatus is busy solving the #heartbleed problems like reset of passwords etc., this is proving a gold mine of time for hackers. The distractions caused by the #heartbleed bug has left many websites vulnerable to the standard run of the mill hacking attacks. Hackers have used this opportune moment to target atleast at least 18 U.S. universities and steal student social security numbers and other credentials according to a computer security research firm Hold Security.
Alex Holden, CTO of Hold Security said that "Somebody had access to a student account that had an entire list of employees." He gave the example of the phishing mail sent to the employees of the hospital connected with a university. As many as 17000 people received the phishing mail asking them to reset their passwords. Holden said that the scammer had got hold of the email ids of these 17000 people from a university breach where he says atleast 250,000 account details were hacked and stolen.
It's unknown how much data has been pilfered from the schools or the extent to which the schools are aware of the attacks. Up to 250,000 people could be affected, Holden said. "Hopefully, it's not payroll [data]," he said.
The hospital in question is now considering a mass reset of passwords as a solution to this phishing problem. The hospital is a client of Hold Security while Holden says that other universities have not been notified.
"We have had very bad luck with several universities as far as reaching out about breaches," Holden said. "The problem is finding within a very large, decentralized infrastructure the right person to talk to and impress on them that something is going on."
The hackers/attackers have been using standard SQL injection attacks through which the hacker tries to see if backend databases will surrender data through different types of requests. In other cases, it appears backdoors, or malicious software programs that can steal data, have somehow been installed.
Holden says that hacking university networks may not be as profitable as hacking other commerce sites but finding domains and subdomains of large companies or universities can involve a lot of manual research and guesswork. Hackers have to pay US$20 to $100 on the TOR market places to buy a list a of millions of domains, which can be attacked. Holden suspects the lists may come from insiders at registrars. The practice of aggregating domains isn't in itself illegal, he said.
What lures the hackers to university sites is the access to large numbers of young users who are mostly students. Holden says that a simple sub domain hack can give hackers access to 10,000 to 50,000 student details.
"They may not have a lot of money in their accounts but when exploited in bulk they may be as profitable as a number of people further in their careers," Holden said.