Two Sydney universities get hacked

2

access-granted-hacked

blog It hasn’t been a good few weeks for university IT security in Australia. The first story in this vein that caught our eye this week was the news that an anonymous hacker has broken into the University of Western Sydney’s email servers in order to spam students and staff protesting the university’s recent decision to buy all first year students and staff Apple iPads. The Register reports (we recommend you click here for the full article):

“Email servers at the University of Western Sydney, which last year announced it would hand iPads to all staff and over 10,000 incoming students, have been hacked by someone using the name ‘Anonymous’.”

In a second story, which broke almost simultaneously, the Sydney Morning Herald brings us the story of a similar break-in at the University of New SOuth Wales. The publication reports (again, we recommend you click here for the full article):

“The University of NSW has been the target of a “concerted effort” to hack its systems in December and January forcing the shutdown of 25 of its servers, a spokesman confirmed.”

We can’t say that the news of these IT break-ins comes as that much of a surprise. When your writer was at university in Sydney a decade ago it was pretty well-known that the campus systems were often inadvertently left pretty wide open to whoever wanted to break into them. At that stage, many universities also had very little in the way of centralised IT infrastructure, with each faculty and department often being responsible for their own IT systems.

While much of this has been cleared up — especially at UNSW, which established a central office of the chief information officer — I am sure quite a bit of this philosophy still remains and bedevils university attempts to maintain IT security. Academics are hard to keep in line at the best of times and tend to do what they want to … and when you have tens of thousands of students on each campus, many of them with elite IT skills in their own right, it’s very hard to keep a lid on things.

My guess is that these kinds of articles about break-ins represent only the tip of the iceberg — and that for every university IT hack that gets reported, dozens more go under the radar.

2 COMMENTS

  1. When I was at Sydney University over 25 years ago the computer science department had what was called a “cretin flag” on troublesome student’s UNIX accounts. If you got caught doing something you shouldn’t you received a cretin flag which on the one hand allowed you all sorts of privileges that common students didn’t get but on the other hand exhaustively logged everything you did so the department could keep tabs on you.

  2. I’m not sure if this (UWS spam incident) was really a hack, or IT staff setting up and publishing an all staff/student email alias for planned work (uws-it_outgoing-alert@lists.uws.edu.au) that was unmoderated.

Comments are closed.