An anonymous cyber group operating under the name Team Ghostshell has taken responsibility for hacking into the servers of 100 universities across the world on Oct. 1, including McMaster University and University of British Columbia (UBC), and releasing 120,000 files in total.
Both of the affected Canadian universities saw four of their servers breached as part of the attack, however none of the released information was overly confidential, according to university officials.
Much of the information released at UBC was fairly inconsequential, according to Randy Schmidt, the university’s acting director of communications.
“Our IT and privacy staff fortunately determined that the risk of confidential, personal information [being exposed] was quite low in this case,” he said.
Hackers were able to access files belonging to the Museum of Anthropology, Thunderbird Athletics, and the Faculty of Arts at UBC.
“The information accessed was the account information for administrative blogs that provided community information. It was schedules for rink time and public exhibit at the museum.”
The only concerning part of the incident involved an arts faculty server accessed by the hackers, containing the usernames and logins of 90 students in a linguistics course.
Schmidt said these students have been notified and asked to change their passwords.
Schmidt said due to old web application programming, the hackers were able to breach these particular servers, since they were vulnerable.
“I talked to our IT staff and we had no sense of why or how we were targeted in particular or [whether] they were looking for specific information,” he said.
“This is something we take seriously. At UBC we have very strict security measures around our central information systems. We have a program of security for all the departments and units that run their own servers.”
At McMaster, security breaches occurred in servers at the Brockhouse Institute for Materials Research, the Origins Institute, the Canadian Centre for Electron Microscopy, and the Department of Mathematics and Statistics.
“The information that was copied was mainly old, out-of-date information that is publicly available,” said Gord Arbeau, McMaster’s director of public and community relations.
“It did not contain any confidential or financial information,” he said.
Arbeau noted that no credit card information, usernames or passwords were copied by the hackers.
“Most of it was sort of random pieces of information from four of these servers that are separate from each other,” he said.
“There was no interconnectivity between the information that was copied. There was some very limited disclosure of information including some dates that degrees were awarded.”
Arbeau has notified the Ontario Privacy Commissioner of the incident, but for now says no further action is required.
“Certainly we take any kind of incident like this seriously and it’s caused us to take another look at our protocols and standards,” he said.
“Those are always being fine tuned and updated as a matter of course.”
Other targeted universities included John Hopkins, Cambridge, Harvard, and Princeton universities.
The hackers, who dubbed their work as ProjectWestWind, said in an online post that their efforts were aimed at exposing flaws that exist within today’s post-secondary education system.
“We have set out to raise awareness towards the changes made in today’s education, how new laws imposed by politicians affect us, our economy and overall, our way of life,” the group stated.
“How far we have ventured from learning valuable skills that would normally help us be prepared in life, to just, simply memorizing large chunks of text in exchange for good grades,” the group stated.
“How our very own traditions are heard less and less, losing touch with who we truly are,” the post continued.
“Slowly casting the identities, that our ancestors fought to protect, into exile.”