For the first time, UBC may not be happy to be on the same list as Harvard and Cambridge.
Four of UBC’s servers were hacked on October 1 as part of an attack by the hacker group Team Ghost Shell, which released 120,000 files from 100 universities across the world.
Randy Schmidt, associate director of UBC Public Affairs, said the four UBC servers that were hacked had lower security measures, making them more vulnerable than other servers on campus.
Hackers released files from servers for the Museum of Anthropology, Thunderbird Athletics and the Faculty of Arts. According to Schmidt, most of the files did not contain any sensitive information.
The majority of the files were usernames for UBC blogs, with the passwords redacted. However, the server within the Faculty of Arts contained usernames and logins for a linguistics course. Schmidt said all the students affected have been asked to change their passwords.
“The most concerning piece for us was the server that had to do with the linguistics course, and so I understand that full or partial names of 90 students were part of that, along with usernames and passcodes to the course accounts,” said Schmidt. “All the other information seems relatively innocuous.”
Schmidt said there are thousands of servers on campus and he couldn’t confirm how many were set up in the same way as the ones that were hacked.
“What I was told was that the similarity seems to be the common coding problem for those servers, so I’m not sure if they were targeted or not,” said Schmidt. “It’s a big campus, so I’m not quite sure if there would be others that are coded that way.”
Schmidt said that people have tried to hack into UBC’s servers before, but the details are confidential.
“Due to its size and resource intensiveness, UBC is frequently a target for attacks,” said Schmidt. “For security reasons, we do not discuss the incidents.”
However, Schmidt said that UBC uses higher security measures for servers that contain more sensitive information.
Schmidt said UBC IT repaired the hacked servers shortly after they were accessed.
“All four servers were secured soon after learning of the leaks. The servers that have been brought back online have been secured. One server will remain down, as it will be retired instead of being returned to service. Impact on the services provided is very low,” said Schmidt.
The hacking team referred to their efforts as Project West Wind, which targeted over 100 universities. They said their goal was to draw attention to the flawed post-secondary education system. Team Ghost Shell is associated with the group Anonymous, which has hacked numerous government websites.
UBC IT was unavailable for comment before press time.
CLARIFICATION: The article states that ‘UBC blogs’ were a victim of the hacks. This does not include the UBC Blogs network, which is protected by the Campus Wide Login system. The blogs in question used a WordPress backend.