UNB network breach shows flaws in security
The University of New Brunswick's computer network was hacked into this week but UNB staff said the breach was not for criminal purposes.
Terry Nikkel, the vice-president of technical services at the university's Fredericton campus, said someone broke into the system and stole names and email addresses of staff and some generic budget information.
UNB said in a release that some of UNB's online services may be disrupted or may not work over the next few days as technicians work out the bugs resulting from patching the breach.
Hackers' email to UNB
Hello Admin & folks @UNB,
Your site has been compromised by @Th1nkT0k3n and @TeamDigi7al. I did not take nor did I leak any of the student's sensitive information. However, your site is terribly vulnerable and I suggest you patch it ADMIN! It's your damn job! Information leaked is only to demonstrate how pathetic your security is. Also, I hope you have a great Monday Admin! Students and their parents give their hard earned money to this University and they should not have to worry about their sensitive information being leaked! Person in charge of your IT should be let go.
Hugs & Kisses, @Th1nkT0k3n @TeamDigi7al.
He said the group, calling themselves Team Dig7tal, has also claimed responsibility for internet security breaches at Harvard University and the National Film Board.
"Their claim is that they have done this kind of exploit at many other universities and other companies, so, you know, everybody from Harvard University to the National Film Board of Canada," he said.
"And they'll gain a different amount of information at each one and point out the vulnerabilities. We don't have any evidence at all that they have malicious intent."
Nikkel said a member of the university’s technical team received a message Sunday morning from Team Dig7tal.
"They had already sent out, to a small list of email addresses, a small file containing what they called samples of data that they had captured," Nikkel said.
"There was a little bit of information, email addresses that kind of thing, and those were genuine, so we took it very seriously."
Nikkel said the information was stolen from an older part of the network and the hole was quickly plugged.
"Our website is a very large environment and one of the older systems in that environment was what they used to gain access," he said.