News Harvard database shared via BitTorrent

http://www.bit-tech.net/news/2008/03/14/harvard_database_shared_via_bittorrent/1

A cracker has downloaded a series of databases containing personal information on Harvard University applicants and made the files available to all via BitTorrent.

 

The point he is making is inherently flawed. If someone wants data, they can and will take data. Now to do this for a bunch of idiots that take social's and ruin peoples credit, well thats just wrong. He proved a point alright, he for sure didn't apply to Harvard I guess that narrows the list of suspects.

 

the point he made has interesting. If he noticed that there was a weakness in the website sercurity surely an email to the admin would have been better, made attaching a list of file names so they dont think your joking.

he definatly went about it the wrong way thats all i can say! and you dont torrent peoples personal infomation like that, 1000's of students are now living a paranoid life waiting for the cerdit cards to suddenly max out due to fraud.

 

He could have done them a favour and illustrated to them the inherent security flaws in their system, thereby gain credit for himself and helping out a bunch of people. He could have emailed the web admin with PoC code and examples showing how easy it was, etc. At worse, he could have 'added' a few fake but obvious records to let the security people know he had cracked it.

He didn't have to jeopardise the personal data of thousands of people to prove it. He's not smart -- he's just an idiot.

 

it's pretty clear that there seems to be an ulterior motive. The hack is one thing, to then release highly sensitive details of 10,000 people is malicious.

 

I spy a personal grudge. He's an idiot to drag thousands of other people into it, tbh - now everyone hates the hacker, instead of hating the admin. He'd have been better off sending all the info to the admin's boss, if he really wanted to cause trouble for him.

 

Guy probably got booted out of Harvard lol

 

Not so good

 

Depends on hos motivations. He's going to generate negative publicity for Harvard and specifically the IT department with this. If his goal was to hurt the uni's reputation in the media he has succeeded.

And a minor point, he's undoubtably an ass, but I don't think he's an idiot.

 

i hate people like these, its good that he found the flaw, but he should have just emailed the admins or contacted harvard itself, but exposing all the data of innocent people?

 

this guy's actions are downright shameful.

being an LPT (licensed penetration tester) and a CISSP, I think the # of laws he's broken are somewhere in the neighborhood of 40-50 depending on his location, I'd estimate the jail sentence he's likely to get if caught and charged with the offenses would be somewhere in the neighborhood of 30 years minimum mandatory.

 

Of course his follow through was the wrong method, did it ever occur to any of you that he DID contact the Admin?

who knows maybe the admin gave him a royal "**** you, my servers are secure"
(there are server/network admins that are arrogant enough to think the stuff they do is 100% secure all the time)

of course sharing all the info wasn't the right method, but why does harvard have this type of data in a SQL database unencrypted?
AND WHY ARE THEY USING JOOMLA?
(WTF)

 

Hey thumbs up to bit-tech for sharing the file names with the world

 

Albeit sounding a little harsh,, I would think this is probably what happened. Contacting the council for the college would have been a more appropriate action. While trying to make a tough example of the Sys Admin is one thing, I would think this person is in for a rough ride if caught.