Harvard database shared via BitTorrent - bit-tech.net Forums

CardJoe · 14th Mar 2008, 07:40

http://www.bit-tech.net/news/2008/03...a_bittorrent/1

A cracker has downloaded a series of databases containing personal information on Harvard University applicants and made the files available to all via BitTorrent.

1ad7 · 14th Mar 2008, 07:46

The point he is making is inherently flawed. If someone wants data, they can and will take data. Now to do this for a bunch of idiots that take social's and ruin peoples credit, well thats just wrong. He proved a point alright, he for sure didn't apply to Harvard I guess that narrows the list of suspects.

Burnout21 · 14th Mar 2008, 08:30

the point he made has interesting. If he noticed that there was a weakness in the website sercurity surely an email to the admin would have been better, made attaching a list of file names so they dont think your joking.

he definatly went about it the wrong way thats all i can say! and you dont torrent peoples personal infomation like that, 1000's of students are now living a paranoid life waiting for the cerdit cards to suddenly max out due to fraud.

mmorgue · 14th Mar 2008, 09:02

He could have done them a favour and illustrated to them the inherent security flaws in their system, thereby gain credit for himself and helping out a bunch of people. He could have emailed the web admin with PoC code and examples showing how easy it was, etc. At worse, he could have 'added' a few fake but obvious records to let the security people know he had cracked it.

He didn't have to jeopardise the personal data of thousands of people to prove it. He's not smart -- he's just an idiot.

sotu1 · 14th Mar 2008, 11:26

it's pretty clear that there seems to be an ulterior motive. The hack is one thing, to then release highly sensitive details of 10,000 people is malicious.

EmJay · 14th Mar 2008, 16:45

Quote:

the attack was carried out "to demonstrate that persons like tgatton [server administrator] [...] they don't know how to secure a website."

I spy a personal grudge. He's an idiot to drag thousands of other people into it, tbh - now everyone hates the hacker, instead of hating the admin. He'd have been better off sending all the info to the admin's boss, if he really wanted to cause trouble for him.

DarkLord7854 · 14th Mar 2008, 19:50

Guy probably got booted out of Harvard lol

Dorte · 14th Mar 2008, 20:39

Not so good

Cthippo · 14th Mar 2008, 22:55

Depends on hos motivations. He's going to generate negative publicity for Harvard and specifically the IT department with this. If his goal was to hurt the uni's reputation in the media he has succeeded.

And a minor point, he's undoubtably an ass, but I don't think he's an idiot.

dyzophoria · 15th Mar 2008, 01:25

i hate people like these, its good that he found the flaw, but he should have just emailed the admins or contacted harvard itself, but exposing all the data of innocent people?

Bluephoenix · 15th Mar 2008, 17:20

this guy's actions are downright shameful.

being an LPT (licensed penetration tester) and a CISSP, I think the # of laws he's broken are somewhere in the neighborhood of 40-50 depending on his location, I'd estimate the jail sentence he's likely to get if caught and charged with the offenses would be somewhere in the neighborhood of 30 years minimum mandatory.

zero0ne · 15th Mar 2008, 23:04

Of course his follow through was the wrong method, did it ever occur to any of you that he DID contact the Admin?

who knows maybe the admin gave him a royal "**** you, my servers are secure"
(there are server/network admins that are arrogant enough to think the stuff they do is 100% secure all the time)

of course sharing all the info wasn't the right method, but why does harvard have this type of data in a SQL database unencrypted?
AND WHY ARE THEY USING JOOMLA?
(WTF)

HandMadeAndroid · 16th Mar 2008, 16:25

Hey thumbs up to bit-tech for sharing the file names with the world

B3CK · 17th Mar 2008, 02:25

Quote:

Originally Posted by zero0ne

Of course his follow through was the wrong method, did it ever occur to any of you that he DID contact the Admin?

who knows maybe the admin gave him a royal "**** you, my servers are secure"
(there are server/network admins that are arrogant enough to think the stuff they do is 100% secure all the time)

Albeit sounding a little harsh,, I would think this is probably what happened. Contacting the council for the college would have been a more appropriate action. While trying to make a tough example of the Sys Admin is one thing, I would think this person is in for a rough ride if caught.

14th Mar 2008, 07:40	#1
CardJoe Player Character bit-tech Staff Join Date: Apr 2007 Posts: 7,982	Harvard database shared via BitTorrent http://www.bit-tech.net/news/2008/03...a_bittorrent/1 A cracker has downloaded a series of databases containing personal information on Harvard University applicants and made the files available to all via BitTorrent. __________________ this is joe's non-bit-tech blog

14th Mar 2008, 07:46	#2
1ad7 Multimodder Join Date: Feb 2008 Location: Texas, United States Posts: 189	The point he is making is inherently flawed. If someone wants data, they can and will take data. Now to do this for a bunch of idiots that take social's and ruin peoples credit, well thats just wrong. He proved a point alright, he for sure didn't apply to Harvard I guess that narrows the list of suspects. __________________ E8500@ 4.3ghz on air->ASUS P5Q-E->4gb of OCZ DDR2 @1069-> 4890 @ 958 1080 ->ASUS Xonar D2->Win7 Ultimate 42" Polaroid LCD @ 1920x1080

14th Mar 2008, 08:30	#3
Burnout21 is true bit-techer! Join Date: Sep 2005 Location: Nott's Posts: 4,861	the point he made has interesting. If he noticed that there was a weakness in the website sercurity surely an email to the admin would have been better, made attaching a list of file names so they dont think your joking. he definatly went about it the wrong way thats all i can say! and you dont torrent peoples personal infomation like that, 1000's of students are now living a paranoid life waiting for the cerdit cards to suddenly max out due to fraud. __________________ DFI P45-T2RS Plus, Q6600, 4GB Reaper HPC, GTX280 & FX3450, X-Fi Xtreme Music, 1570GB Storage

14th Mar 2008, 11:26	#5
sotu1 Mini Love Join Date: Aug 2007 Location: England, South of. Posts: 1,169	it's pretty clear that there seems to be an ulterior motive. The hack is one thing, to then release highly sensitive details of 10,000 people is malicious. __________________ Death to consolification !!! [size=1]Give me my Windforce! I'm coming back!

14th Mar 2008, 19:50	#7
DarkLord7854 Web Developer Join Date: Jun 2005 Location: West Palm Beach, Florida Posts: 3,840	Guy probably got booted out of Harvard lol __________________ Current Computer: eVGA 780i Motherboard \| Q6600 Core2Quad \| eVGA GTX260 896Mbs 216-core \| 2x Seagate 500Gbs \| 8Gbs OCZ Platinum DDR2 800 \| Creative XtremeGamer X-Fi \| Thermaltake Armor Case Custom WordPress, ZenCart, Joomla, vBulletin, etc installs and skinning, PM/E-Mail for a quote

14th Mar 2008, 09:02	#4
mmorgue Supermodder Join Date: Feb 2005 Location: Mos Eisley, in the bar... Posts: 378	He could have done them a favour and illustrated to them the inherent security flaws in their system, thereby gain credit for himself and helping out a bunch of people. He could have emailed the web admin with PoC code and examples showing how easy it was, etc. At worse, he could have 'added' a few fake but obvious records to let the security people know he had cracked it. He didn't have to jeopardise the personal data of thousands of people to prove it. He's not smart -- he's just an idiot.

14th Mar 2008, 20:39	#8
Dorte New in here. Join Date: Mar 2008 Posts: 14	Not so good

14th Mar 2008, 22:55	#9
Cthippo Can't mod my way out of a paper bag Join Date: Aug 2005 Location: Bellingham, WA Posts: 4,473	Depends on hos motivations. He's going to generate negative publicity for Harvard and specifically the IT department with this. If his goal was to hurt the uni's reputation in the media he has succeeded. And a minor point, he's undoubtably an ass, but I don't think he's an idiot. __________________ Notice: If we see you flaming we will assume you are on fire and take appropriate measures - The Bit-Tech Fire Brigade.

15th Mar 2008, 01:25	#10
dyzophoria Multimodder Join Date: May 2004 Location: Home Posts: 160	i hate people like these, its good that he found the flaw, but he should have just emailed the admins or contacted harvard itself, but exposing all the data of innocent people? __________________ [FONT=Lucida Console]picture this..[/FONT] // [FONT=Tahoma][FONT=Fixedsys]picture that..[/FONT][/FONT]

15th Mar 2008, 17:20	#11
Bluephoenix Spoon? What spoon? Join Date: Dec 2006 Location: Daytona Beach, FL Posts: 936	this guy's actions are downright shameful. being an LPT (licensed penetration tester) and a CISSP, I think the # of laws he's broken are somewhere in the neighborhood of 40-50 depending on his location, I'd estimate the jail sentence he's likely to get if caught and charged with the offenses would be somewhere in the neighborhood of 30 years minimum mandatory.

15th Mar 2008, 23:04	#12
zero0ne Multimodder Join Date: Jul 2004 Location: Buffalo, NY Posts: 112	Of course his follow through was the wrong method, did it ever occur to any of you that he DID contact the Admin? who knows maybe the admin gave him a royal "**** you, my servers are secure" (there are server/network admins that are arrogant enough to think the stuff they do is 100% secure all the time) of course sharing all the info wasn't the right method, but why does harvard have this type of data in a SQL database unencrypted? AND WHY ARE THEY USING JOOMLA? (WTF)

16th Mar 2008, 16:25	#13
HandMadeAndroid Multimodder Join Date: Feb 2005 Location: Newcastle Posts: 125	Hey thumbs up to bit-tech for sharing the file names with the world __________________ Give them cake