Hacker may have sold access to Marshall U. website

Wednesday, January 26, 2011

Yesterday, I noted that I had contacted Marshall University about a hacker offering “Full SiteAdmin Control” to their server for $99.00.

My purpose in contacting them was two-fold: to alert them to a possible breach that they needed to look into and to ask for a comment or response. I never got to the second purpose, as a Marshall employee told me that they had dealt with the problem “yesterday,” that there was no breach, and that I shouldn’t be reporting anything alleging that they had been breached. She took my phone number and email address and promised to have someone get in touch with me with a fuller response. No one called. No one emailed.

Today, Zack Harold reports:

An underground hacker website recently offered visitors high-level access to Marshall University’s website for just $99.

Officials at Marshall said the cyber criminal might not have infiltrated their systems, however.

The hacker, identified only as “Srblche,” was selling administrative access to the university’s website for $99 on Monday. The site was no longer active Wednesday.

Matt Turner, Marshall’s chief of staff, said the university became aware of the alleged security breach Monday and immediately began checking its systems to determine if a breach occurred.

The school’s technology team didn’t find any evidence of an attack.

“As far as we know, our security has not been compromised as suggested, but with Web servers, there is always an inherent risk of hackers,” Turner said. “Any time you have a server that exists, it’s always susceptible to someone trying to hack into it.”

“We think it’s someone phishing, trying to make some money,” he said.

Bill Gardner, IT manager for Charleston’s Flaherty, Sensabuagh, Bonnasso Law Firm, said that scenario is “possible, but it’s probably not probable.”

“There’s honor among thieves,” he said

Read more on Charleston Daily Mail.

None of the universities named on the “for sale” list have posted any notices on their sites about the situation.  In the interim, the web site has been suspended.  A whois lookup indicates that srblche.com is registered to:

Mohammad Srblche        (sqlevil@gmail.com) Kuwait Salwa Salwa KW,00865 KW Tel. +965.567636494 Creation Date: 21-Apr-2010 Expiration Date: 21-Apr-2011 Domain servers in listed order: ns1.suspended-domain.com ns2.suspended-domain.com Of course, that information is not necessarily accurate. Original Source: http://www.databreaches.net/?p=16556

1460
Breaches
Post Rating I Like this!