🎯Basically, hackers took over university websites to show porn due to bad record-keeping.
What Happened
Recently, a troubling discovery revealed that numerous prestigious university websites have been hijacked by scammers to serve explicit pornography and malicious content. Notable institutions like the University of California, Berkeley, Columbia University, and Washington University in St. Louis are among those affected. Researcher Alex Shakhov reported that hundreds of subdomains from at least 34 universities have been exploited.
Who's Affected
The affected universities include: These institutions, known for their academic excellence, are now associated with explicit content, damaging their reputations and potentially misleading visitors.
University of California, Berkeley
Columbia University
Washington University in St. Louis
What Data Was Exposed
The hijacked subdomains have led to the exposure of explicit material and scam sites. For instance, one site falsely claimed that visitors' computers were infected, urging them to pay a fee to remove non-existent malware. This not only misleads users but also poses a significant risk to their security and privacy.
What You Should Do
Organizations, especially educational institutions, need to prioritize proper DNS record management. Here are some actionable steps:
- Compile an Inventory: Maintain a comprehensive list of all subdomains and their purposes.
- Regular Audits: Conduct routine checks to identify and remove dangling DNS records that no longer point to active subdomains.
- Implement Alerts: Set up notifications for when a subdomain stops responding to prevent hijacking.
The Underlying Issue
The root cause of this vulnerability lies in poor housekeeping practices regarding DNS records. When a subdomain is decommissioned, the corresponding CNAME record often remains intact. Scammers, such as the group known as Hazy Hawk, capitalize on this oversight by registering the expired domain names. This lack of oversight is compounded by the decentralized nature of university IT departments, where individual departments can independently request subdomains without a centralized decommissioning process.
The Broader Implications
This incident serves as a stark reminder of the importance of cybersecurity hygiene. Organizations must not only create but also manage their digital assets responsibly. The failure to do so can lead to significant reputational damage and expose users to scams and malicious content. As of now, only a few universities have taken steps to rectify the situation, and many URLs remain indexed in search results, perpetuating the issue.
In conclusion, maintaining a clean and updated DNS record is crucial for any organization. Regular audits and immediate action on inactive subdomains can prevent such breaches in the future.
🔒 Pro insight: The hijacking of university subdomains underscores the critical need for robust DNS management practices to mitigate similar threats.
