Harvard Site Hacked and Then Leaked on BitTorrent
Posted February 18th, 2008 by Alex Ion
You know the saying “it can happen to the best of us”? Though Harvard is not the most secured place in the world, we expected better security from them. Apparently, the Harvard Graduate School of Arts and Sciences website has been hacked and the content is now leaked on BitTorrent.
“This is the backup of gsas.harvard.edu. We have release it because we want demonstration the insecurity of harvard’s server. [....] Maybe you don’t like it but this is to demonstrate that persons like tgatton(admin of the server) in they don’t know how to secure a website.”is what you can read in the .nfo file. I guess the hacker made his point, even if it’s sloppy English.
The Pirate Bay are already tracking a 125MB zip file that is supposed to be a server backup of the site with a full directory structure, before the hit. It contains three databases, joomla.slq the main database, contacts.sql which is a database of contacts and hgs.sql which may not be that important. Another bad thing is that the file is supposed to contain passwords, too.
Right now GSAS is down, so I can only speculate they are trying to fix this major security breach. Can you imagine how Thomas Gatton (the admin) is feeling right now, because he’s a Systems Administrator and User Support Specialist at Harvard.
February 19th, 2008 at 12:21 am
Not for nothing, but this “tgatton” fellow *should* be embarrassed and feel stupid as hell!
I run a VERY large web-hosting company, and we have millions of attacks against our sites on a weekly basis – they get nowhere.
Being a sysadmin is not knowing how to install gentoo, thinking your’re hard-core, and sitting back. It’s actively monitoring, defending, and watching what is happening in your environment.
Shame on him – he should be replaced.
February 19th, 2008 at 6:04 am
“Can you imagine how Thomas Gatton (the admin) is feeling right now, because he’s a Systems Administrator and User Support Specialist at Harvard.”
He WAS Systems Administrator and User Support Specialist at Harvard!
Goes to show don’t get relaxed in your job. I’m sure he was getting a nice chunk of change too. Probably lied on resume. That would then be super classic.
February 19th, 2008 at 6:18 am
This is one of the web’s most interesting stories on Tue 19th Feb 2008…
These are the web’s most talked about URLs on Tue 19th Feb 2008. The current winner is …..
February 19th, 2008 at 8:18 am
[...] Harvard Hacked [...]
February 19th, 2008 at 9:30 am
Where does I download this? I heard the list was on that site and that the list is now in open hands? is this true? and if so what will i get out of it? does it include all the numbers and addresses, or just numbers and emails? I am very interested and need to know this now. please message me ok? also i heard paris hilton was recently at harvard. does she go there?
February 19th, 2008 at 10:10 am
what exploit did they use?
February 19th, 2008 at 11:22 am
[...] Harvard Hacked – Bittorent in trouble again. [...]
February 19th, 2008 at 11:28 am
“Another bad thing is that the file is supposed to contain passwords, too.”
I really hope no one was reusing the same passwords for other accounts. Impossible to remember all that right? right.
Exactly why you need a password manager:
http://tinyurl.com/38jxny
Folks, please protect yourselves.
Cheers,
Tara
PassPack Founding Partner
February 19th, 2008 at 12:00 pm
[...] backups, full directory strucure, site databases an password files are now leaked on BitTorrent.read more | digg [...]
February 19th, 2008 at 12:41 pm
Harvard Site Hacked and Then Leaked on BitTorrent | nerdd.net…
The Harvard Graduate School of Arts and Sciences website has been hacked and now the content inc…
February 19th, 2008 at 2:46 pm
What “hat” would you put on?
February 19th, 2008 at 2:48 pm
“I run a VERY large web-hosting company, and we have millions of attacks against our sites on a weekly basis”
Well, guess what, Mr. Gatton doesn’t. He probably does all IT jobs including flushing the buffers in the morning and making sure the printer drivers work.
Of course he’s probably embarrassed, but calling for him to be replaced would imply that only security experts are allowed to run web sites.
If you want to blame someone, blame the jerks who uploaded the data, and the Pirate Bay for tracking it.
February 19th, 2008 at 3:07 pm
Ouch… I feel for the guy.
February 19th, 2008 at 3:43 pm
Tgatton probably shit his pants. LULZ. Probably would have been better to go to the sysadmin and actually help them fix their shit sysytem rathar than making a .torrent file with mad DOCS in it…whole directories than post the whole thing on Bit Torrent. This is the kind of thing that gives hackers a bad name. Makes it seem to me that whoever did this was more about getting lulz than getting a server at a school fixxed. Kids will be kids…
February 19th, 2008 at 5:52 pm
Joomla is a free Content Management System.
You get what you pay for.
February 19th, 2008 at 5:54 pm
Most likely he knew about these security problems, but his boss had him working on something he felt was ‘more important’.
The Internet is not yours.
February 19th, 2008 at 7:14 pm
[...] Harvard Site Hacked and Then Leaked on BitTorrent – The Harvard Graduate School of Arts and Sciences website has been hacked and now the content including server backups, full directory strucure, site databases and password files are now leaked on BitTorrent. [...]
February 19th, 2008 at 7:21 pm
http://www.darkmindz.com/forum/view.dmz?id=1612
Owned yet again.
February 19th, 2008 at 7:56 pm
“‘I run a VERY large web-hosting company, and we have millions of attacks against our sites on a weekly basis’
‘Well, guess what, Mr. Gatton doesn’t.’”
He’s in charge (or WAS in charge) of that web server so it’s HIS responsiblility for its security! I run a small hosting company and I’m always checking the servers for attacks and keeping them secure. If it gets hacked, then I have to take responsiblility. He didn’t keep his server secure so this is a lesson well learned. I’m sure he’ll be taking classes on server security now.
February 19th, 2008 at 8:28 pm
I’m gonna guess that the hacker(s) conversed with the admin, and the admin scoffed at their threats. Why else would they call him out by name? I’m sure there are plenty of sys admins at Harvard, this one just didn’t take them seriously, pissed them off, and now….lulz
February 19th, 2008 at 10:21 pm
1st Post Steven: Wait for the day it happens to you, then I will personally get a ticket and fly first class to meet you. Then I will point at you and laugh my heart out at you for 2 hrs straight.
February 19th, 2008 at 10:42 pm
So, what could someone do with this file?
February 20th, 2008 at 1:34 am
Hey shit happens, its the internet i agree with the first post of actually looking at your logs and see what is going on…that is part of an administrators job..
February 20th, 2008 at 12:23 pm
[...] Source [Devicepedia] [...]
February 20th, 2008 at 2:24 pm
[...] estos momentos, la p?gina est? ca?da, imaginamos que porque intentan solucionar la brecha. vINQulos Devicepedia Im?genes Adjuntas [...]
February 20th, 2008 at 4:07 pm
Poor T Gatton. He is taking all this flak for something which could have possibly been out of his control. How do we know what really happened and what the circumstances were?
How do we know that the Harvard server wasn’t secured? After all, Hacking is all about getting past security, barriers, firewalls and not to mention typical commercial security solutions. Maybe admins should be made to sit at a terminal 24 hours a day, 365 days a year with no rest or end of work. This attack could easily have happened in an hour or less during the night.
It’s not fair, grown up or intelligent to call for the admin to be sacked if the sum of all your knowledge is what you have read here…the claims of a hacker who’s words cannot be trusted ofr substantiated. He could be talking crap after all.
The hacker claims he has done this to make a point but what the hell was he doing poking around the server in the first place? More to the point, why did he publish this possibly sensitive data on a public Torrent? You may not like it, but the hacker is obviously a lowlife, scumbag, peice of trash criminal trying to put reason behind his crimes.
As a society, should we start excusing criminals for the sole purpose of blaming the victim, based entirely on the words of the criminal?
Apparantly so, according to some of the posts here.
February 20th, 2008 at 9:30 pm
The element of the outlaw is necessary in society to provide check and balance. The hacker in this case is getting the message out there loud and clear. After reading this I’m sure dozens of admins behind on their patches will move that up in their overly-packed priority list.
February 21st, 2008 at 1:37 am
I agree with DirtyHarry. We know next to nothing about the administrator or the circumstances in which they were working. To call them incompetent is simply ignorant. Should this have happened? Absolutely not. But to excuse yourself of breaking into a server because you felt it was insecure and they deserved it is plain asinine. What would you think about someone who walked into your home, took photos of your private possessions, and published them for all to see? Are they excused from their actions simply because the door was unlocked or not “secure” enough? No. It’s called breaking and entering and is punishable under the law (as is this crime).
This whole, “I’m excused from breaking into a system because it was insecure” attitude is ridiculous.
February 29th, 2008 at 2:56 am
The sysadmin of my college has to manage a wide array of legacy systems (AIX, Solaris 8, etc.). Chances are, this guy has quite a bit of work.
It’s also the middle of the semester, so I’m sure he’s been busy with other shit too.
If you want to show it’s insecure, why not just change the front page of the website? Why post all the users information too? What a piece of shit.
February 29th, 2008 at 6:42 pm
“I run a VERY large web-hosting company, and we have millions of attacks against our sites on a weekly basis – they get nowhere.”
Anything that is connected to the internet is hackable, trust me when i say this. I have seen this in my line of work, nothing is secure enough. If you want to secure your server cut off the internet connection and seal it in a vault (the whole network actually) and maybe (and i say maybe) then you might have a secure network, but i’m not sure of that either.
It’s sad that the server was hacked, it’s his fault because he wasn’t (probably) up to date also, if you put a young hacker to secure your server he will probably do a better job than other people who consider themselves sysadmins. Why young? Well young people tend to change and adapt easier than old people and this is what you need to do when hacking, adapt.
These were my two cents, have a nice day.
March 4th, 2008 at 5:17 am
“I run a VERY large web-hosting company, and we have millions of attacks against our sites on a weekly basis – they get nowhere.
Being a sysadmin is not knowing how to install gentoo, thinking your’re hard-core, and sitting back. It’s actively monitoring, defending, and watching what is happening in your environment.”
Millions eh? Thats pretty impressive, Considering theres only 7 days in a week, 24 hours a day, and 60 minutes in an hour, nmap speccing out on -T 5 over a LAN can take an upwards amount of 45 seconds to complete, and approximately use about 3-4 megabytes of bandwidth up/down if you are using Incomplete Syn scanning and full ports, So if millions is right, You are serving an upwards amount of 500 – 600 terabytes of data just in a week? Thats petabytes a month, WOW! And thats not even counting serving regular customers and DOS attacks. You must fucking RUN the internet to get that much bandwidth.
March 5th, 2008 at 8:38 pm
“Not for nothing, but this “tgatton” fellow *should* be embarrassed and feel stupid as hell!
I run a VERY large web-hosting company, and we have millions of attacks against our sites on a weekly basis – they get nowhere.
Being a sysadmin is not knowing how to install gentoo, thinking your’re hard-core, and sitting back. It’s actively monitoring, defending, and watching what is happening in your environment.
Shame on him – he should be replaced.”
I’m quite sure you patch your servers against the latest exploits, that you subscribe to full-disclosure and other security mailing lists and that you have camped and are currently living your life in your VERY large server room. However, it is your judgmental attitude and your arrogance that impresses me the most. He might not have been the brightest star in the sky, but your display of arrogance and elite behavior is exactly what gives us, sysadmins, a bad name.
However, as actively as you may monitor and defend your environment, you never know when you’ll be a victim of a zero-day exploit. And those who make uncalled for displays of arrogance and elitism are those who end up being laughed at mercilessly.
“Joomla is a free Content Management System.
You get what you pay for.”
Microsoft Windows is a paid OS. And it is quite expensive, as well.
“The sysadmin of my college has to manage a wide array of legacy systems (AIX, Solaris 8, etc.). Chances are, this guy has quite a bit of work.”
Unfortunately, that’s the case, more often than not. Sysadmins working in academentia usually have to deal with legacy systems users that are often more demanding than those working in a corporate environment. And the pay is usually not so appealing.
A final word about our great elite hacker: Hackers abide by an ethical code. I mean, they should abide by an ethical code. It would be quite noble if our friend chose to notify the system administrator of the security holes in his system. Instead, he chose to make his point known through the distribution of the compromised website on the internet. I respect hackers and their ability, except those who act unaware of the ethical repercussions of their actions.
May 25th, 2008 at 10:09 pm
[...] http://www.devicepedia.com/security/harvard-site-hacked-and-then-leaked-on-bittorrent.html [...]
August 25th, 2008 at 4:46 pm
[...] Devicepedia [...]
September 21st, 2008 at 5:59 pm
[...] Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm [...]
September 30th, 2008 at 7:26 pm
[...] that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm Authorization bypass, to gain access to the Admin backend, can be as simple as this: Find weak [...]
November 9th, 2008 at 5:05 am
[...] that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm Authorization bypass, to gain access to the Admin backend, can be as simple as this:Find weak [...]
February 6th, 2009 at 8:08 am
Just showing that nobody is safe and must be protected on many levels. Thanks for sharing.
March 5th, 2009 at 3:57 pm
I can not believe that happened.
August 1st, 2009 at 5:07 am
[...] Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm [...]
September 29th, 2009 at 8:01 pm
[...] Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm [...]