Tuesday, October 23

Hacker sells access to databases at UCLA, other universities


3.1.news.russiahackUCLA-01.png


A Russian-speaking hacker sold unauthorized access to databases for more than 60 universities and government agencies in the United States and United Kingdom, including UCLA.

The hacker, called Rasputin, sold SQL injections which allow a hacker to access all the contents of an internet database, rather than only parts of it, for various databases according to a statement by Recorded Future, a technology company that specializes in real-time threat intelligence.

Recorded Future informed the UCLA Information Security Office that a UCLA website was vulnerable to SQLi attacks from Rasputin, according to the office.

Recorded Future also said Rasputin had accessed a U.S. Election Assistance Commission database with a similar attack in November.

The UCLA Information Security Office worked with the affected campus unit to identify and make the website secure again, prior to Recorded Future’s Feb. 15 public announcement. The office did not specify which website was compromised.

[Related: UC cybersecurity issue met with mixed responses from faculty]

Though the website was initially vulnerable to the exploit, there was no personally identifiable or sensitive information in any of the web server’s SQL tables, the UCLA Information Security Office said.

Peter Reiher, a computer science adjunct professor, said SQL is a popular query language for databases and a way of asking for something from a database.

He said most websites rely on databases to store information about users, such as users’ interests or personal identification, and give the information to servers when asked. Servers can identify users when accessing databases, but doing so can also unintentionally give secret information.

He said database owners can prevent a SQLi attack through well-programmed systems, but some people buy systems with potential mistakes in the software.

“One of the things they might be doing is filling around with SQL, and the attacker can get ahold of their information,” Reiher said. “It’s not the user’s fault but the software came with a mistake built in.”

Reiher said he thinks with so much data flowing around UCLA in many different servers, it is possible someone made a small mistake that could have had negative consequences.

“The amount of data flowing around UCLA is intense, but what would be lost depends on what the database is compromised of,” Reiher said.

Other affected universities include New York University, Rice University and the University of Washington. The federal agencies the hacker breached include the National Oceanic and Atmospheric Administration and the U.S. Department of Housing and Urban Development.

Contributing reports from Eric Bazak, Daily Bruin contributor

 

Share on FacebookTweet about this on TwitterEmail this to someoneShare on Google+Share on Reddit

Comments are supposed to create a forum for thoughtful, respectful community discussion. Please be nice. View our full comments policy here.

  • Skyler Wilson

    if you need any hack related job, or you are looking for a hacker for hire, you should contact [email protected], he is fast, efficient, trustworthy and reliable, send a mail to request service

  • Love Navel

    i have been a victim of wicked people who call themselves hackers. i want to inform you that almost everyone here are all scams. just last week i paid over 300GBP to a hacker that claim he is good, up to this momemt ive not heard from him. i was at the verge of loosing my job, just monday i was surfing the internet when i saw this email ([email protected]) at all conner stating that he is good and legit that he will not reap you off. i had to give him a chance, people i am not here to praise anybody but i am here to tell you that mr Daniel is real and legit, today i am a happy man, my grade has been change and he is the best. i urge you guys to contact him on this email ([email protected]), he is real and he is the best. i will go tell the world what this man has done for me. God is my witness if i am lying. Mr daniel is a God sent to help correct out mistake. just had to put this out there for those who really need someone goodcontact him on his email . ([email protected])

  • Sandra Anthony

    For over a year i have been trying to take down a website that put up bad contents about me , after spending alot of money on impotent hackers, i was finally able to do the job,thanks to [email protected]. for good hobs only though

  • Leslie Moffat

    Do you want a QUICK and the most INTELLIGENT Database hack service and more? Have you been failing your courses in school and want to UPGRADE YOUR SCHOOL SCORES AND GRADES? Then it is your luck day to met the most EFFICIENT, RELIABLE, SWIFT and INTELLIGENT hacker, I will offer the following services: Learn what’s makes the clever ones know with just a learnable tips. I can offer services like • Already hacked online shopping pins for sale at give away price • University grades hack • Bank account hacks • Control devices remotely hack • Email Hacking • Facebook Hacking Tricks • Gmail Hacking Tricks • untraceable IP • Verified Paypal Accounts hack • Wipe criminal record • Paypal, MasterCard hack • IP Address • IPhone Hacking Tricks • KEYLOGGER • Twitter Hacking • Windows Hacking Tricks • YouTube Hacking ,professional Hacking

    GMAIL: trusthackerslounge2018

  • Sophia Robert

    Get good GRADES and do not let your lecturers frustrate your future.

    The other advantage is that no one ever gets to find out. The security

    of my clients is my first priority

    Do you want the service of an

    expert hacker that is specialised in UNIVERSITY/COLLEGE GRADE

    CHANGE/UPGRADE contact, STUDENT TRANSFER TRANSCRIPT CHANGE?. My service

    is fast and secured. I do SCHOOL GRADE, TRANSCRIPT CHANGE AND TRANSFER

    for students all over the world (ASIA, NORTH AMERICA, SOUTH AMERICA,

    AFRICA, ASIA, EUROPE and Australia). No matter your location.

    Have you been having problem with your SCHOOL GRADES

    Have you graduated and did not have the right GRADE

    Do you want to UPGRADE your TRANSCRIPT and get your desired certificate

    Do you want to transfer to another school? CONTACT HACK MAJOR 407 AT G MAIL DOT COM

  • Karen Mcneal

    I met this wonderful hacker that offers a variety of hacking
    services for everyone. Some of their services are: – Get any password from any
    Email Address. – Get any password from any Face-book, Twitter or Instagram
    account. – Cell phone hacking (whatsapp, viber, line, wechat,wire wire transfer
    Western union/money gram etc) – Grades changes (institutes and universities)
    Blank ATM – Websites hacking, pen-testing. – IP addresses and people tracking.
    - Hacking courses and classes. Our services are the best on the market and 100%
    secure and discreet guaranteed. Just write them and ask for your desired
    service: EMAIL ADDRESS: cyberhackingspecialist AT GMAIL DOT COM or text message
    +15165312529…

  • Deshawn Isaias

    I really appreciate you man, I would have failed my exam, This team has to be the best hands down for handing, they can exploit website for vulnerability and they get results within 24hrs, feel free to email [email protected] com

    • Brandy lalau

      Thanks for sharing. i have to engaged him already.

    • Kim Cheng

      When it has to do with school grades. We are dynamic balancing expert hacking team which render reliable service of School Grades hack, Transcript, Transfer, Blackboard system upgrades, college database expert, all type of school database, we are the expert when it comes to grade change. Contact: codefirehackers @ gmail. com for changes in University grades

  • peiter C zatko

    We are part of a team consisting of highly efficient developers and hackers.

    +Upgrade University Grades

    +Facebook, Whatsapp, Line, Skype Hack, Instagram, Twitter,

    +Remove Criminal Records

    +Drivers License

    +Delete unwanted online Pictures and Videos on any website

    +Phone hacking, cell phone jammer

    +Mastercard, Paypal, Bitcoin, WU, Money Gram with untraceable credit on it etc.

    +We also develop custom software and web development in php, java, asp. net etc.

    We have 100% records from our client as well as highest repeat hire rate.

    our work speak for ourselves, we provide a perfect software solution to all clients.

    We believe in mutual growing with client and hence we work as a technology partner and consultant for our clients.

    apocalypsehackers0x at GMAIL.COM

  • dacey daewo

    Thanks for the school grade changed. I had low marks on my courses
    and needed them changed, i was so frustrated,because i had to prove to
    my parents and friends i was among the best student in my college. I met
    some hackers and got played with, but i saw his work on you-tube and
    gave him the job. I am now happy to say the grades where changed and i
    had to graduate from college later on. Alex Ivanov did really helped me
    and remain grateful to his effort to help me on my school grades. I
    strongly do recommend anybody who is stuck with bad grades and need them
    changed ASAP, you can just contact them and have the good score and
    result you deserve. hack major 407 at g mail dot com

  • Allen Cusack

    You need expert to upgrade your school grades? Why waste your time with non professional hacker? Give the job to a professional. We are professionals when it
    comes to school grades hack. Contact us today at hackwizards007 @ gmail. com

  • johnson

    If you want to get success with your SCHOOL GRADE change without getting
    caught, you must not do it yourself or hire an inexperienced person to
    do it for you. It will be wise to hire the SCHOOL GRADES EXPERTS,
    someone who is very conscious of security and have had 100% successes in
    all their hack jobs. School grade jobs does is not a guess work, it
    needs a professional.

    use masterzone20 AT gmail DOT com for better experience.