Saturday, August 18

Hacker sells access to databases at UCLA, other universities

A Russian-speaking hacker sold unauthorized access to databases for more than 60 universities and government agencies in the United States and United Kingdom, including UCLA.

The hacker, called Rasputin, sold SQL injections which allow a hacker to access all the contents of an internet database, rather than only parts of it, for various databases according to a statement by Recorded Future, a technology company that specializes in real-time threat intelligence.

Recorded Future informed the UCLA Information Security Office that a UCLA website was vulnerable to SQLi attacks from Rasputin, according to the office.

Recorded Future also said Rasputin had accessed a U.S. Election Assistance Commission database with a similar attack in November.

The UCLA Information Security Office worked with the affected campus unit to identify and make the website secure again, prior to Recorded Future’s Feb. 15 public announcement. The office did not specify which website was compromised.

[Related: UC cybersecurity issue met with mixed responses from faculty]

Though the website was initially vulnerable to the exploit, there was no personally identifiable or sensitive information in any of the web server’s SQL tables, the UCLA Information Security Office said.

Peter Reiher, a computer science adjunct professor, said SQL is a popular query language for databases and a way of asking for something from a database.

He said most websites rely on databases to store information about users, such as users’ interests or personal identification, and give the information to servers when asked. Servers can identify users when accessing databases, but doing so can also unintentionally give secret information.

He said database owners can prevent a SQLi attack through well-programmed systems, but some people buy systems with potential mistakes in the software.

“One of the things they might be doing is filling around with SQL, and the attacker can get ahold of their information,” Reiher said. “It’s not the user’s fault but the software came with a mistake built in.”

Reiher said he thinks with so much data flowing around UCLA in many different servers, it is possible someone made a small mistake that could have had negative consequences.

“The amount of data flowing around UCLA is intense, but what would be lost depends on what the database is compromised of,” Reiher said.

Other affected universities include New York University, Rice University and the University of Washington. The federal agencies the hacker breached include the National Oceanic and Atmospheric Administration and the U.S. Department of Housing and Urban Development.

Contributing reports from Eric Bazak, Daily Bruin contributor


Share on FacebookTweet about this on TwitterEmail this to someoneShare on Google+Share on Reddit

Comments are supposed to create a forum for thoughtful, respectful community discussion. Please be nice. View our full comments policy here.

  • Skyler Wilson

    if you need any hack related job, or you are looking for a hacker for hire, you should contact [email protected], he is fast, efficient, trustworthy and reliable, send a mail to request service

  • Love Navel

    i have been a victim of wicked people who call themselves hackers. i want to inform you that almost everyone here are all scams. just last week i paid over 300GBP to a hacker that claim he is good, up to this momemt ive not heard from him. i was at the verge of loosing my job, just monday i was surfing the internet when i saw this email ([email protected]) at all conner stating that he is good and legit that he will not reap you off. i had to give him a chance, people i am not here to praise anybody but i am here to tell you that mr Daniel is real and legit, today i am a happy man, my grade has been change and he is the best. i urge you guys to contact him on this email ([email protected]), he is real and he is the best. i will go tell the world what this man has done for me. God is my witness if i am lying. Mr daniel is a God sent to help correct out mistake. just had to put this out there for those who really need someone goodcontact him on his email . ([email protected])

  • Sandra Anthony

    For over a year i have been trying to take down a website that put up bad contents about me , after spending alot of money on impotent hackers, i was finally able to do the job,thanks to [email protected]. for good hobs only though

  • Leslie Moffat

    Do you want a QUICK and the most INTELLIGENT Database hack service and more? Have you been failing your courses in school and want to UPGRADE YOUR SCHOOL SCORES AND GRADES? Then it is your luck day to met the most EFFICIENT, RELIABLE, SWIFT and INTELLIGENT hacker, I will offer the following services: Learn what’s makes the clever ones know with just a learnable tips. I can offer services like • Already hacked online shopping pins for sale at give away price • University grades hack • Bank account hacks • Control devices remotely hack • Email Hacking • Facebook Hacking Tricks • Gmail Hacking Tricks • untraceable IP • Verified Paypal Accounts hack • Wipe criminal record • Paypal, MasterCard hack • IP Address • IPhone Hacking Tricks • KEYLOGGER • Twitter Hacking • Windows Hacking Tricks • YouTube Hacking ,professional Hacking

    GMAIL: trusthackerslounge2018

  • Sophia Robert

    Get good GRADES and do not let your lecturers frustrate your future.

    The other advantage is that no one ever gets to find out. The security

    of my clients is my first priority

    Do you want the service of an

    expert hacker that is specialised in UNIVERSITY/COLLEGE GRADE



    for students all over the world (ASIA, NORTH AMERICA, SOUTH AMERICA,

    AFRICA, ASIA, EUROPE and Australia). No matter your location.

    Have you been having problem with your SCHOOL GRADES

    Have you graduated and did not have the right GRADE

    Do you want to UPGRADE your TRANSCRIPT and get your desired certificate

    Do you want to transfer to another school? CONTACT HACK MAJOR 407 AT G MAIL DOT COM

  • Karen Mcneal

    I met this wonderful hacker that offers a variety of hacking
    services for everyone. Some of their services are: – Get any password from any
    Email Address. – Get any password from any Face-book, Twitter or Instagram
    account. – Cell phone hacking (whatsapp, viber, line, wechat,wire wire transfer
    Western union/money gram etc) – Grades changes (institutes and universities)
    Blank ATM – Websites hacking, pen-testing. – IP addresses and people tracking.
    - Hacking courses and classes. Our services are the best on the market and 100%
    secure and discreet guaranteed. Just write them and ask for your desired
    service: EMAIL ADDRESS: cyberhackingspecialist AT GMAIL DOT COM or text message

  • Deshawn Isaias

    I really appreciate you man, I would have failed my exam, This team has to be the best hands down for handing, they can exploit website for vulnerability and they get results within 24hrs, feel free to email [email protected] com

    • Brandy lalau

      Thanks for sharing. i have to engaged him already.

      • Lupe Walters

        Get your grades change. I was once stuck with poor grades until I find a true hacker who can get grades change.He handle my job professionally and my now grade was change.. contact him via [email protected] com .He did a good job for me in less than 48hrs…
        You can also contact him for all sorts of hacks

        • William Mason

          Do you need service of a hacker who can help you get your job done?
          We have reputable service to get your job done without trace, speedy work recovery,expert in handling of school grade.Best in terms of service delivery. What are you seeking or want?. Do you want to hack Facebook,email,spy on Phone. This is our job and what we are good at. Contact us at [email protected] com