NEWS
Hacker group spurred on by NUS error message
The hacker group claiming responsibility for yesterday's hack into a National University of Singapore (NUS) server said that an error message had spurred them on.
Australian IT publication, SC magazine, yesterday reported that the message popped up when the group, Team Intra, had initially probed the website.
It has allegedly stated, "If you're trying to use the SQL error message to dig for juicy information, get lost."
This message spurred the hackers to continue with the attempt.
They exploited a vulnerability in the server's database and gained access to about 70 staff members' user names, passwords and domain information.
Team Intra then posted the information online, where it was accessible to public.
A spokesman from NUS told the media that the leaked information was not of confidential nature. He added that none of it had been removed or tampered with.
He also clarified that the online group hacked into a server, which hosted research papers and publications, and not the NUS network.
The Straits Times reported that NUS has reset the passwords of all affected accounts, disconnected the server from the network.
The spokesperson also said that appropriate measures would be put in place to prevent similar incidents from happening in future.
First reported by the magazine www.scmagazine.com.au, the article drew comments from a netizen who signed off as Team Intra.
He shed light on the purpose of the hack.
The user said that Team Intra "did not have any problem with the university", and it was "simply a demonstration of how weak their security was".
He added that the group did not intend to leak private data but wanted to show the poor security standards of the website.
"We have our best intentions."
He added that it took just five minutes to get the server's security but they did not change anything on the server.
The user alleged that the passwords had been accessed before as the group had found a list of passwords posted on a password cracking forum.
|
