Hacking road signs to display digital graffiti is certainly not rare, but a team of lulzy trolls at Purdue University kicked off cybersecurity month by starting October with such a prank.
A computerized marque near the Stewart Center normally rotates through boring time, temperature and various Purdue University messages. However, “Team Trollio” livened up campus by hacking the digital sign to display an image of the infamous Internet trollface interspersed with flashing these messages: “Problem Purdue?” “Brought to you by #TeamTrollio” “Trollfest 2012,” and “Get HAXXOR3D!”
This short video shows the hacked Purdue billboard:
At first the Purdue Exponent showed off the messages as well as noted, “The motivation is unknown at this time” without concluding it was surely for lulz. Then Purdue Exponent reported that “an ITaP computer forensics team investigated the incident and found only one computer was involved.” It was called an “isolated incident,” that “computer was removed,” and “corrections have been made to prevent a re-occurrence” of any “additional incorrect messages.” Steve Tally, senior marketing and media strategist, emailed the newspaper to say “no information on that computer was at risk.”
The Purdue sign hack was not quite the same caliber of the Washington State University hacker who hijacked the projector systems in several dozen classrooms to broadcast his V for Vendetta broadcast. Although he urged WSU students to take action and rise up against the “squirrels on campus” by meeting on November Fifth, some critics went ridiculously over the top, calling it a “possible prelude to terrorism.”
Tally didn’t take it to ludicrous “terrorism” extremes like WSU, yet his email included this odd bit: “There is no reason for anyone on campus to change their behavior because of this incident.” He wisely added, "Although at Purdue we take all such incidents seriously, this incident was not a significant threat.” It may have “raised someone's awareness of the need for computer security, or maybe reminded people that they need to check what security measures they have taken on their personal machines.”
Some Purdue students called the prank “nifty,” “clever,” and “funny,” or tweeted the hack was “hilarious;” others said it was “disrespectful,” “immature,” with one person adding, “It’s kind of dumb – I can’t picture Purdue people doing that.” At the time of publishing, Purdue Exponent had not replied with any additional information. Nor did Tally reply with more forensic info or if he found the hack to be at all humorous. There was a poll asking “What do you think of the hacked Stewart Center sign?” However it had a measly five votes, four of which voted “Go geeks!”
But not all university hacks are as “harmless” or as humorous. WhiteHat Security, and its founder Jeremiah Grossman who advocates “hack yourself first” said, “Every day the news supports the notion that critical website vulnerabilities, and other major Web breaches, are pervasive and increasingly made public with even the most rigorous security policies in place. In fact, anyone can now become a victim of being attacked, and then being 'exposed' as having inadequate Web security.”
WhiteHat Security then pointed out the recent example of when Anonymous-affiliated hackers from Team GhostShell attacked the world’s top 100 universities as a protest against “astronomical” tuition fees as well as the falling quality and “McDonadlization” of education.
Team GhostShell launched “Project West Wind” and leaked 120,000 user accounts and student records from universities spread over three continents including Harvard, Princeton, Purdue, Stanford, Cambridge, Cornell, John Hopkins, Texas A&M, and universities in Rome, Tokyo, Moscow, Australia, Germany, and the UK to name but a few. While the dumped data had the standard email addresses, passwords and other private information like student and faculty names, the pastebin of database breaches also included an “open debate” with “opinions and points of views from different Anonymous members, all around the globe.”
Our targets for this release have been the top 100 universities around the world. After carefully filtering the ones that we've already leaked before and the ones where Anonymous has in major operations, we have eventually got together a new fresh list. The majority of them should be here. Also, some of us decided to go ahead and add vulnerable links to the other ones anyway, which you can find at the bottom, at "Other Universities".
Side note* We tried to keep the leaked information to a minimum, so just around 120.000+ accounts and records are here, leaving in their servers hundreds of thousands more. (When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored.)
Defense Secretary Leon Panetta definitely did not use this example in his recent cyberwarfare speech to Business Executives for National Security. But he warned that "an aggressor nation or extremist group" could "derail passenger trains or even more dangerous, derail trains loaded with lethal chemicals. They could contaminate the water supply in major cities or shutdown the power grid across large parts of the country." He said that "attackers could also seek to disable or degrade critical military systems and communication networks." Panetta's most highly quoted and criticized remark was that "these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life."
The Defense Department will change the rules of cyber engagement and Panetta urged Congress to pass a "comprehensive bill such as the bipartisan Cybersecurity Act of 2012." He added, "It does not mean that the Department of Defense will monitor citizens’ personal computers. We're not interested in personal communication or in e-mails or in providing the day to day security of private and commercial networks. That is not our goal. That is not our job. That is not our mission."
Many privacy advocates do not believe that to be true. Other critics said we've heard it all before, doom and gloom warnings of “how the hacker bogeyman is coming to get you.“
**Update** Steve Tally responded about the Purdue sign hack:
Of course I and others found this somewhat humorous and a little bit embarrassing, which I suppose is the reaction you should have if you are the victim of a prank. We haven't discovered who was behind the prank, but we do know that it was done by directly accessing the sign.
Obviously we don't want to encourage this type of thing, because what a student thinks is a small prank could end up causing real damage, but we're not about to go on a manhunt for the perpetrator of this prank, either.
Here at Purdue we have many technically talented students—we produce more graduates with degrees in engineering and engineering related fields than any other U.S. university—and sometimes their pranks or immature activities are a bit more technical in nature. We try to keep it all in perspective.