Security

Harvard Site Hacked, Alleged Content Hits BitTorrent

One of Harvard University's Web sites appeared on Monday to have been hacked, with its contents appearing on the BitTorrent file-sharing network.

A compressed 125 MB file described as the database for the Web site of Harvard's Graduate School of Arts and Sciences is available via the BitTorrent P-to-P (peer to peer) network. The file is listed on The Pirate Bay, a Web site that indexes torrents, or small information files that coordinate the download of content from other users on BitTorrent.

The Web site for the Graduate School of Arts and Sciences was offline on Monday.

A note attached to the torrent claimed the file contained a backup of the site -- including some contacts files and other files associated with Joomla, an open-source content management system -- along with other various bits. It appears to be legitimate.

The note's writer claims the stunt is intended to demonstrate the insecurity of Harvard's server. The writer also exposed what purport to be usernames and passwords belonging to two of the site's system administrators.

"Stupid people, you don't use a secure password," read a note preceding the sensitive information.

As of Monday afternoon Eastern Time, the compromised file was being distributed by 11 users -- known in file-sharing terminology as "seeders" -- and was being downloaded by nine "leechers," or those downloading the files.

Harvard's media office was closed on Monday due to the U.S. Presidents Day national holiday.

Subscribe to the Security Watch Newsletter

Comments