Friendly Hackers Play-Crack University Computer Systems in Hours

By Gary Cutlack on at

Nice-guy hackers doing a bit of consensual penetration testing claim to have torn into the country's university IT systems in no time at all, gaining access to secure information across the board in a matter of hours.

The fun attacks were coordinated as an example to us all by educational sector tech provider Jisc, which says its crews managed to access personal data on students and staff, and were also able to get into the finance systems or some other supposedly secure IT parts of all of the 173 higher education providers that joined up for the cyber war games.

And of all the techniques used to breach the systems the most reliable was attacking the squidgy bit at very the top of the technology chain, as the "phishing" of staff and students with fake emails requesting credentials and pointing to spoofed login screens remains the quickest and easiest way to get users to hand out their probably-easily-guessable-anyway passwords.

Jisc's Dr John Chapman said: "While the majority of higher education providers take this problem seriously, we are not confident that all UK universities are equipped with adequate cyber security knowledge, skills and investment. To avert a potentially disastrous data breach, or network outage, it is critical that all university leaders know what action to take to build robust defences." [Jisc via BBC]