Jump to content

Ontario student suspended for alerting his Universitie to online security vulnerability

-white hat hacker, gains unsanctioned access to Laurentian University's online back end. Sudbury Ontario Canada.

 

-Accessing 2,000 personal records 'exceptionally easy, exposing private information, contact info and grades. 

"Yeah, it was exceptionally easy. Trivial almost," "I did have access to pretty much the whole system. People's privacy was at risk, but that wasn't my intention." -  says Laurentian student:

 

- White hat immediately contacts head of IT department upon this discovery. 

 

- Laurentian University not happy: Suspends student 

 

-"I don't think any organization anywhere on this planet would be able to say all our information is always secure."- Alex Freedman, Laurentian University Chief of Staff

 

http://www.cbc.ca/news/canada/sudbury/laurentian-university-internet-security-breach-1.4082506

Link to comment
Share on other sites

Link to post
Share on other sites

College student uses computer science degree for some white-hat work, becomes black-hat when the "good guy" job backfires...

Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to comment
Share on other sites

Link to post
Share on other sites

I think it is stupid how the guy says "I don't think any organization anywhere on this planet would be able to say all our information is always secure." 

 

Like, Laurentian is not the DNC. The white hat is not a crack team of Vladimir Puitin's finest keyboard brigade.  

 

There should be SOME effort put in place to protect from amature hacking, saying that "we cant make it 100% hack prof why bother at all!" to me is so idiotic!

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, MoistyMcMoistface said:

I think it is stupid how the guy says "I don't think any organization anywhere on this planet would be able to say all our information is always secure." 

 

Like, Laurentian is not the DNC. The white hat is not a crack team of Vladimir Puitin's finest keyboard terrorist.  

 

There should be SOME effort put in place to protect from amature hacking, saying that "we cant make it 100% hack prof why bother at all!" to me is so idiotic!

You may want to fix your posts for night theme users. Just highlight and click the Tx icon.

Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to comment
Share on other sites

Link to post
Share on other sites

This bothers me, he didn't abuse the information, he didn't do anything with it. He just informed the school how vulnerable their system was and he got punished for doing something they should be paying others to do. I hope this student gets a free ride at the college.

GPU: XFX RX 7900 XTX

CPU: Ryzen 7 7800X3D

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, nerdslayer1 said:

i believe he wanted some credit for his findings. 

Yes he got his credit alright Muwhahaha. . . . .

I wonder how much the kid lo$t?

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, yathis said:

key words

why not an anonymous tip?

Maybe he was good at predicting: He knew that the University would freak out and get the police involved like they did. He did not want to get in more trouble for trying to conceal his ID, better establish his Innocents instead of the police tracking him down . 

Link to comment
Share on other sites

Link to post
Share on other sites

The kid could spin it into something.

Maybe get hired on somewhere, or start a gofundme page.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, MoistyMcMoistface said:

Maybe he was good at predicting: He knew that the University would freak out and get the police involved like they did. He did not want to get in more trouble for trying to conceal his ID, better establish his Innocents instead of the police tracking him down . 

 

a well made anonymous tip is hard to track.

Link to comment
Share on other sites

Link to post
Share on other sites

I feel like this was stupid. For example

 

I'm helping out someone to gain knowledge on basic pc building. He then tells me that my pc build was only using 8gb of ram because I didn't push the other 3 ram sticks all the way in. 

When he tells me that i get pissed and tell him to never come back.

CPU - i7-4790k

GPU - MSI 980 Ti 

Mobo - MSI Z97 Gaming 5

Memory - 32 GB DDR3

Storage - 3.4 TB

 

Full List : https://pcpartpicker.com/list/sPgN8d

 

Link to comment
Share on other sites

Link to post
Share on other sites

You wanna know what it is?

 

Its called the "RAT" effect

 

Mind your own business and kiss your own ass.

Link to comment
Share on other sites

Link to post
Share on other sites

The inception of a black-hat hacker.

1) Be a white-hat.

2) Expose vulnerability to your uni, notify them and don't take advantage of it.

3) Uni suspends you for your notification.

4) Nuke the system out of spite

5) (optional) have to go into hiding because they found you out and are chasing you

We have a NEW and GLORIOUSER-ER-ER PSU Tier List Now. (dammit @LukeSavenije stop coming up with new ones)

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)

Chillinmachine: Noctua NH-C14S
Framepainting-inator: EVGA GTX 1080 Ti SC2 Hybrid

Attachcorethingy: Gigabyte H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333

Computerarmor: Silverstone RL06 "Lookalike"

Rememberdoogle: 1TB HDD + 120GB TR150 + 240 SSD Plus + 1TB MX500

AdditionalPylons: Phanteks AMP! 550W (based on Seasonic GX-550)

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: Razer Viper Mini + Huion H430P drawing Tablet

Auralnterface: Sennheiser HD 6xx

Liquidrectangles: LG 27UK850-W 4K HDR

 

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, nerdslayer1 said:

a well made anonymous tip is hard to track.

I know this school, this guy is not some elitist. This schools online infrastructure is a joke, I would not be surprised if he so much as sneeze don the back end to peak inside. 

Link to comment
Share on other sites

Link to post
Share on other sites

Well I'm also sure there is much more to this story that isn't being disclosed and the fatal mistake which turns this from a true good gesture to someone poking around to see what they can find was not alerting the IT department immediately:

 

Quote

He says he was following up on some vulnerabilities he had noticed a few weeks before.

Do not delay and don't see how far you can go. Good will is not good will when you are stroking your own ego and pushing the limits of what you can find. Private information is a serious matter and unauthorized access can lead to far more problems for you and the organisation than you may be aware of, this is why the university is treating the matter as malicious.

Link to comment
Share on other sites

Link to post
Share on other sites

there needs to change .org petition thing for this guy to get the college to not be a dick.... or something like that idek.

linus sex tips

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, leadeater said:

Well I'm also sure there is much more to this story that isn't being disclosed and the fatal mistake which turns this from a true good gesture to someone poking around to see what they can find was not alerting the IT department immediately:

 

Do not delay and don't see how far you can go. Good will is not good will when you are stroking your own ego and pushing the limits of what you can find. Private information is a serious matter and unauthorized access can lead to far more problems for you and the organisation than you may be aware of, this is why the university is treating the matter as malicious.

That's a sound argument. Ultimately I could see the student delving deeper out of curiosity only. Either way, the most correct thing to do when you find one is to text the IT head immediately and then see if you can colaborate with them to find more and patch them.

We have a NEW and GLORIOUSER-ER-ER PSU Tier List Now. (dammit @LukeSavenije stop coming up with new ones)

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)

Chillinmachine: Noctua NH-C14S
Framepainting-inator: EVGA GTX 1080 Ti SC2 Hybrid

Attachcorethingy: Gigabyte H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333

Computerarmor: Silverstone RL06 "Lookalike"

Rememberdoogle: 1TB HDD + 120GB TR150 + 240 SSD Plus + 1TB MX500

AdditionalPylons: Phanteks AMP! 550W (based on Seasonic GX-550)

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: Razer Viper Mini + Huion H430P drawing Tablet

Auralnterface: Sennheiser HD 6xx

Liquidrectangles: LG 27UK850-W 4K HDR

 

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, huilun02 said:

His own university doesn't appreciate talent used for good

I'm sure Google would

He should join Google and give his university the finger

Doesn't Google pay money for finding exploits?

Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to comment
Share on other sites

Link to post
Share on other sites

24 minutes ago, MoistyMcMoistface said:

-white hat hacker, gains unsanctioned access to Laurentian University's online back end. Sudbury Ontario Canada.

 

-Accessing 2,000 personal records 'exceptionally easy, exposing private information, contact info and grades. 

"Yeah, it was exceptionally easy. Trivial almost," "I did have access to pretty much the whole system. People's privacy was at risk, but that wasn't my intention." -  says Laurentian student:

 

- White hat immediately contacts head of IT department upon this discovery. 

 

- Laurentian University not happy: Suspends student 

 

-"I don't think any organization anywhere on this planet would be able to say all our information is always secure."- Alex Freedman, Laurentian University Chief of Staff

 

http://www.cbc.ca/news/canada/sudbury/laurentian-university-internet-security-breach-1.4082506

should have sold it on the open market

Yours faithfully

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Lord Nicoll said:

should have sold it on the open market

Lol, no kidding.  The Ontario police cyber crime division are probs too depressed over the Leaf's defeat to do anything.

Link to comment
Share on other sites

Link to post
Share on other sites

10 minutes ago, wii8cookies said:

there needs to change .org petition thing for this guy to get the college to not be a dick.

Why?  If the uni keeps him banned after the police confirm he was just white hatting, then fine.  But at this point the only thing anyone has to run on is belief, and thats just stupid.  If he's confident he did nothing and that they'll ultimately be "thankful", and he's willing to give them leeway in order for them to confirm as much for themselves...Why should we get spun up over this?

Link to comment
Share on other sites

Link to post
Share on other sites

16 minutes ago, MoistyMcMoistface said:

Maybe he was good at predicting: He knew that the University would freak out and get the police involved like they did. He did not want to get in more trouble for trying to conceal his ID, better establish his Innocents instead of the police tracking him down . 

Realizing you just did something very wrong and got access to information you know you should never have seen then trying to spin it as a good gesture by disclosing it as trying to help is not the right thing to do, if that is how it played out.

 

I do give the person some seriously good credit for at least owning up to it even if it was purely ass covering. That alone would make me very lenient in any punishment.

 

If it was purely how the student says it was and was always good intent then getting the police involved is a bit much, however I do see it from the university's perspective as private information had been breached and it's not something you can quietly dismiss. Take note of the fact that counselling records had been breached which is protected under strict laws and guidelines as anything medically related is. 

 

P.S. Disclaimer I work for a university IT department.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×