Oxford University Beefs Up Security After ‘Anonymous’ Threat

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Exclusive: University forced into security changes after being hit by group whose Anonymous credentials are questionable

The University of Oxford has bolstered its Web security after a group claiming to be associated with Anonymous hacked the famous educational institution, TechWeekEurope has learned.

A Department of Physics-owned server, which hosts a number of development websites and sites set up for “experimental groups”, was compromised, Oxford University said.

“It appears that access was gained because some directories were inadvertently enabled for searching thereby exposing a list of the existing files. Some of these files had relaxed permissions and were therefore readable,” a University of Oxford spokesperson said.

“A file or two were read, one of which had a password to a database containing publicly available scientific papers. This was the only content of the database and it held no sensitive information whatsoever. No system files or confidential materials were accessed or modified.”

Damage limitation

The main physics website is based on a different server and was unaffected, but despite the limited damage, the university was compelled to implement security improvements.

“The permissions and directory listing settings have been changed to prevent similar issues. The web domain involved in the compromise has since been moved to the main physics web server and will no longer be hosted on the affected system,” the spokesperson added.

“Firewall blocks have been in place to protect the system whilst investigations have been carried out and these will stay whilst further precautions are taken.”

Anonymous or not Anonymous?

There is some confusion over whether the hit on Oxford University was carried out by a genuine member of Anonymous. According to the group which revealed the compromise, and which claimed to be part of Anonymous, a hacker called WikiboatBR was behind the hit on the University of Oxford, ostensibly as part of the #OpFreeAssange campaign being carried out by the hacktivists.

Earlier this week, it emerged the University of Cambridge’s email service used by students and academic staff was hacked by NullCrew, a hacktivist group supporting Julian Assange of Wikileaks.

Various UK-based websites have been struck in the name of Julian Assange, who is still residing in the Ecuadorian embassy in London. The Wikileaks founder is wanted for questioning in Sweden over sexual abuse allegations, but is seeking safe passage to Ecuador after the South American nation granted him asylum. Assange’s appeal against the extradition was denied by UK courts.

Various websites have been hit by Anonymous-affiliated cells protesting for Assange’s freedom, but it appeared the group had taken something of a scattershot approach. Having taken down a number of government sites, including ones belonging to the Department of Work and Pensions and the Ministry of Justice, it also hit the website of MP Peter Hain, even though the Labour politician was against the extradition of Assange.

However, a member of the Anonymous UK group told TechWeekEurope that “rogue hackers”, not real members of Anonymous, were to blame for the University of Oxford hit and the compromise and defacing of Hain’s website.

“We believe they are not anons,” the Anonymous UK member said. “A hacker was claiming to have attacked Peter Hain under OpFreeAssange.

“Oxford Uni and Peter Hain are not Anonymous Hacks. I have checked with OpFreeAssange.

“They only target gov websites and corps with strong links to Government. I believe this is a Brazilian based attack from a hacking community based there which is not affiliated to Anonymous.

“These are easy hacks on websites to build rep whilst pretending to be Anonymous sanctioned.”

The confusion has again highlighted the disparate, fractured nature of Anonymous, which allows anyone who successfully attacks a website to claim to be part of the group, potentially undermining it.

Are you a security guru? Try our quiz!