University Hack Raises Security Questions

via nyu.edu

A page on NYU’s website was recently hacked by a gambling website, delicately hinting in random locations throughout the page about the gambling site.

Stephen Malkowicz, Contributing Writer

“Online slots” found their way into online slots of NYU websites. Two weeks ago, an NYU web page was hacked after the words “online slots” appeared on what looked to be the profile of a math professor.

76 university websites were hacked to display links with words and phrases such as “play for real,” “mobileslotcash” and “online slots real money” in seemingly random sections of press releases, course descriptions, biographies, how-to guides and blog posts.

Although only one NYU webpage appeared to be affected and has since been corrected, any security breach is a matter of concern to the university community. Stern sophomore Kevin Leung said the incident proves how vulnerable NYU’s information is.

“It’s worrying because the university has a lot of sensitive student information, like grades and health records,” Leung said.

These links were placed as part of a scheme to drive traffic to online gambling websites. While the links were never meant to be clicked, the placement would increase traffic through search engine optimization, or SEO.

“It is fairly common for spammers to target older sites that may have flaws or vulnerabilities,” NYU spokesperson Matt Nagel said in an email to WSN. “In this case, the only NYU site impacted, a website from a 2009 conference, was taken down and no longer active before the first media reports. The University did not experience a breach of its systems or any loss of information. As part of our regular ongoing maintenance, we continue to assess and clean up old websites that may be at risk.”

SEO alters the attributes of web pages so that search engines’ algorithms rank them higher in search results for certain key terms. Web traffic can be worth a lot of money, and companies are willing to pay for it.

CAS senior Alex Wong said SEO can be a powerful tool if used correctly.

“At one of my previous internships, the company was very concerned about SEO,” Wong said. “I looked at ways to increase our ranking and at companies providing the service.”

SEO techniques can be legitimate, or “white hat.” For example, creating relevant content that is organically linked to clear keywords in titles and articles for search engines to pick up are typical ways to improve ranking.

However, “black hat” SEO uses more nefarious means, such as exploiting publishing platform vulnerabilities to inject unwanted HTML. Black hat SEO is more common in less reputable industries such as online pharmaceuticals and online gambling. Online gambling SEO in particular can be quite lucrative, with relevant keywords commanding upwards of $80 per click.

As there is an increase in our attention and dollars going towards online gambling, it is apparent that some companies will do whatever it takes to gain an edge over the competition.

UPDATE: The article has been updated to add a statement from the university on the hack, as well as to remove an incorrect quote from Assaf Dudai, the head of content at eTraffic.

A version of this article appeared in the Monday, Oct. 3 print edition. Email Stephen Malkowicz at [email protected].