NYU Hack Worrisome

WSN Editorial Board

Last month, NYU was hit with a seemingly innocuous hack that inserted strange phrases like “online slots real money” and “play for real” into an NYU website. This, unfortunately, was not simply the work of a coding error or what would have most certainly been the lamest prank of all time, but instead was a symptom of a hack on various universities across the country. The attack — which seems to have been carried out by a still-unnamed gambling website — affected over 70 universities. While this hack fortunately was resolved by the administration soon after its discovery, the very existence of such an easily accessible breach in NYU’s system reflects a serious problem the university needs to immediately address.

NYU is not the first major institution to be hacked this year, and it certainly won’t be the last. High profile companies such as Yahoo, Tumblr, LinkedIn and MySpace have all experienced major cyber security breaches recently, and the results have been telling. These companies had their so-called extensive security networks penetrated by hackers, and their customers’ data revealed and sold to the highest bidder. And while the hack on NYU was not malicious in this manner, the fact that any hack occurred is deeply disconcerting, as it seems to imply that if more sophisticated attackers turned their eyes to the university, all of our data would be ripe for the picking.

This is alarming, as the information contained within NYU emails and files is not as harmless as someone’s LinkedIn profile or their Yahoo Answers account. The university has records that contain a lot of sensitive student information, like student health records and financial information. If these files were compromised, it could be incredibly damaging for all members of the NYU community. The widespread nature of high profile breaches shows that no one — not even tech companies — are always able to stop these types of attacks, even when they are fully prepared. With this in mind, NYU’s failure to stop an attack from a minor player, like a gambling website, seems all the more horrifying.

In the wake of this attack, the university needs to take action. Thankfully, this breach didn’t result in any major compromises of information, but it still shows that there are serious systematic oversights that need to be addressed. However, starting down the road to some semblance of proper cyber security doesn’t even require that NYU shell out unreasonable amounts of money, or employ complex strategies; plans like those outlined in the NSA’s Methodology for Adversary Obstruction can easily remedy the situation. With administrative oversight and the use of proven security techniques, NYU can hopefully recover from an embarrassing breach in a manner that both protects and comforts its students and staff.

Email the Editorial Board at [email protected].