ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Friday Nov 16th 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

SFSU Possibly Struck By Bitcoin Mining Hacker

By

Matthew

De Silva

WriterETHNews.com

In a recently declassified report from February 2015, the Business and Technology Resource Group found bitcoin mining software among malware on San Francisco State University’s databases. Could this indicate that a Russian hacker was somehow harnessing SFSU’s network for hashing power?

As reported by the San Francisco Examiner, in 2014, ethical hacker Bryan Seely was investigating a liability in Oracle software used by government entities when he came across a similar issue at San Francisco State University (SFSU). Per the deposition given by Seely earlier this month, a fatal server flaw made confidential student information potentially accessible to hackers.

“This discovery and this vulnerability show that the entire system could be compromised by somebody who had the ability, or didn’t care about the ethics of it or going to jail,” said Seely.

At the time, he notified K. Mignon Hoffman, an information security officer at SFSU, of his findings.

Bob Moulton was SFSU’s then-Interim Chief Information Officer. “The Oracle vulnerability we have been working on has gotten worse,” a concerned Moulton wrote in a September 2014 email. “Unauthorized code has been installed on five servers.”

While investigating Seely’s claims, Hoffman found evidence suggesting that Russian hackers gained access to a university server via a Remote Access Trojan (RAT). Hoffman claims to have traced the RAT to a Russian IP address. In a November 2014 correspondence with SFSU president Leslie Wong, Hoffman wrote, “We identified a tunnel going back to Russia (yes, sounds like a movie, and we are in it…).”

"We don’t yet know how developed the code is nor its objective,” Hoffman added.

On January 14, 2015, Hoffman was fired by the university. Hoffman is now embroiled in a whistleblower retaliation lawsuit against the university.

In a forensic investigation incident analysis report dated February 20, 2015, the Business and Technology Resource Group (BTRG), confirmed the existence of the RAT and discovered bitcoin mining software among the malware files.

Although the relevant file names were redacted, BTRG wrote, “The introduction of these specific files would result in the capability of using the processing power and network connectivity to use for a distributed Bitcoin ‘mining’ network.”

In plain terms, the hacker(s) wanted to harness the university network for bitcoin mining.

"Further BTRG also found malicious Linux executable programs (malware) that were attributed to Bitcoin mining. Besides those, BTRG also found files present in the Images that resembled a form of Internet Relay Chat (IRC) ‘backdoor’ Perl bot that means its code was written in the Perl language that allows someone to intrude into a compromised host if they know the backdoor.

This means the server APPS02’s file system and network usage integrity was affected and the server’s purpose was being misused during the time the malware was present on the server.”

As long as a cryptocurrency requires proof-of-work mining, hashing power will remain in high demand. The greater one’s hashing power, the greater one’s chances of mining the next block. It’s easy to imagine that a university’s computing network could provide a significant boon to one’s hashing power.

The question is: Did the hacker(s) compromise any other universities’ networks? When ETHNews posed this query to Bryan Seely, he answered in no uncertain terms.

“Absolutely, they would’ve gone after a bunch of other places and they’re probably on a yacht by now.”

Seely also noted the massive financial incentive for SFSU to not disclose a breach of its student data. In a recent case, Washington State University (WSU) had to send letters to one million people whose personal information was compromised by a theft. WSU also offered victims a year-long subscription to a credit monitoring and identity theft protection service. That doesn’t come cheap but, fortunately, WSU has cybersecurity insurance

For what it’s worth, SFSU denies Seely’s allegation. “The university investigated the incident and retained outside experts who also thoroughly examined the situation,” said spokesperson Elizabeth Smith in a statement Wednesday. “No breach of data was found and no student or employee information was compromised.”

The case of K. Mignon Hoffman v. The Board of Trustees of California State University et al continues in San Francisco’s Superior Court (Case Number: CGC16549831).

Matthew De Silva

Matthew has a passion for law and technology. He graduated from Georgetown University, where he studied international economics and music. Matthew enjoys biking and listening to tech podcasts. He lives in Los Angeles.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest San Francisco State University, Business and Technology Resource Group or other Ethereum ecosystem news.