Visitors to the Slane College of Communications and Fine Arts Web site didn’t see the college’s newly redesigned homepage last Saturday.
They saw an all-black page with just a few lines of text instead.
“Bradley University Sites HACKED,” the text read. A few more sentences made reference to terrorism, war and religion.
“It’s not necessarily a real terrorist organization,” said Dave Lennie, director of instructional technology for the college. “It’s some joker masquerading as one.”
Lennie said the university isn’t worried and “aren’t giving it much weight” as a major security threat, though the college’s site had been breached.
He said someone replaced the site’s main file with another file, likely through a hole in the site’s coding. The Slane College Web site was recently overhauled by multimedia students. Lennie said the site is still under development, so some holes may have been accessible.
Staff worked quickly to restore the main file to the Web site, Lennie said. Because the hacker only deleted one main file instead of destroying multiple files, it was easy to restore, he said.
“It wasn’t terribly destructive,” he said. “They got in and got out quickly.”
Associate Provost for Information Resources and Technology Chuck Ruch said he wasn’t sure how long the site was compromised, but a screenshot of the hacked site obtained by the Scout pegs the time at roughly 3 p.m. last Saturday.
Lennie said he is “99 percent sure” he and his staff found the method the hacker used to access the site’s main file. “They left a trail,” he said. “And that door has been closed.”
The hacker’s motive is unclear, Lennie said. It may have been a robot online – a Web crawler that methodically searches for sites with open security holes, he said. Or it could have just been a prankster.
“Some people hack something just for the sake of hacking it,” Lennie said.
Either way, the Slane College Web site has been “cinched down much tighter” to prevent similar situations in the future, Lennie said.
Ruch said the university occasionally experiences “security events,” under which the Slane site’s hacking would fall.
“We have established procedures that we follow in these situations,” he said. “Experts in various areas of security work on [each incident.]”
More than 44 percent of hacking incidents in 2007 were tied to non-commercial sites, including education sites, according to the Web Application Security Consortium.
The Slane site has never been hacked before, Lennie said.
Ruch said he isn’t aware of another compromise where the Web site was replaced, as in the Slane site situation.
