Avatar for cpikas
» posted to Christina Pikas and lsw

someone on liblicense said that they had enough traffic from hacked credentials to impact their usage statistics. I personally think this says a lot more about the quality of their IT than about sc?h?b ... but it surprised me. Has anyone else had this experience or heard of same?

Comment

When I was at Caltech there were occasional months of anomalously high usage for specific resources that we assumed were for the same reason

 ‎· kbuxton
Comment

like, does their shop just not do anything about hacked creds? do they have an infosec office at all?

 ‎· LibSkrat
Comment

Hacked credentials are a bit like whackamole. I guess if you're big enough (and therefore a more appealing target than my wee uni - and even we've just introduced 2FA because of all the phishing) you might not be able to shut down the accounts fast enough to stop them impacting the usage stats?

 ‎· Deborah Fitchett
Comment

Well, they're exactly like whackamole, but they're also incredibly dangerous to leave hanging out there -- pilfering papers is the least of it.

 ‎· LibSkrat
Comment

^that was the surprising thing - they said pilfering papers was all the hackers were after... sounds like the IT is oblivious?

 ‎· Christina Pikas 1
Comment

THOSE hackers, maybe.

 ‎· LibSkrat
Comment

^^ ^^^ This is my reaction. We've had spikes that affect statistics, and it's not about papers, and only an idiot/bully would pretend that's the case.

 ‎· Meg Vmeg 1
Comment

it was reported in our news that hackers implied to be from China hacked our 2 biggest universities here to access databases. cue jokes and memes on social media. might be a face saving coverup

 ‎· Aarontay
Comment

^^^ they said rarely was it more than papers. which to me says there are cases where that wasn't all that was compromised.

 ‎· LisaLibrarian
Comment

in the local case here was penetration not DDOS.

 ‎· Aarontay
Comment

Honestly I haven't heard of cases of misuse of credentials other than for getting papers. I know of a case of a server being hacked for the lols (no credentials involved, just a config mistake) and cases of social engineering to get fake invoices paid. Not at all to say it doesn't happen - one doesn't tend to advertise security failures so even if ITS knew about cases they wouldn't necessarily tell me.

 ‎· Deborah Fitchett 1
Comment

There have been attempted research-center hacks, e.g. from the Mabna Institute. I hear most of the way in has been phishing, but I wouldn't be surprised to hear about purchased credentials.

 ‎· LibSkrat

1 2 3 4 5 6 7 8 9 10