Hackers strike US Ivy League schools already under political pressure

NEW YORK – Hackers have struck elite US universities in recent weeks, pilfering sensitive data from donors and making off with students’ information in a string of digital heists that only add stress to schools already besieged by political pressure. 

Harvard University, Princeton and the University of Pennsylvania have each disclosed breaches within the past three weeks, months after a politically motivated attacker burrowed deep into networks at New York City’s Columbia University.

The identity of the intruders in the most recent incidents remains a mystery. But the hacker in each case duped school employees to access databases of personal information about prominent individuals associated with each institution. 

The break-in at Harvard, which the school discovered on Nov 18, resulted in the theft of personal data and other information from fund-raisers at the school, which typically raises more than US$1 billion (S$1.3 billion) annually. 

“Universities like Harvard have a lot of valuable information like personal information about powerful people – politics, influencers, executives – and we know both criminals and countries target these institutions,” said Mr Sergey Shykevich, threat intelligence manager at the Israeli cyber-security firm Check Point Software Technologies.

With breaches at Harvard, Princeton, the University of Pennsylvania and Columbia, half of the Ivy League – four out of eight schools – have now experienced cyber attacks.

The motivation of the hacker in each breach remains unclear. Princeton officials said in a statement that they have no reason to believe the hackers’ motivation behind the Nov 10 breach was political. The databases accessed by the hackers did not include financial information, but many of the individuals in the databases are high-net-worth individuals.

The cyber incidents have occurred while the schools face immense political pressure from the White House over issues such as charges of anti-Semitism, admissions, criticisms of a lack of viewpoint diversity and support for diversity programmes.

US President Donald Trump’s administration has frozen billions in research funds, threatened accreditation and targeted international students.

The White House is trying to link federal funding to new restrictions on hiring, admissions and tuition, a deal that several prominent schools, including the University of Pennsylvania, have declined. The Trump administration said it is “close to finalising” negotiations with Harvard. 

The University of Pennsylvania declined to comment. Harvard and Princeton did not respond to requests for comment. 

It is not clear if the same hacker conducted every breach. But the attackers used the same tactics at each school. They also targeted similar data, and the incidents occurred in relatively rapid succession.

Cyber criminals go after big targets, said Mr James Lewis, a senior adviser in economic security and technology with the Center for Strategic and International Studies, and elite universities have been in the spotlight as a focus of the Trump administration.

“Trump goes after universities and hackers say, ‘Maybe I should do that, too’,” Mr Lewis said.

Cyber-security firms have consistently determined that education is ranked among the most-hacked sectors due to its wealth of data and relatively weak digital defences. Hackers from China, Russia and North Korea often have target schools in attempts to steal university research, according to Microsoft. 

Universities hold data about many thousands of alumni, donors and students, but also parents and applicants, as well as school employees and, in some circumstances, health information.

In June, Columbia University investigated a breach that ensnared demographic information, academic history, financial aid-related information and insurance and health-related data shared with the university, among other details. Such information can be used for malicious purposes such as theft, identity theft, fraud and doxxing, or the process of publicly revealing a person’s information without their consent. 

Data hacked from Columbia University was made available by a person who ran a blog that promoted views about race and IQ that have been criticised as offensive and scientifically flawed.

In October, after the hack at the University of Pennsylvania, students and alumni received e-mails from the apparent hacker describing the school as “woke” and criticising the college’s stance on affirmative action. In an interview with the Verge, a technology news site, the alleged Penn hacker said they plan to sell the data.

It was not clear if the incidents at Columbia and Penn were related or conducted by the same person. Bloomberg