A hacker who has declared that he’s retaliating for a Ramsey County jury’s acquittal last week of the police officer who killed Philando Castile said Thursday that he has struck again, this time targeting the University of Minnesota.
The hacker, who calls himself Vigilance, said he exploited a flaw in the university’s system and sent an e-mail to several news reporters from a U server. University officials said they could neither confirm nor deny whether a server was accessed.
“We routinely monitor our environment for security incidents, including any compromises,” said U spokesman Steve Henneberry, adding that it would be easy to spoof an e-mail address.
The hacker previously broke into state of Minnesota databases and electronic files at the Minnesota State University Moorhead. It doesn’t appear that he stole sensitive or financial information from either place, according to state and MSU officials.
Minnesota officials said the hack into state computers didn’t affect any major business systems that support government operations. The hack into an old computer system mainly affected subscribers to state geographic information and energy newsletters, and they’ve been notified about changing their passwords, officials said.
“Minnesota IT Services worked quickly to remedy the vulnerabilities and strengthen security controls,” officials said in a written statement.
Minneapolis FBI spokesman Craig Lisher said his agency is looking into the possible hacks.
In an exchange of messages on Twitter, Vigilance said he discovered a “flaw” in a University of Minnesota server on Wednesday that allowed him to use it to send an e-mail. It’s “merely a warning,” he said, noting the flaw could be used for a phishing attack on students and staff.
In a message posted Wednesday on ghostbin.com, Vigilance vowed “to be back with other hacks.”
Mike Johnson, who oversees the U’s graduate security technologies program, isn’t privy to information on whether the hacker infiltrated the U’s server, but he noted that sophisticated attackers try to hack systems all the time. IT officials have learned to react quickly, plug holes and go on the offensive.
The hacks by Vigilance are certainly concerning, Johnson said. “It’s not a situation where the sky is falling,” he said. “But it’s a wake-up call.”
Phishing scams, which make it appear that an e-mail has been sent by a reputable source, can trick some people into divulging private financial information. That can create major problems, usually for a short time before they’re quashed, Johnson said.
Most hackers are in it for the money and steal personal and financial information, he said. Unlike Vigilance, they don’t announce what they’ve done so they can try to reap the benefits before authorities take corrective action.
Vigilance may be hacking in the name of a cause, but it’s illegal, Johnson said.