A researcher recently found that the websites of some of the world’s most prestigious universities are serving blatantly obscene and malicious content, as scammers have taken advantage of site administrators’ shoddy record-keeping.
The sites include berkeley.edu, columbia.edu, and washinggu.edu, which are the official domains of the University of California, Berkeley, Columbia University, and Washington University in St. Louis. Subdomains like hXXps://causal.stat.berkeley.edu/ymy/video/xxx-porn-girl-and-boy-ej5210.html, hXXps://conversion-dev.svc.cul.columbia[.]edu/brazzers-gym-porn, and hXXps://provost.washu.edu/app/uploads/formidable/6/dmkcsex-10.pdf. All provide explicit pornography and, in at least one case, a scam site falsely claiming that the visitor’s computer is infected and advising the visitor to pay a fee to remove non-existent malware. In total, researcher Alex Shakhov said, hundreds of subdomains from at least 34 universities were being misused. The search results returned by Google list thousands of hijacked pages.
Handful of hijacked Columbia.edu subdomains listed by Google
Handful of hijacked Columbia.edu subdomains listed by Google
One of the sites redirected by the UC Berkeley subdomain.
One of the sites redirected by the UC Berkeley subdomain.
Hijacking the good name of a university
Shakhov, founder of SH Consulting, said the scammers – whom a separate researcher has linked to a known group tracked as Hazy Hawk – are seizing what amounts to clerical error by site administrators of the affected universities. When they commission a subdomain like provost.washu.edu, they create a CNAME record, which assigns a subdomain to the “canonical” domain. When the subdomain is eventually disintegrated – something that happens frequently for various reasons – the record is never deleted. Scammers like Hazy Hawk then hijack the old records.
With this, they have now hijacked the subdomain of that university. Given the reputation of universities, search queries flow to the top of Google’s results.
<a href