Cyber spying on universities

{{Short description|none}}

Cyber spying on universities is the practice of obtaining secrets and information without the permission and knowledge of the university through its information technology system. Universities in the United Kingdom, including Oxford and Cambridge, have been targets,{{cite news |last1=Yeung |first1=Peter |last2=Bennett |first2=Rosemary |title=University secrets are stolen by cybergangs |url=https://www.thetimes.com/uk/defence/article/university-secrets-are-stolen-by-cybergangs-oxford-warwick-and-university-college-london-r0zsmf56z |work=The Times |date=5 September 2017 |language=en}} as have institutions in the United States and Australia.{{cite news |last1=Koziol |first1=Michael |title=Major universities hit by data breach affecting thousands of job applicants at top firms |url=https://www.smh.com.au/politics/federal/major-universities-hit-by-data-breach-affecting-thousands-of-job-applicants-at-top-firms-20180608-p4zkd9.html |work=The Sydney Morning Herald |date=8 June 2018 |language=en}}

Universities are targets for cyber espionage due to the wealth of personally identifiable information they possess on students, employees, people who buy tickets to sporting events, and, if the university has an academic medical center, on patients treated there. Information about research projects with industrial or military application are also targets. The culture of information sharing within universities tends to make them easy targets.{{cite news |last1=Thompson |first1=Cadie |title=Hackers next big target: Your kids' college |url=https://www.cnbc.com/2014/08/21/hackers-target-colleges-to-steal-personal-data-university-research.html |work=CNBC |date=21 August 2014}}{{cite news |last1=Roman |first1=Jeffrey |title=Universities: Prime Breach Targets |url=https://www.databreachtoday.asia/universities-prime-breach-targets-a-7865 |work=Data Breach Today |date=February 3, 2015 |language=en}}{{cite news |last1=Campbell |first1=Susan |title=Why schools are prime targets for data breaches |url=https://www.wpri.com/back-to-school/why-schools-are-prime-targets-for-data-breaches/1400415386 |work=WPRI |date=28 August 2018}}

Breaches can occur from people sharing credentials, phishing, web-crawlers inadvertently finding exposed access points, password cracking, and other standard hacking methods. University credentials are bought and sold on web forums, darknet markets and other black markets.{{cite news |last1=Guilford |first1=Gwynn |title=For $390 you can illegally buy an elite university email account on China's biggest online marketplace — Quartz |url=https://qz.com/263013/for-390-you-can-buy-a-harvard-email-account-on-chinas-biggest-online-marketplace/ |work=Quartz |date=September 10, 2014 |language=en}}{{cite news |title=Public Service Announcement: Cyber-Related Scams Targeting Universities, Employees, And Students |url=https://www.ic3.gov/media/2014/140505.aspx |work=FBI Internet Crime Complaint Center |date=May 5, 2014 |language=en}}

The result of such efforts have included theft of military research into missile design or stealth technologies,{{cite news |last1=Blair |first1=Dennis C. |last2=Alexander |first2=Keith |title=Op-Ed: China's Intellectual Property Theft Must Stop |url=https://www.nytimes.com/2017/08/15/opinion/china-us-intellectual-property-trump.html |work=The New York Times |date=August 15, 2017 |language=en}} as well as medical data.{{cite web |url= http://www.ihealthbeat.org/articles/2014/5/8/columbia-medical-center-hospital-to-pay-4point8m-fine-for-data-breach |title=Columbia Medical Center, Hospital To Pay $4.8M Fine for Data Breach |website=iHealthBeat |publisher=California HealthCare Foundation |date=8 May 2014 |accessdate=17 February 2015 |archive-url=https://web.archive.org/web/20160207081508/http://www.ihealthbeat.org/articles/2014/5/8/columbia-medical-center-hospital-to-pay-4point8m-fine-for-data-breach |archive-date=7 February 2016 }}

As a precaution against such attacks, Stanford University advises its employees to take IT precautions when they travel abroad.{{cite news|url=https://www.nytimes.com/2017/11/13/business/foiling-cyber-spies-on-business-trips.html|title=Foiling Cyberspies on Business Trips|last1=Weed|first1=Julie|date=November 13, 2017|work=The New York Times|language=en}}

Moreover, in March 2018, the United States charged and sanctioned nine Iranians and the Iranian company Mabna Institute for hacking and attempting to hack hundreds of universities on behalf of the Iranian government.{{cite web |title=Foreign Economic Espionage in Cyberspace |url=https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf |publisher=US National Counterintelligence and Security Center ( |date=2018}}{{cite news |last=Volz |first=Dustin |url=https://www.reuters.com/article/us-usa-cyber-iran/u-s-charges-sanctions-iranians-for-global-cyber-attacks-on-behalf-of-tehran-idUSKBN1GZ22K |title=U.S. charges, sanctions Iranians for global cyber attacks on behalf of Tehran |publisher=Reuters |date=March 23, 2018 |accessdate=March 24, 2018}}{{cite news |last1=Carpenter |first1=Todd A. |title=FBI Indicts 9 Iranians who Targeted Scholars to Steal Content |url=https://scholarlykitchen.sspnet.org/2018/03/28/51123/ |work=The Scholarly Kitchen |date=28 March 2018}}

Credentials used by Sci-Hub to access paywalled scientific articles have been subsequently used by hackers seeking to breach university firewalls to access other information.{{cite news |last1=Pitts |first1=Andrew |title=Guest Post: Think Sci-Hub is Just Downloading PDFs? Think Again - The Scholarly Kitchen |url=https://scholarlykitchen.sspnet.org/2018/09/18/guest-post-think-sci-hub-is-just-downloading-pdfs-think-again/ |work=The Scholarly Kitchen |date=18 September 2018}}