Site will be messed up for a bit as I work on things/break them.
DNL

FBI: Academic Credentials for Sale on the Darkweb

An alert from the FBI warns that compromised US academic credentials are being sold on the darkweb.

A Private Industry Notification (PIN) from the Federal Bureau of Investigation (FBI) warns that investigators have identified compromised US academic credentials on forums, including at least one on the darkweb.

Summary

“The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.”

A picture of Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums

Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums

Threat

“Cyber actors continue to conduct attacks against US colleges and universities, leading to the exposure of user information on public and cyber criminal forums. Credential harvesting against an organization is often a byproduct of spear-phishing, ransomware, or other cyber intrusion tactics. For example, in 2017, cyber criminals targeted universities to hack .edu accounts by cloning university login pages and embedding a credential harvester link in phishing emails. Successfully harvested credentials were then sent to the cyber criminals in an automated email from their servers. Such tactics have continued to prevail and ramped up with COVID-themed phishing attacks to steal university login credentials, according to security researchers from a US-based company in December 2021.”

“The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces. The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services. If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder, or use for subsequent attacks against affiliated organizations.”

Examples

  • As of January 2022, Russian cyber criminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access. Sites posting credentials for sale typically listed prices varying from a few to multiple thousands of US dollars.
  • In May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were identified on a publically available instant messaging platform. The group posting the compromised data appeared to be involved in the trafficking of stolen login credentials and other cyber criminal activities.
  • In late 2020, US territory-based university account usernames and passwords with the domain .edu were found for sale on the dark web. The seller listed approximately 2,000 unique usernames with accompanying passwords and asked for donations be made to an identified bitcoin wallet. As of early 2022, the site containing the credentials was no longer accessible.

It surprises me that something as mundane as compromised academic credentials meets the threshold for a PIN.

Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums pdf

18 Comments
It's Called We Engage In A Mild Amount of Tomfoolery
7c61a7d9
462fa070 Fri, May 27, 2022

It surprises me that something as mundane as compromised academic credentials meets the threshold for a PIN.

My lord the douchness, go outside, DNL.

bace0635
c3f3a7c0 Fri, May 27, 2022

Those credentials give access to email, file shares, network drives, etc that have unpublished research data, unpatented inventions, future research plans, in many cases private health information of patients in research trials, all on top of access to a lot of services, knowledge, and software you’d otherwise have to pay a lot to access. Maybe they don’t realize there are people doing more important things than undergraduate arts degrees at universities?

688a1eae
8de18ef0 Fri, May 27, 2022

^ Enjoying our weekend I see.

lol u simp cucks really get triggered so easily without your dn safe spaces

49e608b3
224fe910 Fri, May 27, 2022

^ guess I’ll just have to bill uncle sam, again, to have those affected, change said credentials, oh noooooos! because patching a zero day exploit in-real-time isn’t a thing in 2022, cuck

big brain time folks

fa5bf108
97828120 Fri, May 27, 2022

As of early 2022, the site containing the credentials was no longer accessible.

Reading is hard.

e4d76e88
a7130730 Sat, May 28, 2022

I heard captain hoods graduated from MIT…

af7da022
11f38480 Sat, May 28, 2022

Haha, you’re fucking kidding me… “Captain Hoods?”

8d802649
3f0a6a90 Sat, May 28, 2022

The main problem with .edu student credentials is you have to contact someone to change the password. Student’s cannot change them via the portal.
Student credentials are fairly worthless, Most are public and have been raped when it comes to free student services from third parties.

6e776ab2
249e4610 Sat, May 28, 2022

People pay for this shit?
lac2151624@maricopa.edu:Selling1986
nicholas.dodson@maine.edu:Bouchard42123
cbyrne1@ycp.edu:Ireland08
howardja@delhi.edu:Kitkat221
abortiz@ucdavis.edu:9999999adam!
dedmond5@emich.edu:dezoman23@
apayne6@emich.edu:Jackson5
bettsjp@dukes.jmu.edu:MXL@858unk
ebirnhol@indiana.edu:Michigania1!!
ssanchis@ashland.edu:Sergiet93$
jholl1@lsu.edu:W00dlandsTexas1!
cd1274@txstate.edu:pepper69!
zhijiz3@uci.edu:521314Ab$
gardnermj@vmi.edu:Specops10881
jb.pry@okstate.edu:nnaaeL01
matthew.wyandt@park.edu:braden93$
kpoz82@mail.missouri.edu:Itseasy1231
nhieubra@msu.edu:A114079794889a123
caitlynlutz@mail.usf.edu:frenchhorn!
anna.rowell@ou.edu:Hepburn0575
uhltyler@msu.edu:Tu491240Aa

b3e28250
27a55f60 Sat, May 28, 2022

some passwords above contain a small letter and a big letter a number and special character. seems insufficient for protection against hackers

ad7fee3c
ee498b10 Sat, May 28, 2022

Captain Hoods does not approve of this message… no doxxing, it’s so trashy

d5b98f1d
b1fcd550 Thu, Jun 2, 2022

2FA for the win! mando password changes

its all peer-reviewed which u can all torrent if u all super curious, or you know, contribute to society, cucks

try harder incels

Papa Rogan hasn’t interpolated opinion pieces for me yet! REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE, cuck DNL, REEEEEEEEEEEEEEEEEEEEEEEEEEE

c7111caa
92aa9900 Sat, May 28, 2022

who selling it?

52a4285f
53bf5bf0 Sat, May 28, 2022

ET should probably phone home dude… 3

db0f754d
15988bb0 Sat, May 28, 2022

I’m so bored here drug dealers are so static

f98d9215
e66f2d70 Sat, May 28, 2022

DNL… let’s cook…

6875f706
3fb5e5e0 Thu, Jun 2, 2022

wtf happened to sanwells. fuck.

New comments are disabled after ten days in an attempt to limit spam.