Hacked Yet Again
Around 7 p.m. of April 19, the official website of the University of San Carlos (USC) was hacked. The Chinese writings and the image of the Chinese flag that appeared as one enters the site gave the idea who the culprits are and where they are from. Thankfully, the Integrated School Management Information System (ISMIS) was not affected by this attack.
The hackers may either be well-versed or well-endowed programmers or both. The reason behind their hacking of USC’s website is still unknown. Moreover, of all the websites out there, why they chose USC’s is still unexplainable.
The black background and the red colored font was clearly unpleasant. Also included were texts from the hackers. However, when translated to English, the texts seem senseless but the misspelling of ‘Philippines’ to ‘Philipinnes’ was probably one of the greater concerns of the Grammar Nazis that might have cringed upon reading the text. The last line of the message was just as confusing: “A visit to this despicable cattle.”
They might have meant this figuratively, but we are not even a Chinese-speaking country to begin with. One will never know what these people really meant as the direct translating power that Google provides was unable to help. Unless, of course, some of the readers have extensive knowledge on Chinese characters as well as Chinese sentence construction.
Questions about the security of the university’s website arose, given the fact that this is not the first time that it has been hacked. Students from the Department of Computer Science and the Department of Computer Engineering know these things very well. Those who are knowledgeable in web development have probably formulated their hypotheses as to why such attack occurred. For others who are unfamiliar with the world of programming and development, understanding the possible factors of the hack will most probably be overwhelming and hard to comprehend. Basically, the main concern here is security and how easily this security is breached.
Hackers hack for a lot of reasons, but three good ones we may come up with are that they hack either for money, fun, or both. A freelance programmer, who chose to remain anonymous, says, “Some programmers enjoy the challenge of breaking into complicated systems.” It is somehow similar in the situation of a locksmith. Once he finally unlocks that annoying door, after struggling for hours, there is that feeling of looking forward to unlocking more doors in the future. Similarly, a feeling of accomplishment overtakes one who has undergone a successful hack. In the hands of a skillful programmer, breaking into complex systems is not easy, but it is not impossible either.
Hacking is a grave threat for any system with delicate information, such as credit card information and data from transactions. “Information out in a cloud is the most vulnerable, which is why it is important to employ security.” Everyone is concerned with security. We do not leave our houses wide open for the burglars to come. Even our cars have their own alarms and our phones their own password protection. Airports and banks would definitely have security as their greatest concern considering the importance and significance of the business transactions these establishments have. Disrupting security is definitely a worst-case scenario. Jeff Zhang, a developer for NextIX Systems, mentioned, “They need well-versed developers in security and they also need to update it every day or two.”
The website’s hosting could also be a factor. A web host, in simple terms, is what is basically needed to publish a website. There are numerous web hosting services found in the internet, but one must be equipped with enough knowledge before jumping right into it. When asked to choose between using web hosting services and hosting the website yourself, Jeff answered, “If you’re going to do it yourself, treat it as a pet considering the confidentiality of the data. I suggest doing it yourself.” A graduate from the Computer Engineering student with a major in Software Engineering (BS CompE-SE) from USC answered, “If I have the resources, it’s much safer if I host it myself. Because if they (the hackers) take out the host, everything will be dead, and I’ll be assured that I have a backup in my end as a host.” Although an Information and Communication Technology (BS ICT) graduate thought otherwise, he mentioned, “Doing it yourself would be riskier because hosting includes a multitude of security measures and server stability measures that no small company can provide.” Problems regarding hosting a website are rarely factors for it to be hacked. Still, this does not mean that this is not a possibility.
Besides the hosting, the website’s server could also be a factor. A server is basically a system that hosts websites, and it is connected to the internet. Online gamers are familiar with this term, and errors and lags regarding servers usually cause inconvenience to the players. A student from the Department of Computer Science mentioned, “There’s a possibility that the server did not have a server mask, or it might have had an obvious server mask. It might have probably been traced.” Server masking is essential for enhancing server security.
The biggest factor here is that the website might not have followed security protocols, which are very essential. It is always assumed that a website that provides delicate information would follow these. However, we do not really know what the security protocols of the web administrators of USC are, so we cannot really judge and assume that it is unsafe.
The factors are laid out and what remains is the question of whether the hackers’ skills are well-founded or if the website is just weak. If the USC website has a good security then these hackers really know what they were doing.
The fact that there are people out there who can infiltrate the university website should be a challenge for the web administration. This infiltration should be considered a wakeup call to strengthen the security of our websites, and this should be dealt with accordingly as soon as possible. No one knows when these people will attack again, and what they will attack next.