On July 15, four printers around the University of Oregon were hacked. For several minutes, they could do nothing but print ink-heavy images featuring the Muslim declaration of faith, the Shahada.
The same day, a hacker who identified themselves as “Le Pink,” took responsibility for the attack on Twitter:
Another 4 Xerox machines are now RIP at @Univ_Of_Oregon Including the deans office. Enjoy. pic.twitter.com/0kfIMdEVXU
— Le Pink (@evilbypink) July 16, 2015
The damage caused by Le Pink (@evilbypink) was relatively minor. He put the targeted printers out of commission for a while and wasted some paper and toner.
“The act is somewhat analogous to tagging a building with graffiti, except with even lower impact,” said Nancy Novitski, a representative from UO’s Information Technology Department department.
The printers were fixed quickly, and given “new, secure passwords.” From the looks of the Le Pink’s Twitter account, UO wasn’t the only target.
He or she claims responsibility for printer attacks at least four other universities all across the country, including Alaska.
Will Laney, the chief information security officer for the university, wasn’t worried about the attack.
“It happens, and we deal with it,” Laney said.
Laney is sure the hacker was simply looking for printers whose passwords were still factory default. Emerald reporter Noah McGraw contacted Le Pink through Twitter to discover the reason for the printer attacks.
@evilbypink I represent the UO’s campus newspaper, the Emerald. Care to comment on your attack on the printers? Namely, why? PM this account — Noah McGraw (@uoemeraldout) July 22, 2015
Le Pink responded. The following image is a screenshot of the direct messages sent to McGraw over Twitter:
Direct messages sent by “Le Pink,” a hacker that targeted UO printers in July. (Noah McGraw/Emerald)
The Emerald was not able to confirm whether the hacker was actually a member of Anonymous, a global assembly of computer hackers with very secretive membership.
While this incidence of a digital security bypass didn’t cause significant damage, it does raise questions about the security of data at the university.
“We get probed, as does everyone on the internet, thousands of times a day,” said Laney.
Probes are looking for holes in security. The university is a target for any hackers looking for research, personally identifiable information and Social Security numbers. Laney said that switching from using SSNs to DuckID numbers significantly helped to keep that data secure.
When Laney was hired at the UO last November, he was shocked to see that the university did not have a digital security policy — a set of interdepartmental policies and procedures regarding cyber security. His first step in securing the university was designing and implementing such a policy — which was signed by former UO President Scott Coltrane earlier this year.
The university has been hit with viruses before, primarily through email. The virus Shellshock affected many computers across the country when it came out. Four months ago, infected .zip files were sent to many UO webmail accounts, spreading the “Flashback” virus, which specifically targets iMacs.
Part of the responsibility of securing data depends on students. Laney strongly encourages everyone to keep their programs up to date, be cautious about what emails they open, and keep passwords secure and varied. Realizing that private information is at risk is a major part of prevention.
“Just have a little more awareness about security,” Laney said.
“I hate to sound paranoid,” he said, “but I’m paid to be paranoid.”
