Oxford University’s quality of data protection is far better than Cambridge’s, according to a leading cybersecurity firm.
RepKnight searched the dark web – a seedy but massive back-alley to the normal internet – and found more than twice as many stolen Cambridge email addresses as Oxford email addresses.
As part of their campaign to raise awareness of hacked credentials, the firm scoured the dark web for stolen Oxbridge email addresses using their monitoring tool Breach Alert. They found around 400,000 stolen addresses with the cam.ac.uk domain, and less than half that number with the ox.ac.uk domain.
The addresses were found across numerous dark web sites that serve as warehouses for stolen information. Collectively, those warehouses store “more than five billion stolen, leaked or hacked credentials.”
Though the term “credentials” might suggest passwords or security answers, email addresses alone could be turned against users and institutions. RepKnight warns of how hackers use stolen university emails, including doing anything from conducting phishing scams to using university systems as proxies to conduct illegal operations.
Patrick Martin, the firm’s cybersecurity analyst, said: “It is often assumed that cybercriminals are primarily targeting commercial businesses. However, it’s not hard to see why the confidential data stored at universities might be a valuable commodity for criminals, given the links those institutions have to government agencies, supra-national organisations like the EU, and the private sector.
“Like most industries, universities are working hard to improve their cyber security capabilities. But the best network security often can’t defend against someone logging in using a stolen username and password. The vast majority of the credentials we see on the Dark Web are from third-party breaches, where an email address had been used on a site like LinkedIn or Dropbox, and that site was subsequently compromised – often including the user’s password.”
The findings come after Christopher Wylie’s revelations regarding his former employer Cambridge Analytica’s data gathering practices. Andrew Nix, CEO of the British Big Data firm, bragged to an undercover reporter of swinging elections using prostitutes and sting operations, among other underhanded methods.
Facebook employees have also come forward accusing Cambridge Analytica of mining users’ data to influence their vote.
Sandy Parakilas, former platform operations manager at Facebook, told the Guardian that hundreds of millions of Facebook users could also be targeted by other companies using the same methods as Cambridge Analytica.