Anonymous has hacked 26 thousand email addresses of italian teachers

26,000 teachers’ e-mail addresses were put online. And along with these, passwords to read it.

by ARTURO DI CORINTO 08 March 2018

Anonymous does not like the Good school of Matteo Renzi. This is why has put into the network 26 thousand e-mail addresses of professors of all schools and levels that belong to the Ministry of Education, University and Research. And along with these, passwords to read it.

The loot could be the result of the violation of a few websites and a couple of school coordination forums. In many cases the addresses are complete with username and password and telephones and at least three give access to websites managed with the WordPress platform. There are also 200 administrative staff addresses that keep the relationships with MIUR on behalf of the single universities: Bocconi, Luiss, Roma3, University of Calabria, Modena Reggio Emilia and so on. And right in schools, high schools and technical institutes of Emilia Romagna many profiles with related credentials belong.

Announcing the incursion, rather striking, are the Anonymous Italy who for some time have come up with the acronym of Lulzsec Italia, to emphasize the goliardic and irreverent side of their actions: “Lulz” is in fact a slang term to indicate the “fat” laughter “and fun in general, coupled with the word security in” LulzSec “. Lulzsec, however, presents itself as a spokesperson for a broader group of hackers who meet in Italy under the initials “Anonymous” and are not always the ones to conduct the sabotage actions that in several cases are attributed to AnonPlus, the activist hackers responsible for violations of italian newspapers such as Libero, Il Giornale, and Salvini’s blog a few days ago (Salvini is the leader of italian xenophobic right).

The hacker collective, giving news of the incident, has been very hard with the Minister Fedeli who believe belongs to the caste and defines torturers who from the project School-Work alternation has obtained young and free labor:

“Hello Minister of Education, Valeria Fedeli, we give her welcome to the arena. We are here today to talk about a sensitive issue that has made a lot of discussion, the School-Work alternation. The alternation work-school, was born with the intent to introduce students to the world of work, or at least this is intended to be the kind of Mrs. Fedeli.
Students of a scientific high school who are starting to learn about the world of work starting from a cancer chain like McDonald’s, can be compared only to a poor elephant in a porcelain shop, students who are eventually exploited only for your interest in having a young and free labor force. You are only torturers who take advantage of the experience that today’s young people have to take advantage of for your personal gain. “

The goliardic anger then turns to ministers and parliamentarians: “And just as you Ministers and MPs are trying to ruin the school, we try to ruin you, but with only one difference! Which? That you always fail, we do not. Expect US! “

Hacked databases and risks

Hacked databases are 52, 6048 emails from individual schools, 63 from coordinators, 355 from the “Indire” forum, 42 from Xforum, 148 from school managers, 155 from referents, 6808 from teachers, and another 13 thousand connected to the world of school but with private addresses, from to

And yet, apart from the possibility to enter in the e-mail box of reference persons and school coordinators who are supposed to exchange work documents, ideas and projects, perhaps even political evaluations of the reform (that is certainly not homogeneous), the most serious violation could concern the database containing data on deducible tax donations (5xmille) to the University from which it could be traced back to donors and their profiles, including their taxes and earnings.

The rule of social engineering in fact wants that this computer technique that leverages the psychology of people to reconstruct the digital identity of individuals and replace them in everyday relationships, add one piece of information at a time to exploit the credentials with which we access social , banks, company network, sites of the Public Administration. And then it is known, from the violated mailbox you can get to the lawyer, from the lawyer to the tax expert, from the tax consultant to the doctor and take possession of the CUD or analysis sent by email to the bank where you are current account holders.

In short, from the inbox to the complete theft of identity is a step.

The problem of disclosure of a single email could therefore become more serious than a mailbombing, a massive bombardment of emails to single boxes of gruff professors to clog and make them collapse. While there is still the risk of seeing even the evaluations of students modified by accessing the online registers of the schools illegitimately.

Therefore, the advice is to immediately change your credentials and activate two-factor authentication. And to cross your fingers that this has not already happened.

Teacher, journalist, hacktivist. Privacy advocate, copyright critic, free software fan, cybersecurity curious.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store