Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I randomly selected .edu websites from all over the web, including edu.az, edu.com.tr etc. 62 of 100 had those hacklinks.


In that case, the headline and summary are very misleading. The summary says "edu, .gov, websites from US" but you say the sampling includes Turkish/Azerbaijani academic websites. I don't think I'm the only person who would read ".edu" and assumes that it _unambiguously_ means US academic sites. If you can provide a full list of your sample, that would be useful to put some detail into this statistic.


most of them are american educational websites, but there are also some from Portugal, Turkey, Azerbaijan, China etc. which are very authoritative high pr websites. I'm going to write a blog post with a full list of websites.


Interesting. It'd be great if you could write this up as a blog post, explaining your motivation and methodology while giving examples of what's happening.

Good find.


If you want to expand the search, NCES might be a good way to collect additional sites to try: http://nces.ed.gov/collegenavigator/

Do you have any hypotheses about a common vector for the hack? In addition to run-of-the-mill vectors, there's also the possibility that educational middleware (online class management a la Sungard, Blackboard, PeopleSoft) is vulnerable -- this is pure speculation, of course, but as someone who worked with dozens of those portals it piques my curiosity.


I couldn't figure out yet. I'm chatting one of those hackers right now per email. He says he can sell me all the list of passwords of .gov .edu website from which country I want, and he can teach me how to hack the rest of them. Mind-blowing.


How did you locate this hacker?


I just contacted him through the Contact page of his website. He replied. I am not sure if he's a real hacker but he's the owner of bolumizleyin.com which has plenty of backlinks from several .edu websites.


@diamondhead It seems I can't reply to messages past a certain depth so I'll respond to your latest comment in the previous one. I am from Germany. I wrote you on twitter.


zeynalov, please report him to a police department or a related department in Turkey. if you don't know how to do it, I can help you on this as a Turkish citizen.


Probably by looking at the whois of the domains being linked to?


Just by contacting them directly from their website.


It would be fascinating to see results from a selection of big well known universities in US, EU, etc.


let's share those urls you're talking about.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: