A small British educational charity has been targeted in an apparently motiveless cyber attack by a hacker who defaced its website and published online user names, email addresses and clear-text passwords of 636 of its members.
After the hack on Tuesday, the Lichfield-based UK Council for Graduate Education (UKCGE) restored its website and informed the victims, but the hacker returned 48 hours later, defaced the site again and threatened to reveal the account holders' financial information.
Principal officer Carolyn Wynne said this was a bluff as financial transactions took place through PayPal. The hack has been linked to a Twitter account “@smitt3nz” which has subsequently been suspended, and the Council has removed all account details from its back-office systems. But Wynne remains bemused at why it was targeted.
“I've no idea who it is. We can't get any motive for why they would wish to hack our account. We're a very small organisation, we're a charity. I don't know if they were looking for a website that has a UK national element to their name. We're pretty insignificant, we don't have any kind of political agenda.”
The UKCGE is a not-for-profit organisation with three employees and an executive board of 12 volunteers. It is funded by memberships and provides information on the UK post-graduate sector. Its members are 124 mainly UK universities and associate organisations, with some members from Australia, the US, West Indies and China.
After the second hack, the Council has decided to encrypt its account data.
Paul Edwards, director of Core Design, the site's web development company, said they thought they had identified and defended the area where the hacker got in, and were now monitoring the site to check it was secure.