Naked Security Naked Security

MIT sites defaced in lead-up to anniversary of Aaron Swartz’s death

The anniversary of the death of Aaron Swartz has been commemorated with an attack on the institution from which he siphoned documents.

Aaron Swartz, courtesy of Sage Ross, Wikimedia CommonsThe two year anniversary of the death of Aaron Swartz has been commemorated with an attack on the institution from which he siphoned documents.

Attackers going under the name of “Ulzr1z” defaced websites for courses at the Massachusetts Institute of Technology (MIT).

The attackers edited the homepages of 15 sites, replacing it with the text below, which has since been removed:

MIT hacked

./ Hacked by Ulzr1z
Follow me @ulzr1z
#OpAaronSwartz
Hacked!

The attack affected MIT’s Media Lab faculty, which hosts a number of course websites under its domain.

The attackers gained access to the WordPress admin panel, which controls all the websites, tweeting a screenshot to prove the access.

Twitter screenshot - MIT hacked

0x50776e6564 @ulzr1z
Panel Admin Massachusetts Institute of Technology, #MIT #Hacked Acces to all other subdomain

The 15 defaced subdomains, including sites for courses on subjects such as Social Physics, were also posted on Pastebin.

This isn't the first time that MIT's suffered repercussions from the death of the internet activist, whose work included establishing the online gathering Demand Progress to campaign against the Stop Online Piracy Act (SOPA); co-authoring the web feed format RSS; and many other projects concerned with sociology, civic awareness and activism.

Two years ago, in 2013, attackers affiliating themselves with the Anonymous brand took down the school's website to avenge Swartz's death.

The website was also hijacked to host a personal tribute to Aaron Swartz that included tender comments from those who apparently knew the young man, who was only 24 when he was arrested.

The 2013 message was appended with an apologetic note to MIT's web administrators, acknowledging that Anonymous didn't directly blame MIT for the tragedy.

MIT runs the network from which, back in 2011, Swartz had acquired a trove of download-protected academic articles from the non-profit academic journal archive JSTOR, with the aim of republishing them without restriction.

Shortly following Swartz's suicide, legislation that would have at least partly de-fanged the ferocity of the charges used against the internet activist was proposed.

Beyond Representative Zoe Lofgren's so-called Aaron's Law - which, as of August 2014, had been left to wither in a Congressional committee - the charges against Swartz have been dubbed "ridiculous and trumped up" by members of the House Judiciary Committee Representative.

Those Representatives have referred to Swartz as a "martyr" and, as of a year ago, were tasking an Oversight panel to look into the appropriateness of federal prosecutors' actions against him.

Unfortunately, Saturday's attack is similar to the ones launched previously, in that the main people who'll suffer are the innocent bystanders who use the defaced sites - in this case, students.

Image of Aaron Swartz from Sage Ross, Wikimedia Commons