Sent by email to:
president@ucop.edu
CC: chancellor@ucsc.edu
And by Web form at:
https://govnews.ca.gov/gov39mail/mail.php
From: Dr. Sam Bowne, City College San Francisco, Computer Networking and Information Technology Department
Re: Security Problem at UC Santa Cruz
Date: May 29, 2014
Six months ago, I found evidence that the servers at UC Santa Cruz were under hostile control by criminals, and being used to sell pharmaceuticals illegally. I notified the UCSC Chancellor and several staff at the college repeatedly, but the problem has not been fixed.
The problem is very easy to see: simply Google "viagra site:ucsc.edu" and you will see more than 7000 pages, some of them now marked "This site may be hacked" by Google. Many of the other hits contain French or Spanish pages advertising Viagra. I have posted an image of the first three hits here:
http://samsclass.info/125/proj11/ucsc-viagra-052914.png
For the last six months, or longer, UC Santa Cruz has been operating with compromised servers. This is a very dangerous practice, and should not be allowed.
California has already lived through a similar situation with Maricopa Community College, which was breached in 2011 and left the servers under hostile control, leading to another, much worse breach in 2013. The details are here:
http://rickgalvanlaw.com/employment-law-blog/mcccd-security-breach-timeline-events/
The details of my original study are here, although the criminals controlling the UCSC servers have changed their operations significantly since then:
http://samsclass.info/125/proj11/subtle-infect.htm
I strongly recommend that UC Santa Cruz hire professionals in incident response to analyze and clean their systems. Removing an infection this old and deep is not cheap or easy, but it must be done.
Please feel free to contact me if I can be of any assistance.
Thanks,
Sam Bowne
