HiLCoE University students’ data stolen in cyber-attack | Ethiopia

This week, while HiLCoE was focusing on the registration of students, They didn't think about their website will be attacked, for a second, and they were used HTTP protocol on their website. as our research,  through our blog, this event that we have found HiLCOE was to be very distracting and disrespectful to their students. 

Student data has been stolen in a “sophisticated and malicious” cyber-attack on HiLCoE university website.

Registration Records, Student phone number, and ID documents of  HiLCoE School of Computer Science and Technology students were accessed in the phishing attack and fraudulent documents of student information were sent to all students about there registration, a student's of the university said. 

Data from thousands of students, including their names, telephone numbers, and ID numbers, was accessed from the Database, and fake grade reports published to the students by the hackers.

It seemed that the teachers understood the website was getting attack and Immediately, students were told to change their password from the School. 

The university spokesman, staff, and the registrar office didn't say anything about this attack. 

Universities need to plug into threat of cyber-attacks

 

Read more

HiLCoE School of Computer Science and Technology is a private college in Addis Ababa, Ethiopia. The name HiLCoE stands for Higher Learning Center of Excellence. A specialized computer science institution, it was established in January 1997 by two information technology professionals, Ahmed Hussien and Nassir Dino. Now as we all know HiLCoE University has been continued the learning process online using Zoom Conferencing, Google Classroom, and such software during the lockdown.

Because of poor cybersecurity protections at the university, Several Data's and information was stolen said the student hacker's

as a student's noticed the hacker's sent this message on a new unknown telegram Channel -

" ይድres ለ HilCoE Students

You were barking & woofing how HiLCoE is poorly secured and easily manipulated. But did any of you dull-witted fuckers penetrate their website? or even know how it security system was built? NOO you instead waiting hilcoe and YouTube to teach you the real art of programming and hacking. However, only a single person from 1625 students successfully breached the database, modified His grade and collected other student’s sensitive data. And Mr. Zellalem, I can say he is a very good guy with good skills don't you just see how bad the UI is or how their URL is open. He built a secured peer to peer communication system for the site to store your “Grades and other data”. It uses an encryption and hashing technique called hybrid AES 256 with JWT. It was more than enough security for the site BUT your bitch ass knows that even big companies like Microsoft and Sony got hacked recently. SO building 100% secured system is nearly impossible these days even SSL has its own vulnerability. so what I am trying to say is that the site was having a probability of 0.16% to get hacked. nevertheless, someone dig enough to find it’s zero day and did it. so stay the fuck away from Mr. Zellalem, he is the love of my life and best teacher. finally on 17/Jun/2020 if received an sms message with verification number on it boom. "

also, they uploaded a text file that has thousands of students, their names, ID, and telephone numbers, of the students.

Source: HiLCoE Students.

for any Idea and View about this attack please share us on the comment section and we hope we will try to share for the university.