Cyber Criminals Cash In: College .edu Addresses in High Demand on Dark Web


Dennis Lowe/MCT

Higher education credentials are an ideal target for thieves looking to access intellectual property, government research, and personal information.

A new form of cybercrime created by sophisticated foreign governments and organized crime rings are generating top security risks to colleges and universities worldwide. Hackers work around the clock to steal college credentials that access creative work, sensitive research, and personal information, potentially costing millions of dollars in lost revenue and fraud.

According to a March report published by the Internet safety advocacy group Digital Citizen Alliance, nearly 14 million email addresses and passwords belonging to faculty, staff, students, and alumni at higher education institutions are for sale on the dark web.

“Stolen credentials can be the first step down the path to more sensitive personal information, access to valuable intellectual property, and potentially identity theft,” the authors said.

Likewise, two-year schools like San Jacinto College are regularly targeted by hackers where most members of the academic community are unaware of the black market demand for their .edu credentials.

Terry McGregor, a Computer Information Technology (CIT) professor on the South Campus, teaches courses that examine the ways hackers infiltrate computers and computer networks, as well as the available safeguards that minimize potential damage.

McGregor said there are a number of reasons colleges and universities are lucrative targets.

“Hackers are looking to gather as many email address as possible with each hacking attempt,” he said. “With thousands of email addresses available, colleges and universities are a great place to attack.”

Furthermore, fellow South Campus CIT Professor Jim Meeks explained .edu emails are ideal because they can be used for a number of activities ranging from getting discounts on software to accessing government research conducted at many institutions. In turn, the perpetrators sell the accounts to anyone trying to get student discounts or looking to run phishing scams from .edu emails, which appear more credible to an unsuspecting target than, for example, a Gmail or Yahoo account.

Moreover, if a hacker is successful in obtaining an email and password, he or she can use it to gain access to other sites the target previously logged into; from social media sites to bank accounts. The hacked emails can also be used as part of hoax emails to trick others into giving up private information.

However, certain online behaviors make users vulnerable to cybercrime, such as clicking on pop-ups, opening emails from people they do not know, or signing up for free trial offers.

Moreover, using the same password for multiple accounts is also risky. Digital Citizens Alliance stated in a recent news release, “The password management and digital vault software company Keeper Security reported that 87 percent of people between the ages of 18-30 reuse passwords.” And from their own investigation, the organization concluded, “The college password is not just a key, it is the keychain.”

To maintain privacy, Meeks explained, a deliberate combination of keystrokes can significantly improve online safety.

“The best thing they can do is to make a secure password longer than eight characters with upper and lower case letters, special characters, and numbers,” Meeks said.

Furthermore, he added, another option includes users creating two accounts on computers with which they access their college email. One should be set as an administrator account able to install software, while the other serves as a user account limited with few permissions. Therefore, hackers are not able to install malware.

Meeks warned the threat from attacks will not diminish anytime soon, particularly since unlike the early days of the Internet, today’s cyber renegades evolved beyond creating chaos. They are now engaged in a profit-driven game to outwit targets and stay ahead of their competition.   

“Cyber security changes daily,” he said. “The hackers are always working on different techniques and procedures to show other hackers how great they are compared to other hackers.”