Skip to main content

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

A Minnesota state government server and Minnesota State University Moorhead were hacked over the weekend – the work of someone who goes by "Vigilance" on Twitter and said it was done as retaliation for the Jeronimo Yanez verdict.

The hack, which Vigilance first tweeted about on Saturday, exposed hundreds of email addresses, versions of encrypted passwords, and the names plus log-in info of students at MSUM. The culprit then posted all of the text online.

On Wednesday, Minnesota IT Services (aka MNIT) gave its first significant update about what its teams had uncovered so far.

In an email statement, MNIT said its forensics teams confirmed a server was compromised. The one that was accessed in the hack housed older state technology applications, MNIT said, calling the impact of the hack "small" and having only affected "legacy computer systems that are no longer in use."

The data posted online includes the emails and encrypted passwords of people who subscribed to old government newsletters, MNIT said, specifically for the state geographic information and energy programs. The hack didn't disrupt any "major business systems," MNIT said, and the vulnerabilities were addresses. They'll turn over their findings to the FBI soon.

MSU Moorhead said first and last names, plus StarID and Dragon ID numbers of 8,000 students and 800 staff were accessed without authorization. A "fraction" of them were posted online, the school added.

The server that was affected was taken offline, and everyone's StarID passwords will have to be reset at the end of the week, MSU Moorhead added, then apologized for any inconvenience.

Update: Vigilance later claimed to have found security issues in the University of Minnesota Twin Cities website. You can read Friday's update about that here.

So what could someone do with this information?

Bob Weiss has been blogging at WyzGuyz Cybersecurity for about a decade now, and currently works as a senior cybersecurity engineer for Computer Integration Technologies in the Twin Cities.

"The randomness of the hacks make me wonder if it was just that, these were systems that were easy," Weiss told GoMN Wednesday, while noting the state generally has pretty good cybersecurity. But that doesn't mean the information – even if it's just email addresses and encrypted passwords right now – isn't valuable.

If someone manages to solve the jumbled passwords (which are generally encrypted via hashing) with a "brute force" password cracking software, Weiss explained, then they've suddenly got complete, legitimate log-in information.

"That kind of information would be easy to sell online ... I mean there’s like a bazaar basically on what they call the dark web," Weiss said, noting government accounts could be especially valuable.

From there, a malicious actor could take a couple different routes.

One, they could attempt to use that email/password combination for other sites – think Amazon, where you credit card info is stored, or your Facebook account with lots of personal information, he said. (That's why people recommend using different passwords for different accounts.)

Two, someone could try to set up a spear phishing campaign. They could log in to an email account but not do anything to alert the user they're inside, Weiss said, instead just watching, reading, poking in your contacts. Doing "some really serious reconnaissance" on a target, he explained, until they have enough to make a very convincing spoof email.

"And then I can build that perfect email that is just going to be 100 percent ... convincing, and get them to do something that gets me deeper into my goal," Weiss said. "Or I can use their email account to impersonate them in order to get somebody else who may be more valuable to do something that would be more useful to me."

MNIT has asked for money for 24/7 monitoring

Vigilance's first tweet was sent at 11:25 p.m. on Saturday. And while MNIT didn't offer specifics about staffing during that specific time, it's worth noting the department had been asking state lawmakers for a significant boost in funding. One of their goals with new money was to get MNIT staffers working 24/7. The department says it fends off 3 million potential attacks every day.

"The way the internet works is these attacks don’t just come in during business hours … they come in all the time," Aaron Call, MNIT's director of information security, told GoMN in May. "We’re unable to react. We don’t have our eye on the ball at night."

MNIT did not get that additional funding they were hoping for, and on Wednesday said events like this one over the weekend "underscore the urgency of this increased investment."

Why Vigilance did this

The hacker first reached out to Vice's Motherboard, reiterating that this was in response to a 12-person jury acquitting Yanez of manslaughter charges in the shooting of Philando Castile. He also said the method he used to get the data – the vulnerability, as it's referred to – hadn't been patched.

He's since been retweeting stories about what he did, as well as pastebin links containing the usernames and info he took. He tweeted Monday:

"Sit back and watch the chaos unfold
Justice for #PilandoCastile
More leaks coming for more injustices."

And on Wednesday, he sent out a screengrab that included an "mn.us" URL that leads to some sort of printing page, writing: "Where am I? The clock is ticking."

Next Up

20211010_Vikings_Lions_REG05_0560

What does the future hold for the Vikings at linebacker?

Anthony Barr is hitting free agency, and Eric Kendricks is approaching age 30

vehicle car

String of vehicle thefts in St. Paul, most left running unattended

The department is urging people not to leave their car running unattended.

kid hospital doctor

Child COVID hospitalizations reach pandemic-high in northern MN

As omicron surges, more kids are ending up in the hospital.

ice fishing close unsplash

'It's disgusting': Anglers dumping sewage on to popular ice fishing lake

A local CO told Bring Me The News it's people in newer, RV-style wheel houses.

Alejandro Rios and Michael Steward

Reward offered for information on 2021 double fatal shooting in St. Paul

It's been a year since Alejandro Rios and Michael Stewart were found dead on the sidewalk.

Peyton Manning John Randle Twitter

What was Peyton Manning doing in Minnesota?

It's apparently for an upcoming episode of his TV show, "Peyton's Place."

covid-19, coronavirus

Minnesota's COVID-19 update for Tuesday, January 25

The test positivity rate has dropped for the first time since before Christmas.

liz collin wcco youtube screengrab

Liz Collin reveals she is leaving WCCO

"Thank you for trusting me to tell your stories," she wrote in Tuesday's announcement.

jimmy john's rochester antimask rant guy

Video: Man harasses Jimmy John's workers, wishes death on them over mask mandate

"When are you going to start using that brain inside of your head," the man asks.

Related

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Hacker continues to jab Minnesota institutions, this time going at the U of M

The hacker already accessed state government and MSU Moorhead data without authorization.

Russian hacker admits to helping infect thousands of servers – including in MN

Get ready to learn about Ebury malware, and how it was used to get millions of dollars.

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.