Cyber Incident Victim: Carbonic
Date:
Dec 2014
Location:
United Kingdom
Summary
A hacker using the alias @MarxistAttorney breached multiple universities, including California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, Abertay University, and Fordham University, leaking credentials, employee IDs, and other sensitive data as proof of compromise. The attacker claimed the intrusions were motivated by "lulz" and to expose inadequate IT security, though a separate #Carbonic-linked tweet suggested a personal grievance against one institution. Several universities confirmed investigations, with Abertay attributing its breach to a compromised satellite site. Federal agencies were noted to lack consistent oversight of education-sector breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 4, 2015, DataBreaches.net reported that an individual or group using the alias "@MarxistAttorney" claimed responsibility for hacking multiple universities and colleges, including California State University, the University of Kentucky, the University of Connecticut, the University of Maryland, Coastal Carolina University, Abertay University, and Fordham University. The attacker published data dumps on Pastebin and their personal website as proof of compromise, though specific contents of the leaks were not detailed in the article. DataBreaches.net contacted each institution for verification; the University of Kentucky acknowledged the inquiry and initiated an investigation, while Abertay University clarified that the breach affected a promotional satellite site (daretobedigital.co.uk) for a competition, hosted on commercial servers separate from its main infrastructure. Initial analysis by DataBreaches.net found inconsistencies in the attribution of one data dump originally linked to the San Diego Zoo and previously credited to "Paw Security." Other dumps showed no evidence of prior public exposure.
@MarxistAttorney stated their motive was "the sole pleasure of the 'lulz'" and aimed to publicize stolen data—including logins, employee IDs, and unspecified sensitive information—to undermine the targeted universities' IT teams. A tweet from @teamcarbonic dated December 10, 2014, suggested a potential grievance against the University of Maryland, referencing the hashtag #Carbonic and implying rejection from the university contributed to its targeting. The University of Maryland confirmed it was investigating four days after notification. Fordham University, though not initially named in @MarxistAttorney’s claims, submitted a statement to DataBreaches.net, likely due to its inclusion on #TeamCarbonic’s website listing affected institutions. No federal agency had pursued investigations into education-sector breaches at the time, with the FTC citing jurisdictional limitations over non-profits. By the article’s last update, most institutions had not confirmed or denied the breaches, and the scope of compromised data remained unverified beyond the attacker’s assertions.