Cyber Incident Victim: Massachusetts Institute of Technology
Date:
Jan 2015
Location:
United States of America
Summary
A cyberattack targeting the Massachusetts Institute of Technology involved the defacement of 15 course websites, including those under the Media Lab faculty, by attackers identifying as "Ulzr1z." The attackers replaced homepage content with protest messages referencing #OpAaronSwartz and demonstrated unauthorized access to the WordPress admin panel controlling the subdomains, sharing evidence via social media and Pastebin. The incident was linked to commemorative actions surrounding an internet activist's death, mirroring prior disruptions where the institution's websites were hijacked or taken offline by hacktivists. The defacements primarily disrupted academic resources for students, echoing historical tensions related to the activist's prior document acquisition from the institution's network and subsequent legal proceedings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 6, 2015, attackers identifying themselves as "Ulzr1z" defaced 15 Massachusetts Institute of Technology (MIT) course websites hosted under the Media Lab faculty domain. The attackers replaced homepage content with a message stating "./ Hacked by Ulzr1z," followed by their Twitter handle @ulzr1z, the hashtag #OpAaronSwartz, and the word "Hacked!" They gained administrative access to the WordPress panel controlling these subdomains, evidenced by a tweeted screenshot showing control over MIT's web infrastructure. The compromised subdomains included course sites such as those for Social Physics, with a full list subsequently published on Pastebin. MIT removed the defacements, restoring normal site functionality. The attack coincided with the second anniversary of internet activist Aaron Swartz's death, directly referencing his association with MIT through the operation's name. This incident disrupted academic resources for students using the affected course websites, though no data theft or secondary compromises were reported in the available source material.
This cyber incident followed a pattern of retaliatory actions against MIT related to Swartz's 2013 suicide. In 2011, Swartz had used MIT's network to download JSTOR academic articles, leading to federal charges. Two years prior to the 2015 defacement, Anonymous-affiliated hackers had taken down MIT's main website, replacing it with a tribute to Swartz that included an apology to MIT's web administrators clarifying they didn't hold the institution solely responsible. The 2015 attackers similarly framed their actions as symbolic retaliation, though they targeted course subdomains rather than primary infrastructure. Congressional responses to Swartz's prosecution, including proposed "Aaron's Law" legislation to reform computer crime statutes, remained unresolved at the time of the attack. Both the 2013 and 2015 incidents primarily impacted unrelated academic users rather than institutional decision-makers, with course materials and administrative interfaces temporarily disrupted during active semesters.