Cyber Incident Victim: University of Oklahoma
Date:
Mar 2015
Location:
United States of America
Summary
The University of Oklahoma experienced a cybersecurity breach involving SQL injection attacks by a hacker who accessed internal systems and private communications. Despite repeated attempts to notify the institution via social media and direct contact, no response was received, highlighting concerns over inadequate security practices. The attacker claimed no student records were downloaded but emphasized the ease of re-exploiting the vulnerability to access such data. This incident followed a prior breach at the university's nursing college and occurred amid heightened public scrutiny of campus racism controversies, potentially increasing its exposure to hacktivist targeting seeking sensitive information or internal documents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2015, a hacker using the alias "Chrichir" conducted an SQL injection (SQLi) attack against the University of Oklahoma’s web servers, gaining unauthorized access to internal databases. The attacker first notified the university of the breach via Twitter on March 11, 2015, but received no response to these initial alerts. When the institution continued to ignore subsequent communications, Chrichir publicly disclosed details of the hack, including a paste containing references to the "University of Racism" – an apparent allusion to OU’s ongoing controversy involving racist fraternity activities. The hacker claimed to have accessed private internal posts dated from February 2015 through the time of the breach but stated no student records were exfiltrated during the intrusion. Security researcher website DataBreaches.net independently verified the vulnerability by reproducing the SQLi attack vector and notified OU administrators via email on March 15, 2015, though the university still had not acknowledged the breach publicly by the article’s publication date. This incident followed a separate December 2014 breach involving OU’s nursing college web server, indicating recurring security deficiencies.
The attack occurred during heightened institutional vulnerability due to widespread media coverage of OU’s fraternity scandal, with Chrichir explicitly citing the university’s poor security posture as motivation. Forensic evidence suggested the hacker operated alone and focused on demonstrating system weaknesses rather than stealing data, though they emphasized the ease of repeating the attack to access sensitive student information. No containment measures, forensic investigations, or public disclosures by OU were documented in available sources following either the March 2015 intrusion or the earlier December 2014 incident. The lack of institutional response persisted despite multiple notification channels including social media alerts, third-party researcher communications, and archived evidence of database vulnerabilities. Potential impacts included unauthorized access to administrative communications and student records, with particular concern about hacktivist exploitation given the institution’s high-profile controversies at the time of the breach.