- Thompson Library at OSU
The Digital Citizens Alliance today released a report
that details how personal identities — and .edu email addresses in particular — have become a hot commodity on the "Dark Web market." The Dark Web is sort of a specialized plane of the Internet that requires a set specific configurations to access these small peer-to-peer networks. Transactions, like the sale of email addresses, are extremely difficult to trace. (The report at one point refers to the Dark Web as "a Tolkienesque, charred hellscape of badlands.")
"Each address and corresponding password should be thought of as a sort of informational gold mine," according to the DCA. "For their possessor they offer an immense amount of opportunity to glean the types of personally identifiable information that can be packaged together and sold on the Dark Web. Additionally, the credentials are the gateway to the valuable research and Intellectual Property which is often targeted for corporate and governmental espionage."
The DCA argues that these higher-education institution email accounts might lead interested parties to, e.g., social security numbers, bank and credit information and a spectrum of personal identity data. Universities, naturally, tend to be involved with government research and defense contracts.
The Ohio State University ranks in the top five targeted schools on the Dark Web (along with other large schools like Michigan, Penn State, Minnesota, Michigan State and Illinois). Access to more than 100,000 OSU email accounts is available on the Dark Web this month, according to the report.
Rather than stoking fears, the DCA asserts, information like this should compel higher-ed institutions to knuckle down on IT education and simple password maintenance.
“How many millions of brilliant minds go through the top 100 universities of the world every year?” asks Razvan Eugen Gheorghe, one of the most well known hackers in the world. “And how many of them actually decide to find vulnerabilities in their own universities to help secure them? A college or a university should become a central ground within any given area when it comes to cybersecurity or IT in general. But if we don’t change our mentality and laws, we will only stagnate as a society.”