In what appears to be a pre-planned attack, an anonymous user under the name “Root the Box” caused the University’s main webpage to redirect to a picture of the group’s logo, a pixelated white skull on a black background, before going to the @R00tTh3B0x twitter feed Monday evening.
After tweeting “RTB vs. UNIVERSITY OF VIRGINIA” around 6 a.m. Monday, the hacker or hackers first compromised the website around 9:10 p.m. and briefly returned to normal at 9:31 p.m. Three minutes later, the site was redirected again, and then restored to the actual University homepage around 9:40 p.m., only to once again be taken over by the Root the Box page soon thereafter.
By 9:41 p.m., an “Access Forbidden” page came up, soon followed again by the Root the Box redirect page, and soon after that browsers were unable reach Virginia’s main website in any form. By 9:53 p.m., www.virginia.edu had returned to its usual main page.
The hacker or hackers took to Twitter to insult the University’s ability to defend its main website. “We literally ROOTED your box,” they wrote at 9:52 p.m.
Root the Box said it would be going through email accounts around 10 p.m., after the University had restored its main website. The University’s student email accounts are hosted through Gmail, and students did not lose access to those accounts during the incident.
In a Twitter interview, @R00tTh3B0x said it had no specific political motivations for the attack and that it was not directly affiliated with the University or the official Root the Box hacking competition.
“We hacked it because we can,” the tweet said. “For fun, and because of the University’s lack of security. That sums it up.”
It said the attack was carried out in part as a response to a $40,000 grant University scientists received to work on hacking issues, citing a Newsplex article from March 19.
But the group did include the federal government in its list of insulted organizations.
“Root the Box” tweeted at 10:16, “The government hates and fears intelligence. Feds will be after us, as we keep leaving false trails behind.”
Computer Science Prof. Mark Sherriff said in an email Monday evening he was not familiar with Information Technology Services’ website system, so he could not determine exactly how the hackers infiltrated the system.
“Methods of entry and the skill required can vary wildly depending on how the system is setup,” Sherriff said.
Sherriff said he was “proud” of ITS for its quick action in bringing the website back up. “[I]t looked like they went back and forth a couple times with the hackers,” he said.
University spokesperson McGregor McCance said in an email Monday night the University was looking into the issue, but did not have any additional information. ITS could not be reached for comment.