Quadszilla just sent me a link to a recent alledged unathorized hack into a medical college database by what is believed to be a salesman of all things. He is a salesman for medical databases. No doubt he was going to take the information he recieved and attempt to market to those people who were either near graduation or post graduates.
This is one of those weird things where blackhat hacking is getting to be far more mainstream. Even sales guys can hack into a database. And if he hadn’t gotten caught, it is very likely that this would have been a very profitable attack. I remember at one point in my college career someone sold the school password file to spammers. That was also pretty successful as there were far less people on the internet at that point, so email addresses were more scarce.
Thankfully the database in question in this particular hack was not a patient resource (and therefor not under HIPAA regulation), but the obvious damage that could be caused by something like this makes me shudder a little bit. College servers hold a great deal of sensitive information. Thankfully, normally they are fairly difficult to break into, as the colleges themselves have to protect against users who would attempt to break in and steal information or change grades, etc.