By: Steven Chmielash
Imagine working on a major project and suddenly your computer shuts down. Everything gone.
All your hard work is now an afterthought.
In mid-July, two of Algonquin’s Media and Design websites were hacked leaving the project leads, students in the eight month intensive interactive multimedia program, in a bind.
Students in the program were given a project to work on for four months. At the end of it, they would present the finished product to their Media and Design professor Adam Jarvis.
Some students were assigned to work on the GoJournalism.ca website while others were tasked with the Algonquin Times and Glue Magazine sites.
According to Jarvis, the GoJournalism website was the first to get hacked. Then the students checked the Times and Glue sites as well.
Luckily, the Algonquin Times website was completely spared from the hack.
Namitasatish Shetty, project lead for the GoJournalism website, said that she signed on to the WordPress in July and saw that it was acting up. According to her, there were loose links and code on the page that she never saw before.
“We tried to do a few things that could possibly fix it but we didn’t know what was happening,” said Shetty. “And I tried to Google it and figure out if it’s happening to other websites. It seemed like that weekend, a lot of WordPress users were complaining about the same issue.”
Since the hack was primarily focused on injecting new code than what was previously programmed, the website was still working.
“The idea was that the hack would not slow anything down, it would not show itself, it would just be there running in the background,” said Jarvis. “The only way you’d find out that something was hacked is if you went in and actually started looking at the code.”
When the hack happened, Shetty and her team went into overdrive and immediately changed the website’s passwords to make them more secure. She also deleted everything that had been hacked. Luckily, she didn’t have to start from scratch because she had backed up all her work 10 days prior.
Since her team backed up everything, there was only a two day turnaround before everything was back to normal.
“It’s not like we didn’t lose anything. We did lose a bit of stuff because, essentially, nobody thinks about it every day,” said Shetty. “Nobody thinks I should back it up today because I made one tiny change, so there are a few things we lost but the fact that we had a backup, was just about 10 days previous to when the hack happened, it saved our lives.”
The Glue Magazine website, however, suffered a worse fate.
Since the site was going through a major overhaul, everything that Jason Victor, project lead, and his team had done up until that point was pretty much gone.
One morning, when Victor and his team came to work on the site, they realized new codes were installed on their pages.
“There was maybe 1,000 files that we had to delete from the top of line one all the way down to, ranging from, line 300 to 400 on each page,” said Victor.
According to Forbes, over 90,000 WordPress blogs had been hacked in April.
The hackers combed through WordPress accounts and attempted to guess people’s passwords through an exhaustive trial and error process.
A lot of people make their WordPress administrators the same as their main username logins. Considering this, it’s just a matter of obtaining a program that cycles through 1,000 commonly used passwords.
Once the hackers gained access to the sites, they compromised the user’s system by planting a botnet inside of it. A botnet is a collection of compromised systems that communicate with each other and are used for online attacks.
Unfortunately, because of the hack and time constraints, Victor and his team weren’t able to deliver the completed project.
“We completed one or two pages to make it look good versus all seven or eight pages that they wanted,” he said.
All three websites are now running smoothly and all traces of the hack have been wiped clean.
The Glue Magazine website formally re-launched on Oct. 7 and can be visited at www.glueottawa.com.