Top Universities' Subdomains Hijacked to Serve Porn Content
Original: Why are top university websites serving porn? It comes down to shoddy housekeeping.
Why This Matters
Highlights critical DNS hygiene issues affecting trusted educational domains
Researcher Alex Shakhov found hundreds of subdomains from 34+ prestigious universities including UC Berkeley, Columbia, and Washington University serving explicit content and scams. Attackers exploit abandoned CNAME records.
Security researcher Alex Shakhov discovered that subdomains from major universities like berkeley.edu, columbia.edu, and washu.edu are serving pornography and malware scams. The attacks, linked to the Hazy Hawk group, exploit poor DNS record maintenance by university administrators. When subdomains are decommissioned, CNAME records often remain active, allowing scammers to hijack them. Universities' decentralized structure compounds the problem, with departments creating subdomains independently without proper decommissioning processes. Google search results show thousands of compromised pages exploiting the institutions' trusted reputations.