UBC and SFU are among 33 Canadian schools allegedly hacked
UBC and SFU are among 33 Canadian universities targeted by an internet piracy operation working on behalf of Russian intelligence, according to a security intelligence firm that has tracked the organization for the past three years.
The revelations come on the heels of reporting by the Washington Post that the U.S. Department of Justice (DOJ) has launched an investigation into Alexandra Elbakyan, a Kazakh-born computer programmer who started the hugely popular Sci-Hub database, which hosts a massive collection of pilfered research from a collection of the biggest universities around the world.
The DOJ did not confirm the existence of the investigation in time for publication. But Andrew Pitts, the co-founder of PSI Registry — an independent group out of England that advocates for legitimate access to scholarly content — told The Tri-City News PSI has tracked Sci-Hub’s activities for the past three years. Pitts said his organization has used sophisticated software to log and trace intrusions into 373 universities in 39 countries, including 33 in Canada.
The Washington Post reported that a former U.S. intelligence official believes Elbakyan is working with the GRU, the same Russian military intelligence unit that stole emails from the Democratic National Committee in the lead-up to the 2016 U.S. election and leaked the documents to Wikileaks.
Elbakyan, who denies working with Russian intelligence, started Sci-Hub in 2011 after she became frustrated with expensive barriers to access scientific material.
“Journal paywalls are an example of something that works in the reverse direction, making communication less open and efficient,” she told publication Science in a 2016 profile.
Even then, people were already openly questioning whether Sci-Hub was “an awe-inspiring act of altruism or a massive criminal enterprise,” according to the article.
By stealing staff and student login credentials and breaking passwords, Pitts says Sci-Hub has potentially gained access to some of the most sensitive government and corporate-contracted research in the country. He said PSI has tracked nine attacks on UBC and a single attack on SFU.
Once Sci-Hub gains access to the passwords, Pitts said, the group has free rein to steal materials from highly sensitive research, which it then uploads to its database for distribution.
Despite the nine hacks registered by Pitt’s organization, a spokesperson for UBC was only able to confirm one instance in which a publisher notified the university it had fallen victim to a “non-permitted use” related to Sci-Hub. Since then, the spokesperson said UBC had taken steps to seal up any breaches. In SFU’s case, a spokesperson denied Sci-Hub had ever hacked the university.
The Tri-City News reached out to the Canadian Security and Intelligence Service and the RCMP for information about any ongoing investigations into Sci-Hub in Canada.
While a spokesperson for CSIS said the service would not comment on the specific case, citing its practice of not commenting on investigations, methodologies or activities so as not to compromise the integrity of any operations, he did point to comments made in December 2018 by the organization’s director David Vigneault at an Economic Club of Canada event in Toronto.
In the rare public appearance, Vigneault warned of the growing threat of cyber espionage, and how the “scale, speed, range and impact of foreign interference has grown as a result.”
“Many of these advanced technologies are dual-use in nature in that they could advance a country’s economic, security or military interests. In particular, CSIS has seen a trend of state-sponsored espionage in fields that are crucial to Canada’s ability to build and sustain a prosperous, knowledge-based economy,” he said, noting research in areas like artificial intelligence, quantum technology and 5G.
The RCMP did not respond to questions by The Tri-City News, citing its general policy to not confirm or comment on any ongoing investigation unless charges have been laid.