Porn, piracy, and personal data: Universities providing more than just education…

UPDATE, 5/19/11 2:13PM EST: It appears word is getting around to some of the schools I’ve linked to in this post, as links are beginning to die off (which is a good thing for the universities taking care of business). For the moment, respective Google queries still yield their results that reflect what now once was…

Directly on the heels of my latest post where I exposed pornography residing on university Web sites like Harvard.edu, Yale.edu, and MIT.edu), it’s now time to show just how much extracurricular content many universities are inadvertently making available to the world via their Web sites. Get comfy and settle in as I continue my exposé on .edu domains and guide you through methods to find all sorts of content to download from them.

To start, if you think finding pornography, spam, supportive hate speech spam, etc. plastered across prestigious university Web sites is bad, then take into consideration the following list which showcases a larger picture of just how much more there actually is to be found:

• MP3s
• Movies/Documentaries
• Applications/Software
• Games/Roms
• Ebooks
• Whole curriculums
• Personal data (tax documents, grade documents, etc.)
• Intellectual property

Via the list above, you can see there is much more at stake than simply reputational damage to a school’s image for having a little bit of pornography — as noted in my previous post. There are concerns of potential legal woes, identity theft, theft of intellectual property (as in a body of work by a student or faculty), whole curriculums being made available for free, and more — all touching various aspects ranging from just one individual to an entire university!

After giving plenty of thought to how I want to approach this post, I’ve decided to take each of the items on the list above and elaborate on specific scenarios for each, respectively. In case you wouldn’t have otherwise, I’d like you to take notice of the similarities/patterns within the search queries I utilize for each scenario as they’re a real testament to how one can fine-tune a specific set of search queries to use over and over again with very minor changes. Finally, I will conclude the post with some ideas for remedy and prevention.

If you want to read a really good primer (if I do say so myself, *mustache twirl*) on advanced Google searching before we get started, then have a look at this post. Many of the concepts I delve into below can be found explained within that post, should you find yourself completely lost with exactly what it is I’m doing.

MP3s

Interestingly enough, I have sat back for years and watched as P2P software has pigeonholed the attention of the RIAA, MPAA, and other lawsuit-seekers of the intellectual property/copyright variety. In this section, I’m going to show you how much music is out there just waiting to be downloaded straight from .edu domains this very moment. And my primary target? Harvard.

Let’s assume you really like Kanye West, so you decide you want to find his music residing in a student/faculty directory such that you can freely nab it at fast download speeds. You now head on over to Google and formulate a nice little query that you think will get the job done — initially, at least. You decide to go with the following: site:edu intitle:index.of “Kanye West”

Well, at first glance, it appears there isn’t much… but looks can be deceiving and I’ll show you why. Let’s click on this directory found within those results. As we can see, the song “Gold Digger” is located there. Now, look up in your address bar in that page and take a look at the actual URL: http://www.people.hbs.edu/ffrei/MSOMaterials/iTunes/iTunes%20Music/Kanye%20West/Late%20Registration/

I don’t know about you, but I’m thinking this looks pretty darn promising for there to be at least one other band located in the /iTunes%20Music/ directory! Let’s remove the Kanye%20West/Late%20Registration/ bit from the URL and see what it looks like: http://www.people.hbs.edu/ffrei/MSOMaterials/iTunes/iTunes%20Music/

“Dear diary… JACKPOT!”

Just look at all the music sitting in that directory, freely available for the taking. Now, if you actually do some digging around, you’ll notice that there aren’t only singles in those directories; there are entire albums as well — such as “Lovers Rock” by Sade and “Trouble” by Ray LaMontagne.

Perhaps worst of all (and the part that makes this kind of thing feel more “real”) is that this directory belongs to that of a professor at Harvard Business School; yes, of the very same Harvard I made the primary focus of my previous post. How do we know this? Well, continuing on up the list of directories until we arrive at http://www.people.hbs.edu/ffrei/ is how we know. The final nail in the coffin is visiting http://www.hbs.edu/ and finding that it is indeed the site of Harvard Business School.

Your mileage may vary, depending on which artist you choose to search for, but it’s when you start traversing directories that you often find a rather startling collection of MP3s. As seen in the screen shot below, this entire collection is all indexed in Google — just waiting for someone to come along and do just the right search.

And that’s all just one person’s contents on Harvard! Need the album “Viva La Vida” by Coldplay? Rice.edu has you covered. What about the song “One” by Metallica? MIT’s got your back. And isn’t the new Pirates of the Caribbean movie coming out soon? Perhaps you’re in the mood to hear the sountrack to “Curse of the Black Pearl!” Aye, Johns Hopkins University won’t leave ye stranded! We could continue this all day; just don’t forget to have a look around other directories on those sites — especially Johns Hopkins.

Movies/Documentaries

Admittedly, movies are somewhat of a crap shoot; sometimes, I can find them like there’s no tomorrow; other times, not so much. This just happens to be one of those “not so much” times. Finally, though, perseverance paid off with the following query: site:edu intitle:index.of avi 700M

My thoughts behind that query were to search for avi (movie) files (there’s a filetype: operator in Google, but it’s a finicky beast that I rarely utilize) that are 700MB in size (file size is a value typically displayed in a textual format in file indexes, which search engine spiders can easily pick up on and index). Though there are only two results from the query, we are met with yet another prime example of looks being deceiving. When exploring this particular result from the Milwaukee School of Engineering and stepping two directories up, we end up here, where we see many interesting documentary and directory names. Upon investigating all directories, luck would have it that this directory contains a DVD rip of the Will Smith action thriller, Enemy of the State. Though I didn’t set out to find it in particular, there it is — and this type of “dumb luck” happens far more frequently than you would think when you start traversing file directories.

Since this one was such a pain in the butt to dig up, I’ll just leave this scenario as-is — especially since the example directory I provided has both documentaries (which are much easier to find) and movies. I was just focusing on Hollywood, though. For whatever field of study you’re in or whatever your unique passion/expertise may be, try searching for educational/instructional videos that would typically cost you money and see how you come up — especially if you’re into something like programming, neuroscience, astrophysics, etc. To give you a head-start, try the following query to build some ideas from: site:edu intitle:index.of DVD|avi|mpg “C++”

Applications/Software

Obtaining licenses to ubiquitous products — like Microsoft products — from universities is much easier than it should be. There was a time years ago where I ran fully-licensed copies of Windows and Office using licenses I obtained from exported MSDNAA key lists (lists that can contain hundreds to thousands of licenses for innumerable Microsoft products) residing on .edu domains. Yes, I’ve been doing this type of searching for many years now and my findings are never any less interesting, even if I do nothing with them these days.

Remember earlier when I mentioned “dumb luck?” Well, such was the case when searching for movies earlier and I instead ran across something Office 2010-related. Yes, while randomly doing some directory surfing within an employee directory at Brigham Young University Marriott School, I stumbled upon an Office 2010 Professional license contained within a document found in this directory. Truly amazing. And I haven’t even tried one of my usual search queries along the lines of site:edu intitle:index.of MSDN | MSDNAA or site:edu intitle:index.of “Office 2010″ | Office2010 | “Windows 7″ | Windows 7 +key yet!

Giving the former of the previous two queries of a shot, I was able to quickly flesh out two directories containing relevant results: One directory from Bossier Parish Community College containing a whole slew of ISO files (and, in some cases, licenses) for Windows 7, Windows Vista, Windows XP, VMWare, etc. and another directory from an Indonesian university, PENS-ITS with licenses to more dated versions of Windows — but licenses nonetheless.

Getting away from Microsoft now, even such generic searches as site:edu intitle:index.of crack can yield interesting results — like this directory at MIT which contains a program (along with a crack) that normally retails for ~$600. Additionally, we can find directories like this (from Case Western Reserve University) which have been around for years housing cracked software.

And with that, I would like to direct you to page two, where I cover games/roms, ebooks, curriculums, and personal data. Then, on page three, I’ll delve into intellectual property, solutions/preventative measures, and finally, the conclusion to my .edu exposé.

Taking you further down the rabbit hole, Alice… »