[pahool]

The Washington Post article was hearsay, and this article adds nothing new. No real sources are cited except for Dennis Franks, an ex-FBI agent, who somehow can't fathom how anyone could use "stolen credentials to conduct intrusions of 150 or more confidential university accounts in the United States" without the Russian government's involvement. As if leaked university credentials were difficult to get. Most university's put their journal access behind a single sign-on proxy server or vpn and access to most of these journals is available by IP address authentication. It is ridiculously easy to get access to leaked university credentials, and in some cases, users have donated their login and password to sci-hub. Students at universities rarely face consequences for having had their account compromised (if it's even detected) other than having their account temporarily locked until they change their password.