[Cyranix]

If you want to expand the search, NCES might be a good way to collect additional sites to try: http://nces.ed.gov/collegenavigator/

Do you have any hypotheses about a common vector for the hack? In addition to run-of-the-mill vectors, there's also the possibility that educational middleware (online class management a la Sungard, Blackboard, PeopleSoft) is vulnerable -- this is pure speculation, of course, but as someone who worked with dozens of those portals it piques my curiosity.

[zeynalov]

I couldn't figure out yet. I'm chatting one of those hackers right now per email. He says he can sell me all the list of passwords of .gov .edu website from which country I want, and he can teach me how to hack the rest of them. Mind-blowing.

[bravura]

How did you locate this hacker?

[zeynalov]

I just contacted him through the Contact page of his website. He replied. I am not sure if he's a real hacker but he's the owner of bolumizleyin.com which has plenty of backlinks from several .edu websites.

[zeynalov]

@diamondhead It seems I can't reply to messages past a certain depth so I'll respond to your latest comment in the previous one. I am from Germany. I wrote you on twitter.

[diamondhead]

zeynalov, please report him to a police department or a related department in Turkey. if you don't know how to do it, I can help you on this as a Turkish citizen.

[diziet]

Probably by looking at the whois of the domains being linked to?

[zeynalov]

Just by contacting them directly from their website.