[lbo-talk] turnout, GMU e-mail spoof update

Sean Andrews cultstud76 at gmail.com
Wed Nov 12 08:32:32 PST 2008


On Tue, Nov 4, 2008 at 10:49 AM, shag <shag at cleandraws.com> wrote:


> Today, at GMU, someone 'hacked' the university email system, sending out a
> message that appeared to be from the GMU president telling people to vote
> 11/5. The rumor that Democrats should vote 11/5 has been circulating here
> for over a week and on local blogs and forums, there are random trolls
> posting every couple dozen posts, telling people to vote tomorrow --
> saying that the polling places are overwhelmed so they've decide to extend
> polling. Crap like that.

[Since shag seemed tuned into this occurrence, I thought I'd forward the explanation of what happened from the Provost's office. The upshot is that they don't know who did it, but it seems like it only worked because there was another message being sent that was official at the same time. Is this just a coincidence or did the spoofers have someone on the inside? I guess we'll just have to wait for what the efficient spooks at the FBI uncover. -s]

Message from Joy R. Hughes, Vice President and CIO, GMU, sent today:

Early in the morning of November 4th, the university's central announcement system sent an email from the Provost to members of the university community negating two rumors about the national election that had been circulating on campus. Someone used this opportunity to utilize a form on an outside web server to "spoof" the email address of the account authorized to send to the announcement list. Using this form, the person then sent a message purporting to be from the Provost that stated that the date of the election had been moved to November 5th.

While it is simple to spoof an address, the information contained in the header of the message revealed the true path of the message, clearly indicating it did not originate with the Provost or from any university system. The company that owns the outside web server has disabled the form on its site that allowed the person to send this spoofed message.

Since tampering with elections is a Federal offense, the cybercrime expert in Campus Police was notified and he immediately contacted his counterpart in the FBI. The FBI is now investigating.

The sender was able to send the message via the central list because the sender took action while the system was still delivering the original message and so the names of recipients had not yet been cleared out of the announcement database.

In order to avoid future incidents of this type, a manual verification step has been added to the central process to send announcements. All of the university's central announcement lists will be subject to the new verification process, thus eliminating the potential for a spoofed message to be sent via a central announcement list.



More information about the lbo-talk mailing list