Email “Hack” Tells University Students & Staff That U.S. President Vote Is “Tomorrow”

Here’s another email incident example to add to your files…

Computerworld reported yesterday that 35,000 folks on the George Mason University (GMU) email system received a hoax email on November 3rd telling them that the U.S. presidential election had been postponed to November 5th. And, oh by the way, the email came from the university provost’s office. Well, it DID come from his email account!

“The e-mail was sent by an unknown hacker who managed to gain access to a university list server using the provost’s user credentials.”

User credentials means the email account ID and the password.

“It didn’t appear as though the person who sent the hoax e-mail had hacked into the system. Instead, the perpetrator appears to have used the provost’s credentials to gain access to it and send out the e-mail”

So, how did this happen?

  • Was it an insider who had obtained the provost’s email password because of poor security practices by the provost?
  • Was the provost’s email password easy to guess?
  • Was the provost’s computer connection “sniffed”…the keystrokes captured through any one of a number of widely available malicious code that can be loaded onto a computer, without the computer user’s knowledge, when security controls are poor or lacking?
  • Was it sent from one of the email server administrators who had authorized access to the email accounts?
  • Was it sent from someone the provost had told his email password to?

Besides looking for the “hacker” who sent the message, GMU should also do a security audit of their email systems, at a minimum, do determine where there are vulnerabilities and then fix them. Better yet, they should perform a vulnerability assessment in addition to a security program audit to determine how effective their entire security program is, identify the vulnerabilities and threats, and then mitigate the risks.

Tags: , , , , , , , , , , , ,

Leave a Reply