2008 Woodie Awards
Video related to this article is available below.Issue date: 4/14/08 Section: News
E-mail scams targeting colleges nationwide
Thomas Himes
Penn has emerged unscathed from the latest round of e-mail scams targeting college servers.
The fake e-mails, known as phish, have recently changed their tactics to target colleges, according to Douglas Pearson, technical director of an information-sharing and analysis center at Indiana University at Bloomington.
The e-mails have hit dozens of colleges over the past few weeks, including North Carolina State University and Indiana University. The e-mails allege to be from system administrators asking for individuals' passwords and other personal information.
"The phish claims to be from the local school's support group, they make up a reason as to why the recipient has to respond back with their password - and surprisingly a number of people fall for it," Pearson said.
But Penn has been unaffected by a widespread attack.
"We've seen that thing fairly recently, but it's just a variation of the same kind of phishing stuff we all get in our mailboxes on a daily basis," said John Lupton, an information-security specialist with the University's Information Systems and Computing office.
"Once the phishers compromise an account," they then use it to send off thousands of e-mails, according to Pearson.
In 2006, 4,000 students, faculty and staff were denied access to the School of Engineering and Applied Sciences' server when Ryan Goldstein, now an Engineering junior, and a New Zealand-based hacker caused the server to crash by sending out thousands of spam messages from an e-mail account,.
Goldstein later pleaded guilty to computer-fraud charges in federal court.
"That's a very unusual situation and if we knew things like that were going on we would take action similar to the Goldstein case," Lupton said.
Engineering School officials say they boosted server security after the incident.
But system administrators have no means of preventing attacks.
"The best thing we can do is tell people not to transmit their passwords over a Web site that you don't absolutely know is a legitimate Web site," Lupton said.
Aside from risks of identity theft, this new variety of phishing may have broader implications for e-mail users.
If a university system becomes recognized as a source of spam, messages - even legitimate ones - from the university will be filtered in recipients' spam folders, Pearson said.
The Federal Bureau of Investigation - which investigated the Goldstein hacking incident - said it's hard to tell if there's been an increase in attacks on college servers.
"There's no way to quantify it," said Jerri Williams, spokeswoman for the Philadelphia office of the FBI.
The fake e-mails, known as phish, have recently changed their tactics to target colleges, according to Douglas Pearson, technical director of an information-sharing and analysis center at Indiana University at Bloomington.
The e-mails have hit dozens of colleges over the past few weeks, including North Carolina State University and Indiana University. The e-mails allege to be from system administrators asking for individuals' passwords and other personal information.
"The phish claims to be from the local school's support group, they make up a reason as to why the recipient has to respond back with their password - and surprisingly a number of people fall for it," Pearson said.
But Penn has been unaffected by a widespread attack.
"We've seen that thing fairly recently, but it's just a variation of the same kind of phishing stuff we all get in our mailboxes on a daily basis," said John Lupton, an information-security specialist with the University's Information Systems and Computing office.
"Once the phishers compromise an account," they then use it to send off thousands of e-mails, according to Pearson.
In 2006, 4,000 students, faculty and staff were denied access to the School of Engineering and Applied Sciences' server when Ryan Goldstein, now an Engineering junior, and a New Zealand-based hacker caused the server to crash by sending out thousands of spam messages from an e-mail account,.
Goldstein later pleaded guilty to computer-fraud charges in federal court.
"That's a very unusual situation and if we knew things like that were going on we would take action similar to the Goldstein case," Lupton said.
Engineering School officials say they boosted server security after the incident.
But system administrators have no means of preventing attacks.
"The best thing we can do is tell people not to transmit their passwords over a Web site that you don't absolutely know is a legitimate Web site," Lupton said.
Aside from risks of identity theft, this new variety of phishing may have broader implications for e-mail users.
If a university system becomes recognized as a source of spam, messages - even legitimate ones - from the university will be filtered in recipients' spam folders, Pearson said.
The Federal Bureau of Investigation - which investigated the Goldstein hacking incident - said it's hard to tell if there's been an increase in attacks on college servers.
"There's no way to quantify it," said Jerri Williams, spokeswoman for the Philadelphia office of the FBI.
Viewing Comments 1 - 10 of 11
Inaccurate
posted 4/14/08 @ 10:00 AM EST
Is this an extension of the April Fools edition? The case against Goldstein had absolutely NOTHING TO DO with sending spam. The server was shut down because of an unintentional distributed denial of service (DDOS). (Continued…)
mike
posted 4/14/08 @ 10:20 AM EST
I just read both the FBI press release and associated indictment, neither of which said a word, explicitly or implicitly, about spam. I'm pretty shocked that the DP editors didn't catch this. (Continued…)
lol
posted 4/14/08 @ 10:43 AM EST
making up stuff so u can keep writing articles about ryan? kinda lame
AJ
posted 4/14/08 @ 11:46 AM EST
Tomorrow's DP:
Fabrication Charges Force Staff Writer Out
Staff writer Thomas Himes was fired yesterday from the Daily Pennsylvanian for knowingly falsifying information for an article he wrote . (Continued…)
Fact Checker
posted 4/14/08 @ 6:49 PM EST
Wow. All the previous posters are very ignorant or very cruel.
No. He didn't make anything up. Repeated attempts to enter a username or password into a database can be called spam. (Continued…)
AJ
posted 4/14/08 @ 7:08 PM EST
I should learn to 'understand simple language'? Maybe you should learn to read.
"...caused the server to crash by sending out thousands of spam messages from an e-mail account. (Continued…)
AJ
posted 4/14/08 @ 8:10 PM EST
My argument, and apparently that of those who posted before me, is that the writer of this article wrote falsities. Namely, Goldstein's case had absolutely nothing to do with spam. (Continued…)
@Fact Checker
posted 4/14/08 @ 9:18 PM EST
I think the point is that there's a semi-non sequitur in the article. Sure, both are "computer crimes" but that's a very vague concept in this article. (Continued…)
AJ
posted 4/14/08 @ 10:14 PM EST
Well said. That's one of the points I was trying to make. However, there's another, more important problem with this article.
Continuing your analogy, instead of just trying to relate Malinovskaya's case to a barely related topic, you would have written that she committed assault and battery. (Continued…)
jok
posted 4/17/08 @ 4:34 AM EST
good Website
Post a Comment