GMU Hoax Election Email

November 5, 2008 at 11:31 am · Filed under Current Events

Raw source of the email is here:

http://www.cs.gmu.edu/~mlocasto/docs/nov5-hoax-email.txt

The mail appears to originate from ‘democracyinaction.org’ and ‘wiredforchange.com’ (which don’t really mean anything…who knows who is playing what game?)

The really funny part is that this email came in *after* the Provost sent a rather bewildering email earlier that day warning of “troubling rumours” about the election being moved.

See also: http://chronicle.com/wiredcampus/article/3439/e-mail-hoax-tells-george-mason-students-to-vote-november-5

A follow-up email (below) explains why the hoax was transmitted:

"The sender was able to send the message via the central list because
the sender took action while the system was still delivering the
original message and so the names of recipients had not yet been
cleared out of the announcement database."

From: "Joy R. Hughes, Vice President and CIO" <no-reply@gmu.edu>
Date: November 12, 2008 10:01:00 AM EST
To: ANNOUNCE03-L@mail04.gmu.edu
Subject: Update on Election Day Email Spoofing
Reply-To: "Joy R. Hughes, Vice President and CIO" <no-reply@gmu.edu>


Early in the morning of November 4th, the university’s central
announcement system sent an email from the Provost to members of the
university community negating two rumors about the national election
that had been circulating on campus. Someone used this opportunity
to utilize a form on an outside web server to "spoof" the email
address of the account authorized to send to the announcement list.
Using this form, the person then sent a message purporting to be
from the Provost that stated that the date of the election had been
moved to November 5th.


While it is simple to spoof an address, the information contained in
the header of the message revealed the true path of the message,
clearly indicating it did not originate with the Provost or from any
university system. The company that owns the outside web server has
disabled the form on its site that allowed the person to send this
spoofed message.


Since tampering with elections is a Federal offense, the cybercrime
expert in Campus Police was notified and he immediately contacted
his counterpart in the FBI. The FBI is now investigating.


The sender was able to send the message via the central list because
the sender took action while the system was still delivering the
original message and so the names of recipients had not yet been
cleared out of the announcement database.


In order to avoid future incidents of this type, a manual
verification step has been added to the central process to send
announcements. All of the university’s central announcement lists
will be subject to the new verification process, thus eliminating
the potential for a spoofed message to be sent via a central
announcement list.

Comments are closed.