Online Threats Increase

Everyone knows how annoying it is to receive lots of Junk Email. Many people are aware how important it is to protect their online identity such as bank account numbers and passwords. However, few people have considered that the two issues can be related, or realise that their University computer account details are also valuable to criminals.

 

Traditionally, Spammers have harvested email addresses in order to create lists of people to send junk email to, and other online criminals have fraudulently obtained account details and passwords in order to steal money. A recent innovation is the use of a victim’s stolen computer account to send out spam.

 

The advantage to a spammer is that, for a short while at least, the source of the emails is a reputable organisation so that the messages are less likely to be filtered out by spam detection software. Of course, if one organisation is repeatedly targetted in this way, or sends out a very large number of spam messages in a short period of time, it will soon become known as a source of spam and will be blacklisted.

 

A blacklist operated by a single Internet Service Provider (ISP) will prevent messages from the listed organisation reaching all of that ISPs customers. Other blacklists such as SORBS (http://www.us.sorbs.net/) are widely used to prevent the delivery of spam and can make it virtually impossible for an organisation to send out any email if they are listed. The University uses multiple blacklists as part of its spam detection regime.

 

The University suffered an incident of this nature in August when a staff email account was compromised and 5,312 emails were sent out to a total of 918,484 recipients over the course of a single weekend. This resulted in the University being blacklisted by a single ISP, Hotmail, for 48 hours, disrupting email communication for many members of staff and students. There was also a loss of reputation for the University as demonstrated by the large number of responses from people who had received the spams indicating “concern” and “disappointment” that we were the source of them.

 

Since then there has been a rapid increase in this form of misuse and at least one staff or student email account is now compromised and used in this way every week.

 

To protect the University, Information Services have developed a automated process which checks the volume of outbound emails from each user account over time and disables any account which appears to be sending out spam. The threshold for this has been based on levels of activity monitored over a few weeks so that the process should not interfere with legitimate use of email. Any user whose account has been disabled for this (or any other) reason should contact the IS Information Centre to request reinstatement of their account.

 

Members of staff who need to send bulk email from their University account, or who supervise students who need to do so as part of their academic activities, should contact the author for advice.

 

This article does not address in detail how the userids and passwords that are being misused in this way have been obtained. The simplest way to protect your account is to never give your user name and/or password to anyone else for any reason at all. There are no legitimate reasons for sharing this information and it is strictly against the University’s IT Use Policy for you to do so.

 

Unfortunately there are many sophisticated technical ways that the information can be obtained through email, websites, and malware (viruses and keyloggers) on unprotected computers. IS will therefore tend to be lenient with users who appear to have fallen victim to a scam but does expect users to be vigilent when they use any computer system other than the ones provided by the University.

 
Alan Richardson
Systems and Network Services Manager