SMS
RSS feeds
Reddit
Newsvine
Enlarge
In response to recent compromises to campus email security, Stanford has set up a new monitoring program designed to eliminate spam coming from Stanford email addresses.
This wave of spam from compromised Stanford accounts prompted Internet Service Providers (ISPs) Hotmail, Yahoo! and America Online to block all incoming emails from Stanford addresses. In response, on Feb. 29, ITS began filtering outgoing campus emails, rejecting those that displayed a high probability of being spam. Since then, the ISPs have ceased to block Stanford emails.
Over the last month, numerous email accounts on campus have been targeted by phishers claiming to represent the “Stanford Team.” The phishers’ requested the addressees’ usernames and passwords, which the phishers used to flood off-campus email accounts with spam from the stanford.edu addresses, according to ITS. Since Feb. 18, approximately 50 student, faculty and staff email accounts have been compromised.
“You should always be wary when asked to provide any type of account and password information when you yourself have not initiated the correspondence,” Nancy Ware, director of strategic planning and communication for ITS, wrote in an email to The Daily. “Stanford does not send emails which request that you provide your password via email.”
ITS will continue to monitor outgoing emails for spam indefinitely, according to Ware. As for the phishers, Ware stated that it is unlikely that they will be identified or charged for compromising Stanford emails.
“Attacks like this one usually come from ‘rented’ bot-net addresses, which change frequently and are distributed throughout the world,” she said. “Tracking them down would take international law enforcement cooperation, which, while possible, usually only happens in cases where there is a demonstrably large amount of worldwide damage.”
The “threshold” for determining the probability that an email going out from a Stanford address is spam will be determined using the same anti-spam program that ITS has used since October 2006 to keep spam from being delivered to campus accounts. Outgoing emails registering a 90 percent or higher chance of being spam are automatically discarded, while those from 80 to 90 percent are routed to a dedicated server for evaluation by the respective ISP.
“There is a very limited possibility that legitimate outbound email would be deleted,” Ware said. “But we feel the likelihood is slim.”
According to Ware, despite emails sent Friday to all student residences warning of the scam, five additional accounts were compromised over the weekend.
In an effort to better communicate the danger of being phished to residences, Resident Computer Consultants (RCCs) will be meeting with Residential Computing over the next week to discuss how to inform residents about both the dangers of phishing and the new spam filter.
“Just like any other changes in the system, RCCs will inform their residents about them,” said Jennifer Ly, RCC manager and computing info systems analyst.
Trancos RCC Mike Chung ‘08 claimed he and other RCCs were notified following the latest round of phishing and were told to inform their residents about the risks present.
“This is the first time that I’ve seen something of this scale happen,” Chung said. “It does happen on a considerable level, but it’s usually not a very widely blown thing.”
In the coming weeks, he expects that he and his fellow RCCs will begin to communicate the risks and warning signs of being phished more thoroughly to residents.
“Just forwarding an email may not be sufficient,” he said. “I believe RCCs will be taking the steps to make sure the residents understand the situation.”