25 campus email accounts hacked in phishing attack on Monday night

Cause of breach unknown; students with compromised accounts locked out of network

April 18, 2014

Bowdoin email servers experienced an attack in which hackers used several student accounts to send spam on Monday evening between the hours of 5 p.m. and 7 p.m. When the breach was detected, Bowdoin Internet Technology (IT) temporarily shut down the accounts involved. The initial cause of the breach is not known at this time, but the accounts have since been restored.

Monday night’s incident was a phishing attack similar, but unrelated to the one reported by the Orient in late September. Information and Technology Security Officer Steve Blanc said that no personal or sensitive information was compromised and that the purpose of such attacks is merely to use Bowdoin servers to send spam to other locations on the Internet.

Most phishing attacks are discovered very quickly, as they tend to send a massive amount of messages—usually up to 10,000—in the first few minutes of the attack. This massive outflow of messages triggers alerts and security systems. According to Blanc, in this attack hackers took control of 20 accounts and sent five to 10 messages—every few minutes—allowing them to stay under the radar for longer.

For students whose accounts were disabled, it was a frustrating night. Megan Massa ’14, said that she received no warning that her account would be disabled, but was suddenly unable to access her email, wireless or computer account from anywhere on the Bowdoin campus. In her communications with IT, she requested that the department develop a way of notifying students, possibly through their phones, when their accounts are at risk. Blanc said that this is something IT is working on.

“It left us metaphorically and literally in the dark,” said Massa. “I couldn’t get on any place on campus in terms of my account, it was just gone.”

IT discovered the breach when a spam detection service, SpamCop, alerted them to the inordinate amount of spam they had been sent from Bowdoin accounts.

The danger of these attacks does not necessarily lie in the leaking of confidential information, but rather in the possibility that Bowdoin servers could be blocked in other places on the Internet if they send too much spam. Blanc said that this is the most common type of attack the College sees. In spite of the incident, IT remains confident in their security systems.

“People don’t always understand that when they get the dozen or so spam messages a day in their mailbox that we’re actually blocking a thousand for that person that aren’t getting through,” said Blanc.

Tina Finneran, director of academic technology and consulting, said that having someone in Blanc’s position gives the College information security that not all institutions have.

“Bowdoin is way ahead of the game in having Steve already,” Finneran said. “He went through serious training and recertifications keep his skills up to date.”

Comments are permanently closed.