Carleton E-Mail Account Compromised by Hackers
In the fourth week of July 2008, Carleton University came under cyber criminals' attack when they used the official e-mail account of the university to push out several thousand spam mails, clogging the system that delayed receiving or sending of users e-mails. While this delay was for five minutes, the summer students had to wait for about 48 hours to receive their inbound messages.
Cyber criminals launched a phishing assault to compromise the account. They designed a Website that resembled to Carleton site and threatened to terminate the user's e-mail account if he/she did not provide his/her username, password and contact number within 3 days.
Ralph Michaelis, Chief Information Officer at the University's Department of Computing and Communications Services, said that the site was so slow that it seemed to some users that the system had stopped working, as reported by cbcnews on July 23, 2008.
Michaelis further said that these kinds of attacks are very common, but in the current incident, the imitation of the Carleton site was unexceptionally good. Furthermore, an unusually huge number of spam mails were dispatched from the hijacked account.
However, Michaelis reminds staff and students that Carleton do not solicits such information via e-mail.
Furthermore, Michaelis said that the criminals are possibly using the university's system as a platform to launch attacks with e-mail messages that posed to be from the university. He explained that spammers survived by remaining anonymous, so their trick to send out the e-mails from Carleton account made the messages seem they were coming from the university, as reported by cnews on July 24, 2008.
Michaelis also said such manipulation allows creating hoax situations such as making requests for donation that seem to be genuine fundraising attempts by the institution.
Meanwhile, although the university was having its summer vacation and the students' presence was significantly low, those who relied on the e-mail system encountered frustrating moments trying to contact other classmates and teachers.
Michaelis said the problem was rectified fast, however, noted that there had been attack(s) on the university previously too and another would happen in the future.
» SPAMfighter News - 01-08-2008