A prank has landed five University of Wisconsin at Madison students in hot water and calls into question the integrity of electronic mail networks across the country, including here at the University. Last month, five Wisconsin freshmen living in an "Honors" residence sent several forged e-mail letters to students and administrators. These forged messages included a resignation letter from the Wisconsin's director of housing to Wisconsin Chancellor David Ward, a forged message to students from Ward claiming he was "coming out of the closet" and a letter from Ward to students claiming they had failed to pay tuition. The students were caught by University officials only after they misaddressed some letters, causing them to be sent to a "dead-letter" file that could be checked against logs of e-mail users who were using the system at the time the forgeries were sent. The freshmen are now being disciplined by Wisconsin's judicial system. "We are treating these as forgeries as if they had taken place in any other medium," said Michael Dorl, University of Wisconsin's e-mail security expert. While it is unclear if anyone believed the forged messages, the ease with which the students were able to disguise their origin and the difficulty of tracking the forgers down is making people around the country read their e-mail very carefully. "This seems to have been a pretty isolated incident, but it has raised peoples' consciousness," Dorl said. "Before the incident, a lot of people thought if it came on a computer it must be right." At the University, officials are also urging caution. "I think people have to be careful when they receive e-mail, certainly when you get something as serious as someone resigning," said David Millar, the University's data security expert. "It would be well-advised to confirm anything important." Millar said he knows of a few cases of forged mail at the University, all "on the level of pranks," but he does not think it is "a major problem." "The problem is when [the forgery] causes people to lose confidence in the systems," said Theodore Lee, a consultant at Trusted Information Systems, Inc., of Minnesota, a computer firm that develops programs to safeguard e-mail. Dorl, Millar and Lee described the process used by the Wisconsin students as being "extremely easy" and requiring "trivial" knowledge. "Any reasonably bright student in a place with a system like [the University's] could [forge e-mail]," Lee said. "Each computer trusts the people talking to it." A number of University students, who spoke on the condition of anonymity, said they use programs like Eudora --the very user-friendly software used by the Wisconsin forgers -- to log onto news groups which are supposed to have restricted access and to send forged e-mail. Lee said forging e-mail is no different from forging real mail, except that "it so easy to do and to spread." "The way the Internet is set up a forged message can spread the world over almost instantaneously," he said. One difference between forged e-mail and real letter fraud is that no one is sure whether e-mail forgery is a crime, Lee and Dorl said. The Federal Bureau of Investigation investigates forged letters in some cases, but usually only when government agencies are affected, Lee said. "No Wisconsin laws were broken" in the case of the five students there, Dorl said. Several programs have been created or are in the process of being developed that can make e-mail forgeries easier to detect or prevent by using digital authentication codes to trace messages. Most of this software is available free for non-commercial use. But experts warn this software is still in the early stages of development. "I think it might be a little early for the casual e-mail user" to invest in security software, Millar said. "For someone who needs a high degree of security, it might be worthwhile." The University has begun experimenting with some of this software, Millar said. But, Dorl warned, many of the standards used by Internet to guard against forged mail are out of date. "One of the problems is that the protocols grew up when there was only one computer at every campus," Dorl said. "We're kind of out of that business now."
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
Donate
