False e-mail prompts

by Lee Williams

PRINCETON, N.J. — The Princeton University student body received news from USG president PJ Kim on Thursday afternoon that he was going to hold “PJ Day” on Dean’s Date. “We will all be so busy worrying over our papers, we will not care about our appearance, and we will all wear pajamas, or PJs,” the e-mail said.
The trouble with the e-mail, titled “My Day,” was that Kim did not send it.
“I’m as baffled as anyone else,” Kim said after he learned that an unauthorized person had accessed the undergraduate student list. Upon discovering the bogus e-mail, Kim sent another explanatory message to the student body.
The unauthorized message was sent from a computer designated “pubnt56” in the Green Hall psychology library, according to Rita Saltz, a senior technical staff member at CIT.
“The message headers did show the machine on campus from where the message was sent,” Saltz said. “CIT has talked with the University officials and a couple of appropriate departments about this. There is a suspect in this matter.”
Nevertheless, the e-list is not completely secure. The unauthorized person would have been able to send the rogue e-mail without using Kim’s e-mail account password. Rather, the user may have changed his or her own e-mail profile to simulate Kim’s profile, Saltz said.
“The identification coming from his account was falsified. The person sending this note managed to make the list believe that it was coming from PJ’s account, even though it was not,” Saltz said.
Deputy university librarian Marvin Bielawski said students can send e-mails anonymously from library computers. “To read e-mail, you do have to log into CIT’s computer, but to send mail, you do not. I believe that’s possible — to get on anonymously.”
Saltz said the university is researching more sophisticated methods of electronically verifying a user’s identity. One such possibility would be to use digital signature certificates, which would be sent along with an e-mail. “Ultimately, it would provide a better level of protection,” she said.
She added that she does not know if the incident will result in changes to CIT security protocol to prevent similar violations in the future. “Certainly I think all of us will be a little less trusting in the future,” she said. “That’s one of the sad spinoffs of this. It may seem funny to the perpetrator, but it creates a level of distrust. That’s a tragic thing.”