Hoax e-mail postponing election sent to 35,000 at GMU

Hacker gained access to list server with credentials of George Mason University provost

About 35,000 students, faculty members and staffers at George Mason University in Fairfax, Va., today received a hoax e-mail saying the presidential election had been postponed to Nov. 5. The phony message appeared to be from the university provost's office.

The e-mail was sent by an unknown hacker who managed to gain access to a university list server using the provost's user credentials.

The e-mail was sent around 1 a.m. last night and generated a flurry of calls from parents and students wanting to know what happened, said GMU spokesman Daniel Walsch. For the most part, those who called were not fooled by the hoax but wanted to know why it was sent out, Walsch said.

"We did get a number of calls from students and parents wondering what was going on," he said. "Some of the people were not sure if the message was legitimate," because it appeared to be coming from the provost's office, the spokesman said.

The matter has been turned over to local law enforcement authorities and the FBI, Walsch said. "We do not know who was involved," Walsch said, "But if we find out who did this, we intend to prosecute that person or persons to the fullest extent of the law."

According to Walsch, the list server used to send the bogus e-mail is typically used to send out alerts relating to issues such as weather-related closures. Only a "handful" of people at the university have access to the list server, he added. It didn't appear as though the person who sent the hoax e-mail had hacked into the system. Instead, the perpetrator appears to have used the provost's credentials to gain access to it and send out the e-mail, he said.

GMU is certified as a Center of Academic Excellence in Information Assurance Education by the National Security Agency. In January 2005, it was the victim of a hacker attack in which the names, photos and Social Security numbers of more than 32,000 students and staffers were compromised in an intrusion into the school's main ID server. The intruders also installed tools on the ID server that allowed other campus servers to be probed.

Copyright © 2008 IDG Communications, Inc.

Shop Tech Products at Amazon