Thousands of students receive irritating e-mails
About 6,000 students received a series of unsolicited e-mails they described as “annoying” and “ridiculous” after a USC alumnus found a glitch that enabled him to e-mail the Undergraduate Student Government’s listserv.
On Feb. 20, graduate Dennis Roberts used the USG listserv to e-mail students a link to “The Daily Crow,” a blog that features pictures that integrate the word “crow.”
Roberts said he sent the e-mail as a joke and that there was no meaning to “The Daily Crow.”
“I kind of suspected that it could be done for a while because I got so many e-mails saying ‘test’ or ‘take me off this listserv,’” Roberts said. “I got fed up of getting all these random e-mails from USG and kind of filling my inbox with spam, so I just decided to, as a joke and to see if it could be done, to send out a student project that we were working on.”
But some did not see it as a joke.
Paige Hill, USG director of communications, called the e-mail “immature” and “inappropriate.”
“It’s really frustrating that a fellow student would do that,” Hill said. “I’m actually kind of frustrated at ITS because they did not convey to us that the listserv was not completely secure.”
USG has used the listserv for more than five years and Hill said it has never encountered this kind of problem.
Listservs usually come with safeguards, where only the list’s administrators can use it to send out e-mails. The USG listserv, however, was not set up in this manner, leaving it prone to exploitation. Therefore, whenever a student hit the “reply all” link, all the people on the listserv would receive the e-mail.
Roberts’s e-mail generated a chain of replies that were received by everyone on USG’s listserv. The replies ranged from confused inquiries to advertisements for student groups.
On Sunday, USG issued an apology to the members of its listserv.
“USG would like to sincerely apologize for the array of inappropriate e-mails you have received this weekend,” the e-mail said. “Unfortunately, one of our fellow students hacked our system and has since been harassing the USC community with an array of immature and ridiculous messages.”
USG also sent Robert what he called a “threatening” e-mail, saying they were going to take the issue up to the administration, calling his actions “disgusting” and saying that additional action would be taken.
Roberts said he often receives e-mails from the listserv that are not directed at him and are generated when people hit “reply all.” He said he thought USG’s response was “over-the-top” and wondered if they thought he was the one sending out all the e-mails, even though he only sent out one that generated many responses.
“They’re angry with me, I guess because I sent out that one e-mail and they’re not happy about that,” Roberts said. “But if they’re going to be angry, then they should be angry at themselves for setting up something that is so easy to take advantage of.”
Roberts said there was no particular reason for the link to the “Daily Crow.”
“The crow blog was pretty dumb,” Roberts said. “In terms of all the projects that I’ve ever created or worked on, it’s probably the stupidest thing ever … I was like, ‘Oh, if I’m going to send out something to 10,000 people it might as well be something as stupid as this crow blog.’ I don’t think my e-mail was immature, but the crow blog was pretty stupid.”
One student who received the chain of e-mails said she tried to disregard them and did not click any of the links.
“I sort of thought it was spam so that’s why I didn’t click on any of the links to the websites because I thought some virus would overtake my computer,” said Keanna Harper, a freshman majoring in business and cinematic arts.
Harper said she thinks USG should take steps to protect students’ information.
“If someone can take it that easily, how do you know they can’t get my personal information that USG has, like phone numbers?” she said.
ITS was unavailable for comment.
“USG would like to sincerely apologize for the array of inappropriate e-mails you have received this weekend,” the e-mail said. “Unfortunately, one of our fellow students hacked our system and has since been harassing the USC community with an array of immature and ridiculous messages.”
I’d hardly consider hitting the reply-all button “hacking,” USG–it speaks more about your lack of system controls than anything else.
ya dennis.
There is a lot of confusion about this incident. It appears from USG’s response and this article that people believe that Roberts did some sort of hacking or computer abuse.
I’m not sure what standard you are using, but hitting reply-all is not considered hacking.
The real culprits of this problem are the complete security failures at ITS.
Proper blame needs to be placed not on the people who made this problem known but on those who failed to perform their PAID jobs and allows this breach of email policy and computer security.
ITS’s fault?…Not so fast. Listservs are USER CREATED and USER MAINTAINED. List owners CHOOSE how they want their list to be updated. USG did not have their list MODERATED ( http://www.usc.edu/its/maillists/ownercard.html#moderateE ) which left it unprotected i.e. UNMODERATED. Had USG secured the list properly, this would not have happened in the 1st place.