A new face for Webmail
USU’s Webmail interface was changed in order to protect student usernames and passwords after it was discovered that the server had been compromised and used to attack five computer services around the nation.
USU was first alerted of the problem when Verizon Wireless sent a complaint reporting the Webmail server was making contact with their service at such a high frequency that they were unable to operate and properly help their customers.
As a result of someone compromising USU’s Webmail server, such an attack, called a denial of service (DOS), also occurred to services at CitiBank, Symantec, Yahoo and a state government computer in Florida, said Bob Bayn, security team coordinator at Information Technology Services.
Bayn said upon learning of the attacks, USU shut down all Webmail accounts to secure the safety of user information because they were unsure of exactly who had compromised the e-mail service and how.
“The old Webmail interface has been replaced because of security and performance problems,” Bayn said. “This attack is generally used by hackers. We are more often the receiver of this than the generator.”
A response team was put into place immediately after Verizon alerted them to the unusual activity, Bayn said. After studying records and transactions, he said the team is unsure of who caused the DOS. However, they do know that user identification and passwords were not revealed.
“The incident response team has completed its analysis of the old Webmail server and concluded that it was being used to do a pass-through DOS, denial of service, attack against Verizon and other computers, but the operating system was not compromised in any way that would reveal passwords,” Bayn said.
USU had been testing new e-mail services and were planning on implementing one in the future. However, when this incident occurred, Bayn said they began using AtMail, one of the e-mail services being considered, as soon as possible so as to not disrupt e-mail usage.
“When Verizon alerted us to the fact that our system had been somehow compromised, we took this as a necessary opportunity to put a new system into use without any advanced notice,” Bayn said. “It was bumpy getting it going, but it worked well in testing. We have plans to do more.”
Stacie Gomm, associate vice president of Information Technology Services, said USU is open to trying alternative e-mail interfaces like AtMail, but will not return to the old Webmail server.
“We have known the old Webmail interface has not been ideal. We didn’t anticipate a DOS attack. We just knew it was weak,” Gomm said.
She said it was amazing that such an incident would have occurred when it did.
“There is never a good time for e-mail to go down, but if it were to go down at anytime, this could not have happened at a better time. We actually had a backup plan in place. If we didn’t have one, we would still be hard pressed today in having an e-mail system backup,” Gomm said.
When switching to the new interface, users’ address books were not transferred to the new server. Gomm said IT is working on a plan to transfer them and they are expected to be available again soon.
On the Webmail homepage, it said, “This new interface will provide continued access to your stored messages but not to your address book. We are working on a way for you to request your address book in ‘CSV’ format for importing to this new e-mail interface.”
For more information regarding changes in the e-mail interface, contact the Information Technology Service Desk at 797-HELP.
ariek@cc.usu.edu