WJH E-mail Accounts Corrupted, Users Asked to Change Passwords

In the latest in a string of security breaches to the University's computing systems, a hacker broke into the system which hosts the e-mail accounts in the "wjh" domain--including accounts belonging to members of the psychology and sociology departments.

In response, William James Hall Computer Services staff has asked account holders with the "@wjh" suffix to change their passwords.

"Basically someone got into our system and created some havoc around here," said Jon E. Strom, a wjh micro-computer support associate.

Strom said the hacker's entrance caused little trouble beyond the annoyance of creating a new password.

"It's nothing major, but just a big inconvenience for people to change their passwords," he said.

The problem was noted a couple of weeks ago by a system administrator, according to Rick Osterberg '96, coordinator of residential computing support.

This is the third major breach to the University's network this year. In February an intruder broke into the FAS system through terminals in Sever Hall. A similar incident occurred in October in Eliot House.

Osterberg said the most recent incident involved the installation of a "packet sniffer" on the local network to monitor the traffic, which includes login names and passwords.

As is typical in hacking incidents like this, the hacker did not tamper with individual accounts.

"Security incidents like this rarely, if ever, involve people tampering with individual e-mail accounts, or reading people's mail," Osterberg wrote in an e-mail message. "The hackers are more interested in using a particular site as a jump-off point to try to break into other systems, to better hide their trail."

Osterberg emphasized that users across the University could better protect their e-mail accounts by changing passwords frequently.