News

In Fight Against Trump, Harvard Goes From Media Lockdown to the Limelight

News

The Changing Meaning and Lasting Power of the Harvard Name

News

Can Harvard Bring Students’ Focus Back to the Classroom?

News

Harvard Activists Have a New Reason To Protest. Does Palestine Fit In?

News

Strings Attached: How Harvard’s Wealthiest Alumni Are Reshaping University Giving

News

A Reluctant Fight: Inside Harvard’s War With Washington

Kareem Abdul-Jabbar at Harvard College Class Day 2025

News

Kareem Abdul-Jabbar Commends Harvard for Resisting Trump at Class Day

Fake E-Mail, Other Abuses Plague 'Net

College Struggles to Regulate Ethics On Electronic Frontier

By Andrew L. Wright, April 6, 1994

Fraud is only one problem affectingstudents. Users must also face the possibilitythat an unauthorized person may gain access totheir account.

"Every three days we get a mail message fromsomeone saying 'my account was broken into," sayOuchark. "It's normal."

But some network users say break-ins are toonormal. Gene McAfee, an eighth-year graduatestudent at the Divinity School, says he has had aUniversity account linking him to the Internet forfour year. And until this past "Thanksgiving, henever had a problem.

"When I returned [from Thanksgiving] and loggedon, the firs thing that I noticed was an errormessage saying that a new file was being createdfor my name," McAfee says. "I thought this was oddbut I assumed every-thing would be all right."

Almost immediately, McAfee discovered thatpersonal files and the electronic address book hehad stored in his account were missing.

"I had between 45-60 addresses in therebefore--addresses of people all over the countryand world, friends and colleagues in Jerusalem,"he says.

McAfee says HASCS personnel later determinedthat at least four different hackers--based in NewYork City, Los Angeles, St. Louis and WashingtonD.C--had broken into and cleaned out his accountwhile he was away.

HASCS was able to restore much of what he lostby using the University's back-up tapes of filesin his account, McAfee says.

"The main thing that I got out of this is thatI don't leave things in my folder on theUniversity account," McAfee says. "If you've everbeen burglarized you know there's great sense ofhaving been violated and a sense of "Why wouldsomebody do this?'...I'm more aware of thevulnerability of the system than I was before. Idid live in a false sense of security."

While frequent enough to cause alarm, break-inslike the ones on McAfee's account are not the mostcommon form of security violations, Kim, thecomputer society president, says violations oftenoccur after a person has left a computer andforgotten to log out--leaving all personal filesavailable for inspection.

In addition, Kim says that by placing a specialtext file in another person's account, an intrudercan log in whenever he wants.

"People can mess around with other people'saccounts without them knowing," says Rolland W. Ho'97, the business manager of the Harvard ComputerSociety. "If you forget to log out, people canleave hidden files in your account which willredirect your e-mail."

Some computer programs exist which allow formore sophisticated attacks on students' privateaccounts. "Crack," for example, is a freelyavailable program that exits solely to crackpasswords.

"What 'crack' does is to encrypt all the wordsin the dictionary and then match all the words tothe encrypted words. So if people use whole wordsfor passwords then it wouldn't be very had to findthe passwords and then gain access to people'saccounts," says Nina Yuan '94, who wrote herthesis on issues involving electronic security.

Some network users can write their own programsto beat passwords, students say.