U-M statement on Spoofing Attack

February 8, 2017

The university was alerted about 10:30 p.m. Tuesday of several racist and anti-Semitic emails sent to email groups within the College of Engineering.

The University of Michigan Police Department and the FBI are conducting a joint criminal investigation into the incident. The university’s Information Assurance group also is involved in the investigation.

The U-M Division of Public Safety and Security has increased patrols in the North Campus area where the College of Engineering is located.

The content of the emails has been condemned by the university in general and by President Mark Schlissel specifically.

At this point, it has been determined that the emails were forged or “spoofed.”

Email “spoofing” is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.

This is different from hacking, which involves a cyber attacker taking over an individual’s account by circumventing security systems.

In this case, no one has circumvented any IT security protocols at U-M.

Statement from Engineering Professor J. Alex Halderman

One of the emails was made to appear as if it were sent by Engineering Professor J. Alex Halderman, an election cyber security expert. Here is some of what he had to say:

“This evening many EECS undergrads received emails with racist and antisemitic content that appeared to be addressed from me or from my Ph.D. student Matt Bernhard.

“These messages were spoofed.  Matt and I did not send them, and we don’t know who did.  As I teach in my computer security classes, it takes very little technical sophistication to forge the sender’s address in an email.”

2/8/17 – University Record – Forged emails spread hateful message to Engineering community