Patrolling the ‘Net
Student Technology Center charges two UCLA students with e-mail
address forgery
By Jean May Chen
and John Digrado
Daily Bruin Staff
Citing serious infractions of the Student Technology Center
Acceptable Use Policy, Office of Residential Life and Student
Technology Center officials charged two students with e-mail
address forgery, as well as operating unauthorized Internet sites
out of their dorm room.
Second-year biochemistry student Brenton Mar and roommate Brian
Aung, a first-year electrical engineering student, were charged
with these infractions just prior to leaving for winter break.
"They charged us with running a web server, but that was just a
minor thing," Aung said. No reprimands were given after the
students agreed to take the servers offline, he added.
The remaining allegation of e-mail forgery is currently under
investigation, despite the two students’ vehement denial of the
charge.
According to Student Technology Center Director Richard Kroon, a
"spoofed" or forged message originated from Mar’s computer, and was
sent from his machine to about 300 various e-mail accounts across
the country.
When a user signs the Student Technology Center Acceptable User
Agreement and connects to the network, the system assigns his or
her machine an Internet Protocol, or IP address. Ideally, when the
user sets up their Internet software, that address does not change,
giving administrators a way to track unacceptable behavior over the
network.
However, according to Andrew Chiang, a fourth-year computer
science student and technician for the center, a student can change
the IP address on their machine and log into the system. The only
possible problem could be a conflict with other users trying to use
the same address at the same time.
When assigning IP addresses to users, the center "assigns you
one out of a pool of numbers," Kroon said, which makes the identity
of the true sender difficult to find.
Another method of determining the origin of a transmission is
tracking the unique serial number (MAC address) that a networking
card sends out every time it connects to the network. These numbers
are the permanent identification of the card, and cannot be
changed.
"Those numbers are tracked continuously," Kroon said. "Any time
you open a session until you change to another IP address (those
numbers are kept in a log), and when you change your IP address we
track messages from there too."
This means that though an IP address can be changed in an effort
to mask the true sender’s identity, the machine itself will always
send the same MAC address to the network.
In Mar and Aung’s case, the disguising of e-mail addresses is at
issue.
"Masking your identity is, in general, an infraction (of the
center’s Acceptable Use Policy)," Kroon said. "With few exceptions,
we don’t care what you are saying," as long as students follow the
use agreement.
According to the center’s Acceptable Use Policy, unacceptable
behavior which may be subject to disciplinary action includes
"sending chain letters … or mass mailings to individuals who have
not agreed to be contacted in this manner."
In addition, the policy also states tthat "masking the identity
of an account or machine in any manner misrepresenting your
identity in an e-mail or other electronic communication" is an
infraction of the policy and is subject to penalization.
Under this policy, the Office of Residential Life and Student
Technology Center officials initiated proceedings against Mar and
Aung, with an e-mail reprimand on about Dec. 15, 1995.
Mar and Aung then met with Hedrick Hall Resident Director
Delaphine Prysock earlier this week, and were given community
service for their alleged infractions. Prysock declined to comment
on the incident.
However, the students said that they were presented with no
evidence of their wrongdoing other than the header of the e-mail in
question.
The header includes the originating IP address as well as a fake
e-mail address, evidence which administrators deemed incriminating.
It did not include a MAC address.
"You will note that the header indicates that (the message in
question) originated from your (IP) address," Kroon wrote in an
e-mail to the students. "You will also note that the e-mail name is
… a valid account but not one that belongs to either of you. This
qualifies as e-mail spoofing."
However, there is no indication that the center’s officials
matched the IP address to the MAC number transmitted by Mar’s
networking card.
Although the center’s records report number, IP address, and MAC
address every time a user connects to the network, these records
are deleted after a specified amount of time. In this case, logs
recording the crucial transaction may have been deleted prior to
the students’ punishment.
When asked what kinds of evidence he would cite to convict a
student of a system-use violation when usage logs no longer
existed, Kroon stood by his determination of the facts.
"It would be our own statement that at the time we deleted the
logs they were accurate and said what they said," Kroon
asserted.
However, the students involved said that they were never
presented with evidence that the IP address on the e-mail header
matched the recorded MAC number specific to Mar’s computer.
"They said they had the logs (with) the MAC addresses, I guess,"
Aung said. "They really didn’t say too much about anything."
The need to find appropriate responses to e-mail abuse is an
explosive issue at colleges and universities. College students are
often given free e-mail accounts, and regulatory actions are often
labeled as affronts to free speech and violations of privacy.
College system administrators and deans find themselves dealing
in an area where set standards are not available to guide them in
disciplining abusers. Heated debated ensued last November when the
UC Office of the President proposed guidelines for usage of
university e-mail accounts. To date, those guidelines have not been
finalized.
At the California Institute of Technology, doctoral candidate
Jinsong Hu was expelled for sexually harassing another student
largely via electronic mail – a common abuse of the privilege.
On the other side of the country, the Massachusetts Institute of
Technology (MIT) has found a way to deal with its own e-mail
abusers. The university developed a system called "Stopit" to
handle harassment complaints.
"If we had a message … that met institutional standards for
harassment, and we were convinced that we knew who the perpetrator
was, we’d submit a complaint to MIT’s Committee on Discipline
rather than handle the matter ourselves," said Gregory Jackson,
MIT’s director of academic computing.
"If it were a first offense – that is, not a ‘Friend of Stopit,’
as our habitual offenders are known – then we’d probably have a
conversation with the perpetrator first," Jackson explained. "Our
usual goal is to prevent recurrence of the problem, not to punish
unless punishment is the best way to prevent recurrence."
In contrast, Mar and Aung, who have no prior convictions of
computer abuse, have already been sanctioned by their Resident
Director with a total of 40 community service hours.
Although student conduct hearings can be held for those
contesting Office of Residential Life policy violations, this has
not occurred in this case. At such hearings students are given the
opportunity to present evidence in their defense to a panel of
peers.
If a student is found guilty or admits responsibility in the
hearing, the appropriate sanctions will then be applied. These
sanctions are also subject to appeal.Comments to
webmaster@db.asucla.ucla.edu