Wessex Scene Receives Hoax Email Concerning Attack at Glen Eyre Halls

18


The Wessex Scene and Soton Tab Editors received a hoax email which appeared to be sent from the University Control Room at 21:26 tonight, Sunday May 5, concerning an alleged attack and hostage situation at Glen Eyre Halls.

Glen Eyre Halls of Residence
Glen Eyre Halls of Residence

The email stated that an armed man had ‘attacked a small number of students (less than 10), leaving them all with minor injuries’.

The email also made claims about the attacker, saying he was hiding in an office building on the site and that he was possibly holding hostages.

After contacting University Security, we can now confirm that the email was not sent by them as the account holder of unisecurity@soton.ac.uk cannot send emails from this account.

University security say their next step is to contact the University IT department on Tuesday and from there hope to work out where the email was sent from.

The Wessex Scene will keep you updated as more information becomes available.

avatar

Discussion18 Comments

  1. avatar
    How embarrassing

    Surely the real question is why did the WS release an article and potentially cause a panic without verifying their facts? Any ten year old can spoof an email.

    • avatar

      We received an email from an official university account, so actually it’s a lot more serious than ‘a ten year old spoofing an email’. We responded as quickly as possible to what seemed like a very serious event, and were attempting to ascertain what exactly was occurring at the same time. The first article was published in error and was taken down within one minute of its publication so as not to cause alarm. This article should reassure anyone affected by the contents of the original email.

      • avatar

        “We received an email from an official university account”

        Did you though? Seriously, it is very easy to set the “from” email address to whatever you like.

        • avatar
          Ellie Sellwood

          let me clarify, what Sam means is that we received an email from what looked like the official University Security account because all contact details at the bottom were correct.

          • avatar
            Ellie Sellwood

            and the email address itself looked legitimate. Thanks for your concern.

          • avatar

            If you are interested in the proper way to verify the authenticity of email, take a look at digital signatures https://en.wikipedia.org/wiki/Digital_signature .

            Security must sign email sent from their account, and you must verify the signature when you recieve it, someone attempting to forge email should not be able to create a valid signature.

        • avatar
          Ellie Sellwood

          I appreciate that you are proving a point here, but the fact is that this is highly serious seeing as the sender impersonated the University security department and sent an email which contained highly sensitive material. I’d suggest not showing how much you know about such practice at this present time.

          • avatar

            Hmm… Some basic IT knowledge and a link to a Wikipedia article is all it takes to make a threatening accusation!?

      • avatar

        So are you accusing security of having poor, erm, security practices of their own then? Any 10 year old CAN spoof an e-mail from an official University accout!

          • avatar

            Why are so many people in the comments on the WS so purposefully inflammatory and idiotic (and always withhold their actual names)? The editors have apologised for the original article which was taken down almost immediately, and this IS a very serious incident. Pretty sure if it had been real and they’d just said, “Oh, you know any 10 year old can spoof an email, let’s ignore it in case it’s fake” you’d have had something to say. Stop being a moron.

          • avatar

            In my case it is because I believe people should talke this issue more seriously, certainly in the case of journalists comunicating with the University. I also see no reason to give my name.

            I accpet the apology from the editors, and recognise that this issue is serious, but I think that the serious issue here is the way in which the Wessex Scene reacted to the obviously insecure and unauthenticated communication from someone claiming to be associated with the University Security.

            If they had said “Oh, you know any 10 year old can spoof an email, let’s ignore it in case it’s fake”, that would also in my opinion be an bad response. A good response would be “The email does not include a valid cryptographic signature that identifies it as coming from University Security, it should be treated with suspicion, and University Security should be contacted”.

          • avatar

            “We received an email from an official university account, so actually it’s a lot more serious than ‘a ten year old spoofing an email’.”

            Saying it is a lot more serious than spoofing, by definition means it was not spoofed. If it was not spoofed, the only alternative is it was really sent from the security e-mail account.

            You lot need to get your story straight.

          • avatar
            Ellie Sellwood

            I apologise that I have never been faced with a situation like this, but in the interest of the students we were ready and published prematurely an article outlining the events that the email outlined. We realised within the space of about 5 minutes that these details were in fact incorrect and had been sent from what looked like the University security’s account. I am now in full co-operation with the University’s IT dept. and University security to ascertain whether someone hacked the account or whether indeed it was a spoof. Please excuse me while I attempt to get this story straight.

Leave A Reply