Wessex Scene Receives Hoax Email Concerning Attack at Glen Eyre Halls

18


The Wessex Scene and Soton Tab Editors received a hoax email which appeared to be sent from the University Control Room at 21:26 tonight, Sunday May 5, concerning an alleged attack and hostage situation at Glen Eyre Halls.

Glen Eyre Halls of Residence
Glen Eyre Halls of Residence

The email stated that an armed man had ‘attacked a small number of students (less than 10), leaving them all with minor injuries’.

The email also made claims about the attacker, saying he was hiding in an office building on the site and that he was possibly holding hostages.

After contacting University Security, we can now confirm that the email was not sent by them as the account holder of unisecurity@soton.ac.uk cannot send emails from this account.

University security say their next step is to contact the University IT department on Tuesday and from there hope to work out where the email was sent from.

The Wessex Scene will keep you updated as more information becomes available.

avatar

Discussion18 Comments

  1. avatar
    How embarrassing

    Surely the real question is why did the WS release an article and potentially cause a panic without verifying their facts? Any ten year old can spoof an email.

    Sam Everard
    avatar

    We received an email from an official university account, so actually it’s a lot more serious than ‘a ten year old spoofing an email’. We responded as quickly as possible to what seemed like a very serious event, and were attempting to ascertain what exactly was occurring at the same time. The first article was published in error and was taken down within one minute of its publication so as not to cause alarm. This article should reassure anyone affected by the contents of the original email.

    Sure?
    avatar

    “We received an email from an official university account”

    Did you though? Seriously, it is very easy to set the “from” email address to whatever you like.

    Ellie Sellwood
    avatar

    let me clarify, what Sam means is that we received an email from what looked like the official University Security account because all contact details at the bottom were correct.

    Ellie Sellwood
    avatar

    and the email address itself looked legitimate. Thanks for your concern.

    Anon
    avatar

    If you are interested in the proper way to verify the authenticity of email, take a look at digital signatures https://en.wikipedia.org/wiki/Digital_signature .

    Security must sign email sent from their account, and you must verify the signature when you recieve it, someone attempting to forge email should not be able to create a valid signature.

    Sure?
    avatar

    http://en.wikipedia.org/wiki/Email_spoofing

    Ellie Sellwood
    avatar

    I appreciate that you are proving a point here, but the fact is that this is highly serious seeing as the sender impersonated the University security department and sent an email which contained highly sensitive material. I’d suggest not showing how much you know about such practice at this present time.

    1337
    avatar

    Hmm… Some basic IT knowledge and a link to a Wikipedia article is all it takes to make a threatening accusation!?

    Hmm
    avatar

    So are you accusing security of having poor, erm, security practices of their own then? Any 10 year old CAN spoof an e-mail from an official University accout!

    Ellie Sellwood
    avatar

    no such accusation was made.

    Bex
    avatar

    Why are so many people in the comments on the WS so purposefully inflammatory and idiotic (and always withhold their actual names)? The editors have apologised for the original article which was taken down almost immediately, and this IS a very serious incident. Pretty sure if it had been real and they’d just said, “Oh, you know any 10 year old can spoof an email, let’s ignore it in case it’s fake” you’d have had something to say. Stop being a moron.

    Anon
    avatar

    In my case it is because I believe people should talke this issue more seriously, certainly in the case of journalists comunicating with the University. I also see no reason to give my name.

    I accpet the apology from the editors, and recognise that this issue is serious, but I think that the serious issue here is the way in which the Wessex Scene reacted to the obviously insecure and unauthenticated communication from someone claiming to be associated with the University Security.

    If they had said “Oh, you know any 10 year old can spoof an email, let’s ignore it in case it’s fake”, that would also in my opinion be an bad response. A good response would be “The email does not include a valid cryptographic signature that identifies it as coming from University Security, it should be treated with suspicion, and University Security should be contacted”.

    Hmmm
    avatar

    “We received an email from an official university account, so actually it’s a lot more serious than ‘a ten year old spoofing an email’.”

    Saying it is a lot more serious than spoofing, by definition means it was not spoofed. If it was not spoofed, the only alternative is it was really sent from the security e-mail account.

    You lot need to get your story straight.

    Ellie Sellwood
    avatar

    I apologise that I have never been faced with a situation like this, but in the interest of the students we were ready and published prematurely an article outlining the events that the email outlined. We realised within the space of about 5 minutes that these details were in fact incorrect and had been sent from what looked like the University security’s account. I am now in full co-operation with the University’s IT dept. and University security to ascertain whether someone hacked the account or whether indeed it was a spoof. Please excuse me while I attempt to get this story straight.

    Anon
    avatar

    Whoa, hold on… Wessex Scene and/or Soton Tab actually published an article about the incident after receiving the hoax email?

    Anon
    avatar

    Not sure about the Soton Tab, but the Wessex Scene did. I believe it was published at 9:42, titled “Breaking News: Armed Man Attacks Students at Glen Eyre Halls”, written by Sera Berksoy.

    Boyce
    avatar

    The WS published. The Tab editors realised it was a hoax.

Leave A Reply