back to article You can ring my #bellogate. EMAIL STORM hits 29,000 hapless UCL students

Sysadmins at the University College London (UCL) are battling an email storm after spam messages were sent to nearly 29,000 people on an all-student mailing list. The uni's IT director Mike Cope apologised for the blunder, which happened overnight. UCL students woke up to find spam messages clogging up their university email …

face plam

The elite gifted intellects of the future? Or moronic self entitled work dodgers? Even my 12 year old knows to not reply or click links on or unsubscribe from a dodgy looking email.

As Pal Calf said, students, i hate students, bag of shi...

10
17

Re: face plam

Speaking of face palm... they might not know they shouldn't reply to the list but you don't know how to type and then proof read.

Which is worse?

7
6
Facepalm

Re: face plam

" i hate students"

Damn that edumafication thing! It just cause trubbole!

11
1
Silver badge
Mushroom

Re: face plam

Better use the nucular option!

2
0
Silver badge

Re: face plam

I guess that's just a poor attempt at trolling. Ho hum.

1
0
ZSn

Funny enough the ucl alumni mail accounts *haven't* been spammed but I believe that that doesn't run on the outlook.com servers the the undergrads do (and is free) but some other companies servers (and that you have to pay for). Perhaps a paid for account that isn't controlled by some microsoft subsiduary is the answer?

4
6
Anonymous Coward

I work for a large company...

...and like all large companies, we occasionally have staff cutbacks.

I've often thought that it would be a good idea to send a message to the whole company, about some nonsense that would not be relevant to anyone. The name of each person who sends "please remove me from this mailing list" and replies to all should be forwarded to the HR department and automatically added to the cutback list.

Anon, obviously.

21
0
Gold badge
Paris Hilton

Re: I work for a large company...

Please unsubscribe me from the redundancy list!

THX

4
0

Re: I work for a large company...

Using reply-all on an email that was sent to a large list should be a fire-able offense anyway... Also, expanding very large mailing lists before sending, BCC'ing large distribution groups, and overly-large signatures.

2
0

Re: I work for a large company...

The best reply-all response to one of these internal corporate mail storms I've seen is:

"Please unsubscribe me from this mailing list. And if anyone else uses the reply-all button, the bunny gets it."

At which point, predictably, HR stepped in with their own reply-all response...

2
0
Anonymous Coward

Re: I work for a large company...

Our company did something just like that but without the HR bit.

Anyone who responded to the specially crafted message was targeted for additional training on keeping company data safe.

Anon for obvious reasons

7
0

Re: I work for a large company...

HR - those that practice it are barely smart enough to spell it

2
0
Silver badge

Re: I work for a large company...

Nothing wrong in HR that cannot be solved with Going Postal Event.

3
0
Silver badge
Headmaster

Re: I work for a large company...

HR - those that practice it are barely smart enough to spell it

Shouldn't it be practise ?

8
0
Silver badge

Re: I work for a large company...

>Using reply-all on an email that was sent to a large list should be a fire-able offense anyway

A lot of companies actually disable the reply all button in Outlook on corporate computers using policies.

0
0
Anonymous Coward

Re: I work for a large company...

Yep, the large company I work for does that too - it may even be the same company.

0
0

Re: I work for a large company...

Verbification of nouns - I've been buzzworded

0
0
Silver badge
Devil

Re: I work for a large company...

"Anyone who responded to the specially crafted message was targeted for additional training on keeping company data safe."

Presumably almost all of HR ended up on the training course?

0
0
Anonymous Coward

Not so true

UCL uses the abysmal ( lots of expletives..) email system called Office 365.

so there was no load on the servers , only on M$FT side. the spam filter is shite anyway but making a schoolboy error and not limiting the DL so not everybody can email to it is unforgivable. its a bad system and with an even worse implementation. worst of all it replaced a system which worked well.

Lets centralise !! and cock up everything

Anon for obvious reasons

7
5
Anonymous Coward

Re: Not so true

"UCL uses the abysmal ( lots of expletives..) email system called Office 365."

That's based on Exchange which is by far the best corporate scale email system that there is.

"the spam filter is shite"

The SPAM filter is as good as you want it to be: http://blogs.technet.com/b/exchange/archive/2014/08/18/spam-email-and-office-365-environment-connection-and-content-filtering-in-eop.aspx

"but making a schoolboy error and not limiting the DL so not everybody can email to it is unforgivable."

So that's the real issue here.

7
1
Anonymous Coward

Re: Not so true

Exchange is good

they dont give control over anything, departments have their own IT and had their own Exchange boxes.

now central IT deals with it only. the few hours a week spent on email related issues have risen by a significant amount since office 365 was shoved down the throat.

trust me , it is a nightmare. for every issue they respond that our network causes the issue...

i know the spam filter bit but doesn't have access to it....

0
3
Anonymous Coward

Re: Not so true

So your real issue is that your IT department don't manage Office 365 effectively, not that the system itself is lacking...

4
0
Anonymous Coward

Re: Not so true

Thats true, but our point of view is :

they took away our mail servers and promised a product and the product did not deliver

2
5
Happy

Re: Not so true

"Anon for obvious reasons"

Would that be for the appalling spelling and grammar?

5
1

Re: Not so true

your mail servers were not "taken away"

Microsoft are all for the cloud

give bill gates a ring you turd

2
2
Silver badge

Re: Not so true

It's scary though, I got a new phone and went to set up the work email on it. Then I discovered the list of things I had to allow the corporate email system to do to my phone, including a complete factory reset and disabling all sorts of things I use. So I don't have access to the work email system on my phone because I'm not agreeing to that list of permissions. I fully understand why such actions might be needed, but I don't wish to be subject to them so I opted out.

2
1
Anonymous Coward

Re: Not so true

'they took away our mail servers and promised a product and the product did not deliver'

The problem here is that it did deliver.

4
0

This post has been deleted by its author

Anonymous Coward

Re: Not so true

not taken away, but higher powers forced us not to have a departmental exchange server which was working fine.

i turn the turd calling back at you ,,,

0
3

This post has been deleted by its author

Anonymous Coward

Re: Not so true

Unfortunately, the mailing list abused was not on the Live system - this was an in-house list with no controls on senders. The Office 365 distribution lists would not have allowed an external mail to be sent without authentication - I know, I've asked for this and they're not set up in this fashion.

I suggest you limit your Microsoft bashing to times when they are actually at fault.

AC as I work at UCL and actually have a clue about this. Had requested ACLs on the UCL based lists, or a move to Office 365 based lists several months ago..

3
0
Anonymous Coward

Fiat currencies

"Now central IT deals with it only. the few hours a week spent on email related issues have risen by a significant amount since office 365 was shoved down the throat."

Our departmental mail support load is up by a factor of at least 10 - we had to take on an extra staffer primarily because office365 is such a pile of shite compared to our previous solution.

To add insult to injury, imap resources are deliberately restricted on a per-individual and sitewide basis and if you exhaust the individual limits (ie, if you handle lots of mail, where "lots" = slightly above average), you'll find yourself locked out for 24-48 hours, whilst the sitewide limits are reached virtually every day between 1130-1230 and 1600-1730, making checking mail a hit-and-miss affair (the support desk's canned answer is "Use the web interface, not an imap client")

The whole stinking deal was a clusterfuck, took more than 3 years to implement, cost over 5 million squid and was probably sealed by a handshake on a golf course somewhere (the previous Provost announced the move to outsourced mail out of the blue and caught a lot of people by surprise, including ISD).

Whilst the old mail system was a tad flaky that was entirely down to overloaded hardware (which was fairly old) and 5 million buys a LOT of hardware. What UCL has now is significantly worse than it used to have centrally and an utter disaster for departments who used to run their own well-maintained mailservers.

The public accounts committee would have a field day.

Anon because I work there.

2
0
Silver badge
WTF?

Whoop De Doo

Opened my UCL account and found 2785 unread emails - Thank you #bellogate! #lol

2785 unread emails? Just another day in my Hotmail inbox...

#bloodystudents #nobodygivesashit

9
1

This post has been deleted by its author

Silver badge

sounds familiar

Mail lists internally, Check.

Many users belong to the same external lists, check.

Many users on holiday with out of office replies enabled, check.

One mail server somewhere not smart enough to send just one reply to the same message, check.

Mail server running a bit hot, check!

Inbox with 30,000 plus messages, check!!

0
0
Silver badge
Flame

Panic

My wife has started a masters at UCL and has only just been given access to the university mailing system. This afternoon she was trying to plough through the thousands of spams in her inbox, when she found that she has to do a presentation - tomorrow morning!

0
0

Re: Panic

Tell her to not bother and just blame bellogate on the fact she didn't know ;)

3
0
Silver badge

Re: Panic

Why not implement a rule or two?

2
0
Silver badge

Re: Panic

It did occur to her to pretend she hadn't seen it. She spent half the morning on the phone trying to confirm the time and location (missing from the email), complicated by the fact that voice mail wasn't working due to peoples email in-boxes being full of spam. In the end she went down there and did the presentation, and was glad she did.

0
0
Anonymous Coward

bello

bello!

0
0
Silver badge

Re: bello

Reply all: As Megamind would say, "Ollo?"

0
0
Headmaster

A Beautiful War

I wondered what it was supposed to mean. It could just be a misspelling of bellow, but apparently it could also mean "beautiful" or "war", depending on what language they're speaking. All of the above seem strangely apt.

0
0

Wow, is it 1997 again?

1
0
Holmes

Is it spam? Only your BOFH knows for sure?

Not at all a clear presentation of the problem here. The original message was apparently some sort of trap, but what was the payload in the actual spam messages? The article is so fuzzy that I can't figure out if it is bad reporting or an attempt to protect a still-vulnerable attack vector--but I bet the spammers are all abuzz in that case.

It does remind me of a countermeasure. The key problem is that there are some quasi-legit spammers like Best Buy. Sure, they send unsolicited spam, but they actually do have an unsubscribe mechanism, but there is no way to tell how bad a spammer Best Buy is from their spam. The email providers need to test the unsubscribe mechanisms with honeypot addresses and tell us whether or not they work. Mostly I'm talking to the EVIL google there, since they have made their unsubscribe button more accessible lately, but without providing ANY useful information about when to click on it.

I think the Best Buy case is worth extra mention, by the way. I thought they were a good company and it had to be some kind of phishing scam buried in the giant spam. Boy, was I shocked when they admitted they were spammers. Let me assure you that I will NEVER buy anything from Best Buy or ANY other spammers.

0
2
Silver badge

Undergrads

Many will be away from home for the first time.

Most will have gone from a protected school system to the Uni's system, which supposedly has much more sophisticated and grown up IT support than their schools' did.

Most will trust their Uni's systems for all of those reasons and because it is, after all, their Uni to which they have a general trust and loyalty. (Unlike in my day, when the University's admininstration was automatically seen as the enemy with suits).

Add in that ( also unlike in my day) they have a heavy workload of assignments coming their way - probably mostly by email.

It's not surprising that these kids didn't act like seasoned IT professionals.

(Caveat - if they have a computer science faculty and those students responded so poorly they should all be given an immediate fail IMO).

0
1
Anonymous Coward

Re: Undergrads

Innmy experience the CS students are exactly the ones that will respond poorly.

0
0

They put 29,000 students...

...on an UNMODERATED mailing list? I'm amazed their servers didn't melt years ago. Nothing goes on our lists unless it's checked.

0
0
Anonymous Coward

Re: They put 29,000 students...

I must admit, that did make me wonder a bit. I guess the Uni's registry has details of all the students, including the email they've given and the one they've been assigned. But why that comes on to a unified mailing list is another matter.

When the students applied they will have used their own address.

When they started their course they will have been assigned a name.name@institution.ac.uk address. I guess that has to be in a central list / database so that a unique name can be assigned.

But after that, why it is accessible to send to all the list members is a bit of a question.

0
0

Bank Details?

It wouldn't have occured to me that bank details might be at risk from a simple reply-all/spam/email storm. But, <engage tinfoil hat> why would he feel the need to specifically mention that?

Reminds me a bit of this xkcd: http://xkcd.com/463/

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018