Jack Leahy
IS Services were stunned yesterday evening as an unidentified student managed to exploit a hole in the College web server and email the entire student population under the name of ‘Trinity Cat’. The email kicked off a storm on social networking sites as the #catgate trend spread across Trinity’s twitterers and facebookers, eager for an opportunity to divert themselves from exam season study.
At 17:09 on Tuesday evening, all 17,000 undergraduate and postgraduate students received an email in their MyZone accounts from ‘[email protected]’ with the subject ‘Timetable Update’. The one-line message, which mimics the text of a cult-popular cat-related website known as ‘Lolcats’, reads ‘(message) CAN WE HAS OLDD TIMETABLE PLZKTNX’.
The message refers to the five-day standoff between College authorities and the Students’ Union concerning the revision of finalised exam timetables to accommodate the visit of Queen Elizabeth II of England on May 17th. After considerable SU-led lobbying involving a mass emailing campaign by over 300 affected students, the College finally relented and agreed to implement the original timetable in off-campus venues.
Student response to the content of the email has generally been light-hearted due to the popularity of ‘Trinny’, a feline resident of College Park whose friendship with regular visitor John McLean has captured the hearts and, it seems, imaginations of Trinity students this year.
However, the incident raised serious questions concerning the security of the College web server, with technical experts among the College Community flabbergasted at the ease with which the perpetrator was able to access exclusive mailing lists which are used by officials to correspond with the undergraduate and postgraduate communities respectively.
‘This is definitely the most serious breach of the college email system I’ve ever seen. There are two major security issues with what happened’, said one such expert, who has extensive experience with the College network, to The University Times, ‘the first is that a College web server is compromised in some way that it allowed an unauthorised person to use it to send emails in the first place. The second is that a College web server, a computer that can be accessed by anyone on the internet, has permission to email the entire student body’.
On investigation, the same tech whiz confirmed that no ‘Trinity Cat’ account had been set up in the College’s mail system. ‘The person sending the email found a web page somewhere on one of the servers that allowed them to use the server to send the email. It could also have been more complicated, with the person responsible taking advantage of poor programming in the page to send the email’.
College authorities, however, can count themselves as lucky with regards the content of the mail and the spoof email address from which the mail was sent. Had the perpetrator had more sinister motives, s/he could have purported to be contacting the student body from any email address s/he wanted, such is the nature of the loophole exploited.
‘They could have made it look like it came from [email protected]’. Worse still, they could have sent an email to appear to have come from the Examinations Office about further fictional timetable changes’.
According to the IS Services website, the College takes a particularly hard line on the abuse of the mass mailing lists, particularly those which are used to contact the entire student body. Class representatives are permitted to mail their particular classes, but any student who wishes to use the ‘[email protected]’ or ‘[email protected]’ addresses requires the permission of the Senior Lecturer and the Dean of Graduate Studies to do so.
The website clearly states that ‘Abuse of these lists constitutes a breach of the College Code of Conduct relating to use of computing facilities’, meaning that the guilty party may face significant disciplinary action if identified by IS Services to the Junior Dean.
That in itself, however, may prove impossible. As our computer guru explained, the action appears to have been conducted from an off-campus computer, meaning that the College cannot directly identify the perpetrator unless they log into the College network from the same IP address.
‘The College should have the IP address, but not much else. This would allow them to know what Internet Service Provider (ISP) the person responsible is using, but they would need the cooperation of that ISP to identify the person’.
On Wednesday morning, The University Times made contact with IS Services and the College Communications Office about the security breach. Neither were able to provide us with any conclusive statement regarding the affair, with Communications citing a lack of available personnel in the IS Services department. This reporter was able, however, to make contact with Sara McAneney, IT Security Specialist in ISS, who claimed to not have heard from Communications regarding the affair.
Speaking to The University Times, Trinny’s minder-turned-spokesman John McLean denied any misbehaviour on the part of his feline friend, saying he had ‘no idea’ why the mail was sent, but suspected that it was part of an ‘obsession’ he sees among Junior Freshman students to cause mischief to Trinny.
Trinny himself was present at the meeting but declined to comment when asked about his role in the spamming. Mr. McLean, speaking on Trinny’s behalf, denied that the adorable 4-year old was responsible, claiming ‘he has no idea about any of it’.
For the most part, students have taken the email infiltration well, as evidenced by the response on social networking site Facebook. In the last 12 hours, 487 people have ‘liked’ ‘the epic moment when a cat hijacks a university email site’, and one of the many students who contacted the ‘trinity cat’ facebook page commented ‘[I am] highly pissed that the college is messing with our exam timetables again but getting an email from Trinity Cat about it made me happy’, with all comments left on the page of a similarly positive nature. Some students have even produced their own video and image tributes to Trinny.
Trinny is proving a comforting influence among students in the run-up to exam time, with students happy to dismiss the email security breach for its being conducted under the name of the extremely popular cat, who has been adopted as an unofficial College mascot in recent months.
Manus Halligan's Trinity Cat macro
