Georgetown DPS officers arrested the entire staff of the University Information Services yesterday after it was discovered that the department was in fact a front for a major phishing scam. University administrators estimate that in the last three months, UIS gained access to the personal information of over 3,000 students through a carefully-organized campaign of phishing emails. Financial losses to the Georgetown community are already found to be in excess of $100 million.
Beginning in September, UIS began sending email notices regarding phishing attacks on Georgetown students. Students who believed themselves to have fallen victim to such a scam were to immediately contact UIS before their online accounts could be further compromised. Unbeknownst to those who did, UIS used the pretext of resolving the problem to collect students’ NetIDs, passwords, SSNs, and even GUASFCU account information. The cycle soon became self-compounding: as more students fell victim to UIS phishing scams, more were inclined to let the department inspect their accounts when the next round of emails were sent.
UIS took its phishing scam a step further with the publication of its “Email Verification” link last month. Each subsequent UIS email encouraged students to click the “Email Verification” link on the UIS website, ostensibly as a means of ensuring the email was an authentic UIS communication. In fact, clicking on the link downloaded a virus to students’ computers that surreptitiously extracted private information for UIS.
Though the most devious tactic to date, the “Email Verification” link also spelled the downfall of the UIS phishing empire by tipping off the Georgetown DPS. “We were already searching in earnest for the source of such well-organized and malicious phishing attacks, but no one had ever thought to look at UIS,” said DPS Sergeant Joe Dickerson. “When they first published the link, no one gave it a second thought, but upon further reflection, something didn’t check out. I was walking past a lecture hall where the computer was running Windows 2003 and remember thinking, ‘Wait a second; this is Georgetown. No way our technology is that advanced!’ It was at that point that we realized UIS could not possibly have designed such a link working only with what the school gives it. There had to be cash flow coming in from somewhere else.”
Aware that something was amiss, DPS began a systematic monitoring of UIS, hoping to catch the phishers in the act. Their opportunity came a week later when, perhaps excessively buoyed by the success of the “Email Verification” link, UIS overplayed its hand by sending increasingly far-fetched emails. One such email allegedly came from Georgetown basketball great Patrick Ewing. “Ewing” claimed to have become stranded while on a goodwill tour of Nigeria after having his passport and all of his money stolen. Appealing to the recipient as a concerned fellow Hoya, “Ewing” requested that he or she wire him $100 to help him out of the jam. Immediately recognizing this email as a phishing scam, DPS officers raided the UIS office and arrested its employees.
Records collected from the UIS office revealed that the phishing scam runs far deeper than was once thought and that UIS was connected with many of the world’s most notorious organizations. Over $1 million in Flex Dollars had been wired to the Zetas cartel in Mexico while other communications linked the department to the self-alleged “hacktivist” group, Anonymous. Several of Madeleine Albright’s emails may also have been provided to a People’s Liberation Army hacker cell in Luoyang, China.
Further investigation revealed that UIS not only stole personal information, but was also behind a number of cyber attacks that have plagued the Georgetown community in recent months. The Kingslayer virus—so named because it removes the king of spades from a computer’s solitaire deck—originated from the UIS office, as did Menopause, a virus that rendered it impossible for students trying to reach an essay page limit to increase the font size of their periods. UIS employees also compromised the Georgetown Campus Ministry website, where they embedded links to pornographic websites.
The raid on UIS also answered the question of who hacked the Twitter feed of Georgetown mascot, Jack the Bulldog, last month. A number of crass and inflammatory posts appeared in the account, drawing the ire of many, such as, “Damn, gurl’s got gams! let Jackie see them legs #Humpday.” In an official statement, the Jack Crew, the bulldog’s official handlers, announced, “Thanks to the diligent work of the officers at DPS, we now know that it was members of the University Information Services that hacked the official Jack the Bulldog Twitter account and tarnished the reputation of our beloved mascot with their slanderous and disgusting statements. Mr. the Bulldog intends to prosecute those involved to the fullest extent of the law.”
The University Dining Services expressed their hope that UIS had been responsible for the large quantity of complaint emails they receive regarding food quality. At press time, no such evidence has been uncovered and it seems the complaints are in fact genuine.
University administrators have come under fire for having overlooked the UIS hacker ring for so long. Addressing an angry crowd of students and faculty, President Jack DeGioia professed solidarity with victims of the phishing scams and pledged measures to prevent the repeat of such an occurrence. “I want to reassure the Georgetown community that the university is taking all measures to upgrade our cyber security to protect our students and faculty from another attack. Allegations that the administration has been lax in this regard are unfounded. I, too, personally fell victim to UIS, as we now know that it was they who wrote the program that for the past months has been replacing the word ‘DeGioia’ with ‘meathead’ in all university communications. Clearly, I have suffered just as much as the rest of you.”
As administrators continue to assess the damage done by the UIS scandal, many students now face the monumental task of rebuilding online profiles, credit scores, Spotify playlists, and ultimately, their lives. The university has promised to create a reorganized UIS to assist students with this process and guard against any future phishing emails. Nevertheless, to avoid such devastating consequences in the future, students are reminded that as a rule of thumb, it is safest just to ignore whatever emails the university sends to them.