BlogDH investigates: Cybersecurity and your Brown email

Sitting in a political science lecture with Professor Wendy Schiller, one blogger learned that Brown had legal and functional access to our Brown email accounts. It wasn’t exactly surprising; what was more surprising was that, when he shared this information with a fellow blogger, neither of them had ever given this any thought.

So, they set off to talk to Dr. Ravi Pendse, Brown’s Chief Information Officer, to gain some clarity on Brown’s email privacy policy. Watch this interview for an an inside look into Brown’s cybersecurity:

After talking to Dr. Pendse, we went to David Sherry, Chief Information Security Officer, to find out what “30,000 daily attacks on the Brown server” really means.

Before gaining an understanding of the magnitude of the attacks, we first had to understand what phishing attacks are. Phishing comes in the form of spam emails aiming to extract private data and information from accounts on a server. More specifically, they might say your “email account is about to be deleted because your inbox is full. To reset the account, please enter your password here.” Some phishing scams purport themselves to be representing the IRS and even ask for your social security number.

Most phishing attacks are automated; a vast majority are “digital door rattling,” meaning people scanning looking for open ports to exploit. In other words, if they gain access to a Brown account and begin spamming other Brown accounts from this initial compromised account, they gain legitimacy, as one is more likely to open an email from another Brown address.

While some phishing emails aim to directly attack and redirect funds, like faculty’s HR benefits or student’s social security numbers in hopes of opening a credit card under their name and even stealing their identities, many times, exploiting Brown’s network is not the end goal.

Continue Reading