Last semester, Student Assembly Sen. Brittany Fallon ’11 walked into the SA house on Jamestown Road and found three of her e-mails sitting in the printer, reformatted and on pink paper.
Because the e-mails were old — and because others may have had legitimate access to them — Fallon did not think much of the incident, although it did prompt her to change her e-mail passwords.
Shortly after, Fallon found that her webmail account had been locked after someone repeatedly tried to log in with an incorrect password.
Other SA senators said they believe their e-mail accounts have been compromised as well.
Sen. Matt Beato ’09 believes that former Sen. Matt Pinsker ’09 acquired his e-mail password using the keystroke logging software that Pinsker had installed on his own computer. Beato had previously logged into his e-mail account on Pinsker’s computer, meaning that Beato’s password would have been recorded on the computer by the keystroke logger.
A keystroke logger is able to run as a hidden program. It can then memorize keystrokes entered.
Beato said the incident is most likely isolated to those who logged onto their e-mail accounts on Pinsker’s computer — something Fallon and others who believe their accounts have been compromised have never done.
“I’d prefer not to comment on what’s nothing more than gossip and speculation,” Pinsker said. “Everyone knew in advance that I had the keylogging software installed, and I told them they should change their passwords. I used the software to back up my work.”
SA Vice President-elect Ryan Ruzic J.D. ’11, who currently serves as senator for the William and Mary law school, proposed a bill March 15 to impeach Pinsker on the grounds that Pinsker obtained another senator’s e-mail password and accessed that senator’s account.
The bill alleged that Pinsker logged into the private account to obtain a confidential list of students who planned to run in the March SA election, then passed it on to The Flat Hat as an anonymous source.
Pinsker has since admitted to SA members that he was The Flat Hat’s source.
He resigned his position before Ruzic could introduce the impeachment bill.
Pinsker cited kidney failure, a serious medical condition from which he suffers, as his reason for resigning.
That incident and other unrelated incidents prompted Beato to e-mail select SA members, asking whether they feel as though their e-mail accounts have ever been compromised. Three responded — Fallon, Sen. Ben Brown ’11 and President-elect Sarah Rojas ’10.
“People who were rumored to be running for SA president were being targeted,” Beato said, adding that Sen. Walter McClean ’09 checked the SA house computers for keylogging hardware and software. McClean opened up all the keyboards and looked through the computers’ files but did not find anything suspicious.
Brown said he found an e-mail that he had received last semester printed in the SA house, reformatted and on pink paper, just like Fallon’s e-mail.
The e-mail “wasn’t incriminating or anything,” Brown said, adding that it concerned the Automatic External Defibrillator act passed by the senate last fall. Steve Singleton, a safety engineer at the College who had sent the e-mail to Brown, said that he never printed it.
Rojas, who is currently finishing her term as a senator, also suspected that her e-mail was hacked. A few weeks before campaigning began for the March SA elections, her Gmail account was apparently accessed from an unknown IP address.
Several personal documents were moved around on the computer the same day.
Rojas changed her Gmail password, and nothing further came of the incident.
Chris Ward, Information Technology’s director of systems and support, said students often forget to log out of their e-mail accounts when they’re using public computers.
“Obviously someone could then walk up and see all their stuff,” Ward said.
He recommended that students who feel their accounts have been compromised contact Campus Police.
“If someone is using someone else’s account, it’s illegal,” he said.