Scribd Logo
Upload

Welcome to Scribd!

  • MIT Alarmed by New Round of Downloading

    Uploaded by

    LeakSourceInfo
    1K views6 pages
    http://leaksource.info/2014/03/30/aaron-swartz-mit-jstor-the-inside-story/ https://twitter.com/LeakSourceInfo

    Original Title

    MIT alarmed by new round of downloading

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    http://leaksource.info/2014/03/30/aaron-swartz-mit-jstor-the-inside-story/ https://twitter.com/LeakSourceInfo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1K views6 pages

    MIT Alarmed by New Round of Downloading

    Uploaded by

    LeakSourceInfo
    http://leaksource.info/2014/03/30/aaron-swartz-mit-jstor-the-inside-story/ https://twitter.com/LeakSourceInfo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    iiiliii04' 2011 S,09AM

    Re: MIT Abuse Recurrence


    From:
    Sent:
    To:
    Cc:
    Subject:
    ---------------
    Hey
    I found it. Its a laptop hidden under a box in the network closet. What would you like to do?
    -
    On Jan 4,2011, at 2:49 AM, tVmit.edu> wrote:
    This is the same guy who, 2 months ago, started the
    libraries & JSTOR wondering if there should be access
    controls on MIT's journal access... had indicated
    tolllllback then finding the location of this guy -- his
    ~ include changing his mac a lot, not using dhcp,
    fake registration info and downloading entire online
    journals:
    b24-rtr-3>sh arp Iinc 18.55.6.240
    Internet 18.55.6.240 876 004c.e5aO.c756 ARPA Vlan55
    b24-rtr-3>sh arp I inc c756
    Internet 10.124.7.24427 0004.t217.c756 ARPA Vlan 1124
    Internet 18.55.7.240 0 004c.e5aO.c756 ARPA Vlan55
    Internet 18.55.6.240876 004e.e5aO.e756 ARPA Vlan55
    b24-rtr-3>sh int trunk I me 55
    Gi8/1655,1055,2055
    b24-rtr-3>sh cdp neigh gig8/16
    in J 6-004t-sVv-entry.mit.cdll
    Gig 8/16 177 R S I WS-C4006 Gig 1/1
    and that's as far as I can gO..
    rest of the way would be super.
    any help getting the
    thanks!
    On Jan 4, 2011, at 1:34AM,_wrote:
    Hey guys, happy new year can you let me know how we're progressing on this issue and ifthere
    is anything I can do to assist?
    ---
    Begin forwarded message:
    MIT-000151
    From: mit.edu>
    Date: January 3,2011 9:46:48 PM EST
    To: mit.edu>
    Subject: Fwd: MIT Abuse Recurrence
    Happy New Year. Let me know where we are with this. Thanks.
    Sent from my iPhone
    Begin forwarded message:

    I was in touch JSTOR about this earlier


    his email about the use, and at that time asked_in
    IS&T to investigate whether we can identify anyone associated with the IP
    address reported, so that we can follow up. (The tool I use to connect an
    individual user to an IP address had no information for the particular IP.)
    We are in the process of moving JSTOR to our econtrol system. which as you
    know offers a more secure authorization process, but we have been waiting to
    implement that until JSTOR finished work on a special landing page on their site
    to redirect MIT users who attempt to access JSTOR directly without using our
    getURL or going through Vera. JSTOR offered to do this to reduce barriers to
    access for legitimate MIT users. However, it's taken much longer than they
    anticipated to finalize this special landing page for MIT. Earlier today"and I
    agreed that it would make more sense to move to econtrol now rather than
    continue to wait for the landing page. Without more information on our end
    about this incident it is not clear whether econtrol would have prohibited this
    misuse, but that is one of the things we will try to evaluate right away once I have
    details from IS&T.
    _and I are finalizing the messages that need to go out to our staff and users
    move to econtrol (those messages need to be rewritten now that there
    won't be a special landing page). The switchover to ccontrol can happen next
    week as soon as is back from furlough (we'd need this week to get
    the communications out anyway, most likely.)
    2
    MIT-000152
    Meanwhile, 1''11 keep yo.u posted along the way as I about this latest
    case of excessive use. (I sent an update to_and_arlier today but I'm
    sorry I forgot to copy you on that.) I have back

    MfT Libraries
    p
    htt;p://libraries.mit.edu/scholaTly
    Hi.
    This is a heck of a way to start the new year. can you please give me a status report on
    this situation, and keep me inthe loop as you investigate? We need to escalate the
    seriousnessof our response. This looks like grand theft.
    Thanks,
    -
    3
    MIT-000153
    From:
    sent: Monda
    To:
    Cc:
    Subject: FW: MIT Abuse Recurrence
    Dear .
    r am salTY to have to send this message during the holiday break, but I suppose
    the people who are trying to use MIT to access restricted resources are trying to
    exploit that opportunity. Once again, we are seeing extreme unauthorized activity
    from MIT. We really need to find out who is doing this; it is malicious and
    intentional and as best we can tell is coming from inside of MIT.
    Thanks,
    -
    26,201011:31 PM
    To:
    Cc:
    Subject: MIT AbuseRecurrence
    Good Evening,
    I sent the email below a short time ago to inform MIT that the excessive activity
    returned this afternoon around 12:30 PM. the activity around 9:00
    PM when checking on MOe for something else. The activity did not hit our
    download thresholds and does not appear to have affected other user's experience.
    _ is reporting that we sent them 152,824 PDF
    speculates about the amount of content, just pure volume, to
    imagine what is going on. 87 GBs ofPDFs this time, that' s no small feat, requires
    organization. The script itself isn't very smart, but the activity is organized and on
    purpose.
    4
    MIT-000154
    Attempts to identify the user revealed that the computer and networ k were up to
    date with patches and didn't have known side doors to hack. does belie ve
    that he could trace the IP back to a specific building, which you wi ll see included
    in my email to MIT.
    I intend to call _rst thing in the morn ing. Not sure if all of their staff are off
    thi s week or not , but I want to reach out directly and tr y and work wi th them to
    accomplish the most immediate concern, Ident ifying the usens) responsi ble.
    Finall y, we do have the proposed login requ ired solution ready, but we had no
    window to test on both ends aft er the 12.18 release and had planned to implement
    it with them in mid-January, once success ful testing could be accomplished. And,
    for clarity, this solut ion continues to be a st ressed as a separate workfl ow from
    identi fy the user(s) responsible and secure the content garner ed.
    Best ,
    -
    2010 11:02 PM
    Good Eveni ng,
    We have identi fied activity this evening around 9:00 pm that resembl es the abuse
    of the JSTOR archive previously report ed on 9125-9126 and 10/9 of this year.
    The act ivity is origi nat ing from 18.55.6.240, and we beli eve that it may be from
    the Dorrance Buil ding on the MIT campus. We will be suspending the Class C
    5
    MIT-000155
    range 18.55.6.* and monitoring closely for 'additional activity, suspending access
    as necessary.
    We are requesting that every effort be made to identify the individuals responsible
    and to ensure that the content taken in this incident and those previously
    mentioned is secured and deleted. A detailed report of the activi ty and the content
    acquired will follow.
    JSTOR I Portico
    6
    MIT-000156

    You might also like