Professional Documents
Culture Documents
MfT Libraries
p
htt;p://libraries.mit.edu/scholaTly
Hi.
This is a heck of a way to start the new year. can you please give me a status report on
this situation, and keep me inthe loop as you investigate? We need to escalate the
seriousnessof our response. This looks like grand theft.
Thanks,
-
3
MIT-000153
From:
sent: Monda
To:
Cc:
Subject: FW: MIT Abuse Recurrence
Dear .
r am salTY to have to send this message during the holiday break, but I suppose
the people who are trying to use MIT to access restricted resources are trying to
exploit that opportunity. Once again, we are seeing extreme unauthorized activity
from MIT. We really need to find out who is doing this; it is malicious and
intentional and as best we can tell is coming from inside of MIT.
Thanks,
-
26,201011:31 PM
To:
Cc:
Subject: MIT AbuseRecurrence
Good Evening,
I sent the email below a short time ago to inform MIT that the excessive activity
returned this afternoon around 12:30 PM. the activity around 9:00
PM when checking on MOe for something else. The activity did not hit our
download thresholds and does not appear to have affected other user's experience.
_ is reporting that we sent them 152,824 PDF
speculates about the amount of content, just pure volume, to
imagine what is going on. 87 GBs ofPDFs this time, that' s no small feat, requires
organization. The script itself isn't very smart, but the activity is organized and on
purpose.
4
MIT-000154
Attempts to identify the user revealed that the computer and networ k were up to
date with patches and didn't have known side doors to hack. does belie ve
that he could trace the IP back to a specific building, which you wi ll see included
in my email to MIT.
I intend to call _rst thing in the morn ing. Not sure if all of their staff are off
thi s week or not , but I want to reach out directly and tr y and work wi th them to
accomplish the most immediate concern, Ident ifying the usens) responsi ble.
Finall y, we do have the proposed login requ ired solution ready, but we had no
window to test on both ends aft er the 12.18 release and had planned to implement
it with them in mid-January, once success ful testing could be accomplished. And,
for clarity, this solut ion continues to be a st ressed as a separate workfl ow from
identi fy the user(s) responsible and secure the content garner ed.
Best ,
-
2010 11:02 PM
Good Eveni ng,
We have identi fied activity this evening around 9:00 pm that resembl es the abuse
of the JSTOR archive previously report ed on 9125-9126 and 10/9 of this year.
The act ivity is origi nat ing from 18.55.6.240, and we beli eve that it may be from
the Dorrance Buil ding on the MIT campus. We will be suspending the Class C
5
MIT-000155
range 18.55.6.* and monitoring closely for 'additional activity, suspending access
as necessary.
We are requesting that every effort be made to identify the individuals responsible
and to ensure that the content taken in this incident and those previously
mentioned is secured and deleted. A detailed report of the activi ty and the content
acquired will follow.
JSTOR I Portico
6
MIT-000156