UMSU election candidate impersonated in email account

On the afternoon of Wednesday, March 2, Jason van Rooy, the chief returning officer (CRO) for the 2011 UMSU election, posted an irregular ruling on the wall outside of his office.

The complaint was made by the CRO’s office, and was against “party or parties yet to be determined.”

The facts of the complaint state that an email containing campaign materials, designed to impersonate a candidate, was sent to five members of an opposing slate before campaigning officially began on Monday, Feb. 28.

Originally, the five members of the slate who received the email complained to the CRO. However, after his investigation van Rooy concluded that the email was fraudulent and was likely designed to create “an environment or culture of mistrust between the candidates.” Upon learning the facts, the people who initiated the complaint withdrew it.

Van Rooy is now working with computer security experts on campus and has contacted Google in an attempt to try and determine the identity of the person(s) behind the fraudulent email.

In absentia, the party or parties involved in sending the email have been disqualified from the election, assuming they are candidates or volunteers from another slate, although van Rooy has not discounted the possibility that the sender of the email might not have been involved in the election and says that he’s “open to the possibility that it was general mischief.”

If it was indeed someone from outside of the election, van Rooy says that the CRO’s office cannot do anything to punish the individual, but that he expects the person who was impersonated would choose to pursue legal action.

The CRO’s office chose to not disclose the names the parties involved in the complaint, as, in van Rooy’s opinion, naming the people involved could hurt the chances of everyone.

“If something like this gets out, people won’t care what the ruling is, because they will perceive it how they want to perceive it. [ . . . ] Perception is more important than any penalty that I can hand out.”

Van Rooy worries that something like this happening so early in the course of an election might set the tone for the rest of the election, creating a culture of suspicion among the candidates.

“Right now each candidate is trying to figure out which of the other candidates is responsible for sending the email. And no one will know, unless it’s determined by finding the source of the email.”

David Treble, the University of Manitoba’s Internet security coordinator, said that while he cannot comment on the specifics of this case, it might be difficult to track down an individual sending fraudulent emails, because while you can obtain an Internet protocol (IP) address from an email, that just tells you which computer the message was sent from and doesn’t necessarily implicate an individual.
“There really isn’t much you can do,” Treble said.
“You can go on to Gmail or Hotmail and make an email address with any username that you want. There is nothing to stop you from creating an email called “David Treble” and sending an email that looks like it came from me”

As part of this story, the Manitoban went to Gmail.com, Hotmail.com and Yahoo.com to see what, if any, security steps were put in place to prevent people from creating a fraudulent email address. Of the three, only Gmail required any form of outside verification.