Updated Aug. 2, 2018 at 2:04 p.m.
An investigation into a white supremacist email received by thousands of members of the Vanderbilt community revealed that the email was sent in an external cyber attack. The message was connected to 57 different IP addresses located in 17 countries and used anonymizing software to further conceal the perpetrator’s identity. VUIT is continuing to pursue the issue and is working with local law enforcement to study and block further attacks.
On the evening of July 30 and early the next morning, thousands of Vanderbilt students, faculty and staff, as well as individuals not associated with the university, received an email that contained racist language and was made to look like official Vanderbilt communication. Students quickly began contacting administrators such as Dean of Students Mark Bandas, asking if the email had come from within the university, whether it had been targeting particular student organizations and what the university’s plan to address the email and its contents would be.
A few hours after the Dean’s office had been notified about the emails, early in the morning of July 31, Bandas sent a message to the Vanderbilt community, stating that the content of the email violated Vanderbilt’s commitment to inclusivity and letting students know that VUIT was working on finding more information. Bandas said that while he received many messages from students wanting to know what was going on in the hours after the cyber attack, he had to wait until he knew more about the nature of the emails before communicating with the Vanderbilt community.
“One of the difficulties here is that I would love to have sent out an email at 9:30, but I didn’t have any information to send at that time, and the information that I did send was really carefully structured to try to indicate support for students, but also not to give them bad information,” Bandas said. “We just didn’t have a lot of good information and I know students wanted more, but these things take time to investigate.”
The links contained within the email did not contain a virus, though students are still cautioned against clicking any unknown links. Bandas said that in the future, he would like to provide more cyber security programming to help students navigate potentially harmful emails.
“The goal is, as an institution, to make sure that we protect the members of our community, that this becomes a safe place.”
An early concern among students was that the email had been sent specifically to Black students and largely Black student organizations. As more students reported receiving the email, it appeared the message had been sent to a wider range of students, faculty and staff. According to Bandas, the VUIT investigation so far indicates that recipients of the email were not specifically targeted, but rather were largely those with publicly accessible email addresses. Half of the recipients were unaffiliated with the university.
“When we looked at the sequencing of the emails, we could not discern a pattern. I have some sense that many of the email addresses were publicly available, and so somebody could’ve copied those email addresses and used them,” Bandas said. “For example, a number of my offices have a staff page that lists the emails–the emails were sequenced in just the way you would read them if you went down the website.”
During the initial hours following the cyber attack, many Black students voiced their concerns about the way the university would handle the incident, calling for administrators to address not only the racist cyber attack itself, but the ways in which racism is dealt with on campus as a whole.
“We’re in a very difficult time, and many of us, and particularly our Black students and staff and faculty perceived [the email] as an attack,” Melissa Thomas-Hunt, Vice Provost for Inclusive Excellence, said. “And for them, Vanderbilt is home, and to think that now, particularly as we’re getting ready to return, that at home we would be susceptible to this was really disconcerting and painful.”
The university plans to meet with student groups, including the Multicultural Leadership Council, Vanderbilt Student Government and the Coalition of Black Student Leaders, to talk through the attack and to hear ideas from students about what the administration can do to ensure everyone feels more secure on campus.
“This is an occasion for students to express their concerns and their feelings about many broader issues that are happening in the country right now,” Bandas said. “The current environment is very challenging for African Americans; there have been ugly incidents and demonstrations and protests all summer long and this, in some sense, this kind of inflammatory and ugly email communication that students received, I think upset many students. They want to have a sense that they are not only welcome at Vanderbilt but safe here, and want to know what measures we’re going to take to protect them from further incidents like this.”
While VUIT is continuing to investigate the source of the email and block any further attacks, Bandas and Thomas-Hunt said their focus is ensuring they can prevent incidents like this from affecting students in the future.
“One of the things that I hope that students take away is that it’s unacceptable for anyone in our community to be subjected to they type of language that was in the email, particularly members of communities that are more likely to be emotionally affected,” Thomas-Hunt said. “The goal is, as an institution, to make sure that we protect the members of our community, that this becomes a safe place, where they’re psychologically and physically safe and that this doesn’t happen.”
Correction: Aug. 2, 2018
An earlier version of this article stated that the email invited students to join a white supremacist listserv. No such listserv exists, rather, the email coopted existing university listservs to distribute it’s message.