Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

How Much Did Bellogate Cost?

October 27, 2014 No Comments

Featured article by Nick Scholz, Global Product Marketing Manager, Novell Collaboration

Nick-Scholz_avatar_1401407755-60x60

By now you’ve probably heard of Bellogate, in which a hacker or imposter sent a University College London (UCL) campus-wide email from what appeared to be the university president’s account. Nearly 29,000 students received an email containing the word “bello.” Then, whether because of the hack or poor email configuration, students were able to reply to the entire list—and they did. Soon each student had thousands of reply-all messages, as well as hundreds of unwanted subscriptions to everything from the Sarah Palin website to One Direction’s fan club.

Anyone who runs an IT department has to be wondering what happened—and how much the cleanup will cost. Breaches are always big news; can an email disaster cause the same kind of mess? There’s no telling exactly how much Bellogate cost the University College of London, unless the university itself decides to release numbers. Since that isn’t likely, though, maybe we can determine what kind of costs UCL incurred with the help of Salary.com and a few educated guesses.

Cost to IT

According to one source, hackers struck overnight, while UCL IT was most vulnerable. Since UCL’s Information Services Division (ISD) Service Desk is open from 9:30 am to 5:00 pm, and IT issues occurring outside of these hours are served by an automated system, Bellogate had plenty of time to spiral out of control before the IT department was on the case. The mess seemed to take a couple days to deal with. Two days of an IT Director’s time costs approximately $1,377, while a Mail Server Administrator costs around $661 for the same. Judging by the size of the school, up to fifteen IT system support personnel might have been involved, at $7,250 for the two days. Of course these are US dollar amounts, not pounds, and we don’t actually know how much UCL staff make, but now we’ve got a start.

Cost to the Students

If it took the 29,000 students one hour each to delete 3,000 emails, and their time costs $15.84 an hour, then Bellogate costs students $459,360.00. (I figured $15.84/hour by estimating each credit hour is worth $253.50 (source), and each credit hour represents one hour in class per week over the course of the semester, then $253.50/16 weeks = $15.84/hour.)

The Register quotes UCL’s IT director saying the IT department was working on a tool to help students. It’s unclear if the department delivered this tool in time and how much it helped. Many students will have spent time deleting emails and removing themselves from email lists anyway.

While we can estimate some of the students’ costs based on the time they spent deleting emails, many of the costs are intangible—including the worries about data security and lost confidence in their university.

Some students were understandably concerned about their privacy and worried about a breach of data security, bringing into question UCL’s security policies. Other students were frustrated with the huge amount of incoming email, triggering some to reply demanding to be removed from the list, which only created more unwanted emails for everyone else. Although some students found humor in the incident, there is no doubt that the thousands of emails caused an inconvenience (and, according to some, likely indicate a major security weakness in UCL’s email server). Many students were upset to be involuntarily signed up for inappropriate or offensive websites, newsletters and groups.

Cost to the University

This loss of confidence in the university is perhaps UCL’s biggest cost. It’s not hard to imagine protective or paranoid parents discouraging future applications to UCL, which could lead to big budgetary problems for the university. That’s why the estimated total you’re about to read is just a surface level view. Costs likely go much deeper.

As for those actual dollars, we can estimate the price of the university president’s time to be $528 (half a day at $1,057/day), bringing the total man-hours cost to staff and students to $469,176.00.

As I mentioned, the end cost is probably much higher. I’m guessing the president spent half a day in direct trouble-shooting, but what about the time he and the university’s other leadership spent in meetings, answering angry parent and student questions, talking to press and so on?

The estimate I came up with here is based solely on the tangible costs to which I could assign a dollar amount, and doesn’t take into account the cost UCL will pay based on the loss of credibility, loss in confidence from the students and the negative PR.

We’ll likely never know how much Bellogate actually cost UCL, but surely more than the price of a decent server-side spam solution. The university appeared to be using a combination of the open source SquirrelMail and the Outlook web app of Office 365. This strange cobbling together of systems could have been part of the problem. Though the university’s initial email software costs were probably quite low with this strategy, the university may be paying for it now. As usual, investing in appropriate technology and the expertise to manage is likely less expensive than cleaning up a mess.

What do you think? Is Bellogate better or worse than I’m describing it here? How would you estimate the cost to the university?

Leave a Reply

(required)

(required)


ADVERTISEMENT

DTX ExCeL London

WomeninTech