Jason Lin worked for the Office of Academic Computing (OAC) on his student work-study award. He had worked his way up from the help desk to a student system administrator position over the several years of his employment. He was reading his email one Friday morning when he saw a message appear in the in-box with the subject header: Fuck You Asian Shit.
Irritated at this intrusion, he opened the mail and read the message from "Mother Fucker (Hates Asians)" <firstname.lastname@example.org>. Its contents disturbed him, and so he looked at the headers to determine who had sent the mail and where they sent it from.
The "From" header had obviously been forged. This was easy to do in a variety of email programs and doing so was no mark of sophistication in an email sender. But other headers had not been altered. These were the ones that track the machines through which a message goes. He was able to see that the mail had been initially:
Received: from 220.127.116.11 (labmac3.acs.uci.edu [18.104.22.168]) by taurus.oac.uci.edu (8.7.6/8.7.1) with SMTP id KAA17113; Fri, 20 Sep 1996 10:54:31 -0700 (PDT)
which meant that the machine labmac3.acs.uci.edu was where the message originated from. This was just down the hall. So, he went to check if that machine was being used. There was no one there.
About twenty minutes later, he received the same message again. As he was reading it, Elizabeth Doan walked up to him and asked if he knew about the hate mail that was going around. She had received it too. This time, one of the email headers read:
Received: from 22.214.171.124 (pmac13.acs.uci.edu [126.96.36.199]) by taurus.oac.edu (8.7.6/8.7.1) with SMTP id LAA19557; Fri 20 Sep 1996 11:14:06 -0700 (PDT)
So Susan and he walked down to the lab containing the machine pmac13 (a different lab) and looked through the glass door of the lab to see a Hispanic male in a white t-shirt, light pants, sneakers, and a baseball cap sitting at that machine. The person was reading mail on a web browser.
James did not have an identity for the person sending either piece of email, since the From: headers had been forged. He and Susan then told his supervisor Dana Rood, the Associate Director of the OAC, that they had found someone who was sending inappropriate email in one of the labs in the building. John called in a colleague and together they asked Machado to leave the computer lab. They then locked his account.
Now the question was: where to go from here? Was the incident over or should more be done?