Marketplace returns after spamming with references to terrorist attacks

The site was offline for almost a month following 157 spam listings by an anonymous user.

By Anne Nazzaro

After nearly a month offline, Student Government’s Marketplace website returned on January 6 at 12 p.m. The site was taken offline on December 8 after an anonymous user spammed Marketplace with listings that referenced various terrorist attacks.

According to an update post on the Marketplace website by fourth-year Jeremy Archer, Student Government’s Director of Technology, the 157 listings were entirely in Arabic. When translated, the titles of the posts were revealed to be references to various terrorist attacks, while the body of the posts consisted of excerpts from the Qur’an.

“When the incident on Marketplace was first reported to IT services, they immediately worked with Student Government (SG) and Campus and Student Life (CSL) to address and rectify the problem, which was resolved fairly quickly,” said University spokesperson Marielle Sainvilus in a statement from the News Office. “UCPD also worked with SG, IT Services, and law enforcement officials to address the incident, and determined that the messages did not raise a threat.”

According to Archer’s post, the Chicago branch of the FBI also helped investigate the listings.

Archer, when asked, had no information to share about the nature of the attacker. The UCPD’s investigation has since been closed.

However, the spam attack has prompted SG to improve security on Marketplace.

Previously, all that was required to create a listing was a email address. Now, the main way to create a listing is to sign in with a CNetID, and using a email is a secondary option. According to Archer, any listings that are “deemed suspicious” by certain security criteria, and all listings posted without a CNetID go into a moderation queue. A moderation team reviews these listings before they are posted to the site.

SG has also removed the bug, which had worked through a system of auto-approving posts that the anonymous user had exploited to make the listings in the first place.

Marketplace had also been unavailable from October 26 to November 13, after the site’s server failed. The site had been relaunched after the hiatus on a different server with a new design.

“Obviously this is something that people are very passionate about, and it’s very frustrating when it’s gone,” Archer said. “A lot of people have been very patient.”

According to University spokesperson Marielle Sainvilus, IT Services continues to work with SG to improve security on the website, and SG plans to release a survey soon for users to give feedback on Marketplace.

Overall, Archer is hopeful for the future of the website and committed to improving it. “We’re going to try to tweak our policy as we go,” he said. “The last time [we redesigned Marketplace], it took a year and a half to develop the site, so it may take just as long to get us there.”