[ISN] Pentagon thwarts spoofed e-mail

From: InfoSec News (isnat_private)
Date: Wed Feb 19 2003 - 00:06:05 PST

  • Next message: InfoSec News: "[ISN] Even Security Firms at Risk for Break-Ins"

    By Matthew French 
    Feb. 18, 2003
    The Pentagon said today that an attempt to send a virus through its
    systems last week was thwarted before damage could be caused.
    On the morning of Feb. 14, someone "spoofed" the Defense Technology
    Information Center (DTIC) header, camouflaging the sender's real
    address to make recipients think the message had come from the Defense
    Department. The message had a virus attached and was sent through
    Pentagon computers to two mailing lists.
    "Our computers caught the virus and stripped it out," said Terry
    Davis, manager of the Public Web Program in the Office of the
    Secretary of Defense. "So what went out was the original text message
    that was sent in the e-mail, but the virus and the attachment were
    both stripped."
    Davis said he and a few co-workers then went into the system to put
    safeguards in place to prevent someone else from spoofing a DTIC
    header. They tested their work off line to ensure its stability before
    bringing the system back online. When they did that, however, an
    unforeseen side effect became apparent.
    "We didn't realize that the effect of the settings we had changed
    would leave the subscription list open, giving anyone the ability to
    post messages to the entire list," Davis said. "And we definitely
    underestimated how much people like to talk."
    In a short time span, dozens of messages were flying around as people
    inadvertently clicked the "reply all" button to warn of the e-mail
    problem and sent messages to the entire list, which contains many
    thousands of people.
    "What we want people to know is the system was not hacked, the system
    was not taken over, and a virus was not sent out," he said. "The only
    problem that really occurred is the people who replied to the entire
    list exposed themselves to thousands of other people."
    Davis said both problems have been corrected and he personally sent a
    message of apology to every person on the list.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 02:33:38 PST