[ISN] Pentagon thwarts spoofed e-mail

From: InfoSec News (isnat_private)
Date: Wed Feb 19 2003 - 00:06:05 PST

Next message: InfoSec News: "[ISN] Even Security Firms at Risk for Break-Ins"

Previous message: InfoSec News: "[ISN] REVIEW: "Security+ Study Guide and DVD Training System", Michael Cross et al"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.fcw.com/fcw/articles/2003/0217/web-dtic-02-18-03.asp

By Matthew French 
Feb. 18, 2003

The Pentagon said today that an attempt to send a virus through its
systems last week was thwarted before damage could be caused.

On the morning of Feb. 14, someone "spoofed" the Defense Technology
Information Center (DTIC) header, camouflaging the sender's real
address to make recipients think the message had come from the Defense
Department. The message had a virus attached and was sent through
Pentagon computers to two mailing lists.

"Our computers caught the virus and stripped it out," said Terry
Davis, manager of the Public Web Program in the Office of the
Secretary of Defense. "So what went out was the original text message
that was sent in the e-mail, but the virus and the attachment were
both stripped."

Davis said he and a few co-workers then went into the system to put
safeguards in place to prevent someone else from spoofing a DTIC
header. They tested their work off line to ensure its stability before
bringing the system back online. When they did that, however, an
unforeseen side effect became apparent.

"We didn't realize that the effect of the settings we had changed
would leave the subscription list open, giving anyone the ability to
post messages to the entire list," Davis said. "And we definitely
underestimated how much people like to talk."

In a short time span, dozens of messages were flying around as people
inadvertently clicked the "reply all" button to warn of the e-mail
problem and sent messages to the entire list, which contains many
thousands of people.

"What we want people to know is the system was not hacked, the system
was not taken over, and a virus was not sent out," he said. "The only
problem that really occurred is the people who replied to the entire
list exposed themselves to thousands of other people."

Davis said both problems have been corrected and he personally sent a
message of apology to every person on the list.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Even Security Firms at Risk for Break-Ins"
Previous message: InfoSec News: "[ISN] REVIEW: "Security+ Study Guide and DVD Training System", Michael Cross et al"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 02:33:38 PST