Business & Finance
05:05 PM
Connect Directly

DHS Spews Forth Spam In IT Snafu

A 'reply all' error in a Department of Homeland Security anti-terrorism bulletin had security professionals flooding in-boxes with jokes and personal information.

The Department of Homeland Security (DHS) said the glitch that turned an e-mail list into an out-of-control social networking experience Wednesday has been fixed.

The New York Times reported Thursday that a North Carolina businessman was responding to a daily anti-terrorism bulletin Wednesday when he accidentally set off a confluence of events that the newspaper said eventually flooded government, corporate, and personal e-mail boxes with 2.2 million messages.

The DHS, which sends out the bulletin, had misconfigured it so the businessman's reply message was swept out to the 7,500 security professionals and organizations on the list, according to Laura Keehner, a spokeswoman for the agency. Once others on the list saw what was happening, a virtual free-for-all started, with people like Army sergeants and business executives jumping into the fray to take advantage of the instant link-up.

"The issue is that the reply generated messages to the 7,500 addresses on the server list, which was followed by the spam," said Keehner in an interview with InformationWeek. "It was bad judgment for people to keep replying. It was a mix of federal, state, local, and industry leaders."

Keehner said they sent out an e-mail message asking people to stop e-mailing each other immediately. The New York Times reported that Department of Defense did the same thing. The requests met a lot of deaf ears, but the DHS notified the contractor who is in charge of the e-mail list and had it shut down.

But Wednesday night or Thursday morning, a new list was generated and this time all the addresses were bcc'ed, or hidden, according to Keehner.

"I don't know why it wasn't that way in the first place," she added. "It was just human error. I don't know. It has since been changed... No government secrets were leaked. No personal information was given out."

She did concede, however, that the e-mail addresses were disclosed for all of the people, who are mainly security professionals, on that list.

Marcus Sachs, director of the SANS Internet Storm Center, wrote in a blog that this was a good lesson for anyone maintaining a broadcast mailing list.

"It's not clear why a single e-mail got reflected today and not in the many previous months this service has been available," he wrote. "Quite likely, an e-mail administrator either clicked a box last night, rebuilt the system, migrated it to a new server, or did something that un-set a setting designed to prevent this type of event... Many of the posts were humorous, some offered jobs, at least one was a "vote for me" political advertisement, and many more offered their names and contact information in case somebody was looking to connect with their sector or region. Most definitely do not have the Jack Bauer (character from the series "24") mentality of total seriousness and no-joking attitude."

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.