DHS Spews Forth Spam In IT Snafu
A 'reply all' error in a Department of Homeland Security anti-terrorism bulletin had security professionals flooding in-boxes with jokes and personal information.The Department of Homeland Security (DHS) said the glitch that turned an e-mail list into an out-of-control social networking experience Wednesday has been fixed.
The New York Times reported Thursday that a North Carolina businessman was responding to a daily anti-terrorism bulletin Wednesday when he accidentally set off a confluence of events that the newspaper said eventually flooded government, corporate, and personal e-mail boxes with 2.2 million messages.
More Insights
Webcasts
- Creating an Agile, Flexible Cloud Computing Model
- Enhance Business Performance with Process Oriented Data Stewardship
White Papers
- IDC white paper: Delivering an Integrated Infrastructure for the Cloud
- Nemertes Research PilotHouse Awards: Servers for Virtualization
Reports
- IT Pro Impact: VDI in the Cloud
- Strategy: Choosing the Right Vulnerability Scanner for Your Organization
The DHS, which sends out the bulletin, had misconfigured it so the businessman's reply message was swept out to the 7,500 security professionals and organizations on the list, according to Laura Keehner, a spokeswoman for the agency. Once others on the list saw what was happening, a virtual free-for-all started, with people like Army sergeants and business executives jumping into the fray to take advantage of the instant link-up.
"The issue is that the reply generated messages to the 7,500 addresses on the server list, which was followed by the spam," said Keehner in an interview with InformationWeek. "It was bad judgment for people to keep replying. It was a mix of federal, state, local, and industry leaders."
Keehner said they sent out an e-mail message asking people to stop e-mailing each other immediately. The New York Times reported that Department of Defense did the same thing. The requests met a lot of deaf ears, but the DHS notified the contractor who is in charge of the e-mail list and had it shut down.
But Wednesday night or Thursday morning, a new list was generated and this time all the addresses were bcc'ed, or hidden, according to Keehner.
"I don't know why it wasn't that way in the first place," she added. "It was just human error. I don't know. It has since been changed... No government secrets were leaked. No personal information was given out."
She did concede, however, that the e-mail addresses were disclosed for all of the people, who are mainly security professionals, on that list.
Marcus Sachs, director of the SANS Internet Storm Center, wrote in a blog that this was a good lesson for anyone maintaining a broadcast mailing list.
"It's not clear why a single e-mail got reflected today and not in the many previous months this service has been available," he wrote. "Quite likely, an e-mail administrator either clicked a box last night, rebuilt the system, migrated it to a new server, or did something that un-set a setting designed to prevent this type of event... Many of the posts were humorous, some offered jobs, at least one was a "vote for me" political advertisement, and many more offered their names and contact information in case somebody was looking to connect with their sector or region. Most definitely do not have the Jack Bauer (character from the series "24") mentality of total seriousness and no-joking attitude."
Related Reading
| To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSResource Links
Related Webcasts
- Videoconferencing: Business & the Big Picture
- Securing the Cloud: Extend the Benefits of Traditional IT Environments to Cloud
- Thriving in a Multi-Platform World: Integrating Mobile Device Management into Your Overall Security Strategy
- The Business Value of Data Quality – Getting the Most out of Your Investments in Data Warehousing and Data Analytics
- Collaborative DevOps: Bridging the gap between development and operations with automation
This Week's Issue
Free Print Subscription
SubscribeCurrent Healthcare Issue
- InformationWeek Healthcare CIO 25: Our second annual honor roll of the health IT leaders driving healthcare's transformation.
- EHR Unreadiness: Only a small percentage of physicians planning to apply for Meaningful Use funds have e-health record systems capable of achieving most of the requirements. .
- And much more!
- Read the Current Issue
Related Whitepapers
- Hardware vs. software deduplication: finding what's right for you
- In-Memory Analytics for Big Data
- Forrester Research study How Blade Servers Impact Datacenter Management and Agility
- ESG whitepaper: Defining Tier One Storage in the Modern Data Center
- Evaluator Group: HP's Converged Storage A Vision for Emerging Customer Requirements












