DHS Spews Forth Spam In IT Snafu - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

DHS Spews Forth Spam In IT Snafu

A 'reply all' error in a Department of Homeland Security anti-terrorism bulletin had security professionals flooding in-boxes with jokes and personal information.

The Department of Homeland Security (DHS) said the glitch that turned an e-mail list into an out-of-control social networking experience Wednesday has been fixed.

The New York Times reported Thursday that a North Carolina businessman was responding to a daily anti-terrorism bulletin Wednesday when he accidentally set off a confluence of events that the newspaper said eventually flooded government, corporate, and personal e-mail boxes with 2.2 million messages.

The DHS, which sends out the bulletin, had misconfigured it so the businessman's reply message was swept out to the 7,500 security professionals and organizations on the list, according to Laura Keehner, a spokeswoman for the agency. Once others on the list saw what was happening, a virtual free-for-all started, with people like Army sergeants and business executives jumping into the fray to take advantage of the instant link-up.

"The issue is that the reply generated messages to the 7,500 addresses on the server list, which was followed by the spam," said Keehner in an interview with InformationWeek. "It was bad judgment for people to keep replying. It was a mix of federal, state, local, and industry leaders."

Keehner said they sent out an e-mail message asking people to stop e-mailing each other immediately. The New York Times reported that Department of Defense did the same thing. The requests met a lot of deaf ears, but the DHS notified the contractor who is in charge of the e-mail list and had it shut down.

But Wednesday night or Thursday morning, a new list was generated and this time all the addresses were bcc'ed, or hidden, according to Keehner.

"I don't know why it wasn't that way in the first place," she added. "It was just human error. I don't know. It has since been changed... No government secrets were leaked. No personal information was given out."

She did concede, however, that the e-mail addresses were disclosed for all of the people, who are mainly security professionals, on that list.

Marcus Sachs, director of the SANS Internet Storm Center, wrote in a blog that this was a good lesson for anyone maintaining a broadcast mailing list.

"It's not clear why a single e-mail got reflected today and not in the many previous months this service has been available," he wrote. "Quite likely, an e-mail administrator either clicked a box last night, rebuilt the system, migrated it to a new server, or did something that un-set a setting designed to prevent this type of event... Many of the posts were humorous, some offered jobs, at least one was a "vote for me" political advertisement, and many more offered their names and contact information in case somebody was looking to connect with their sector or region. Most definitely do not have the Jack Bauer (character from the series "24") mentality of total seriousness and no-joking attitude."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll