Spam Wreaks Havoc on US Govt. Mail Server

A torrent of unsolicited email messages was unleashed on recipients in the first week of October 2007 following a flaw in the distribution channel of a newsletter from the US Department of Homeland Security (DHS).

It all began with a reply by Alex Green, Manager, GKN Freight Services Inc., to the Daily Open Source Infrastructure Report, a review of news reports related to security- while attempting to modify his subscription details.

All names on the DHS subscriber list was sent a copy of Greene's reply by the mail server that in turn set off a flood of humorous and irritated responses directed at all subscribers, as revealed by the computer security monitoring organization, SANS Institute.

Marcus Sachs, Director, SANS Internet Storm Center, describes the volley of unwanted messages as a kind of mini-DDoS (Distributed Denial of Service) attacks on subscribers' inboxes and followed after a recipient replied back to the sender of the newsletter. SCMagazineUS reported it on October 4, 2007.

Speaking to SCMagazineUS on the same date, Sachs suggested that it probably occurred due to an administrator changed the settings of newsletter a day before the incident took place.

In the process, all the subscribers' e-mail Ids and personal details of some of them were made available to other recipients of the DHS bulletin. Much of the exposed details, like the telephone numbers and titles of military personnel and government workers, were likely to have been classified.

Eventually, the total number of messages generated exceeded 2 Million. Recipients also used Reply and Reply All to first lodge complaints about the spam influx and contributed to the chaos with comments and demands to put a halt on the messages.

According to the news on PC World on October 4, 2007, Marcus wrote in SANS diary (documenting security incidents) the possibility of the hazard of a hacker sending a malicious attachment with zero-day security flaw to target some vulnerable security professionals.

Sachs advised that when maintaining a broadcast e-mailing list, one should ensure that the addresses reveal e-mail only from the list's owner. Not doing so would make one a training model for SANS.

In SCMagazineUS on October 4, 2007, Amy Kudwa, DHS spokeswoman, reported that the matter was resolved by the newsletter's third-party vendor.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 10/23/2007