FBI E-Mail Server Breached

voma writes "The FBI said Friday it has shut down an e-mail system that it uses to communicate with the public because of a possible security breach. The bureau is investigating whether someone hacked into the www.fbi.gov e-mail system, which is run by a private company, officials said. 'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem."

Look at this spam I just got today

[by Anonymous Coward]

From: rmueller@fbi.gov
To: anonymouscoward@slashdot.org
Subject: The FBI can help you!

CONFIDENTIAL INFORMATION YOU WANT TO KNOW.

This is the agency they want banned from the INTERNET!

"The Federal Bureau of Investigations" shows you how to get the facts on anyone using our files.

LOCATE MISSING PERSONS, find lost relatives, obtain addresses and phone numbers of old school friends, even skip trace dead beat spouses. This is not a Private Investigator, but a GOVERNMENT agency DESIGNED to automatically CRACK YOUR CASE with links to thousands of our secret files.

Find out SECRETS about your relatives, friends, enemies, and everyone else! -- even your spouse! With the New - "FBI"

You will be AMAZED at what you can discover:

LICENSE PLATE NUMBER - Get anyone's name and address with just a license plate number! (Find that girl you met in traffic!)

DRIVING RECORD - Get anyone's driving record!

SOCIAL SECURITY NUMBER - Trace anyone by social security number!

ADDRESS - Get anyone's address with just a name!

UNLISTED PHONE NUMBERS - Get anyone's phone number with just a name- even unlisted numbers!

LOCATE - Long lost friends, relatives, a past lover who broke your heart!

E-MAIL - Send anyone anonymous e-mail that's completely untraceable!

DIRTY SECRETS - Discover dirty secrets your in-laws don't want you to know!

INVESTIGATE ANYONE - Use the sources that private investigators use (all on the Internet) secretly!

EX-SPOUSE - Learn how to get information on an ex-spouse that will help you win in court! (Dig up old skeletons)

CRIMINAL SEARCH - BACKGROUND CHECK - Find out about your daughter's boyfriend! (or her husband)

FIND OUT - If you are being investigated!

NEIGHBORS - Learn all about your mysterious neighbors! Find out what they have to hide!

PEOPLE YOU WORK WITH - Be astonished by what you'll learn about the people you work with!

EDUCATION VERIFICATION - Did he really graduate college? Find out!

"The FBI" will help you discover ANYTHING about anyone, with clickable hyperlinks and no typing in Internet addresses! Just download the software and go! You will be shocked and amazed by the secrets that can be discovered about absolutely everyone! Find out the secrets they don't want you to know! About others, about yourself!

LIMITED TIME OFFER -- ORDER TODAY! ONLY $20 (US)

You can access the "FBI" NOW so you can begin discovering all the secrets you ever wanted to know! You can know EVERYTHING about ANYONE with "The FBI".

- Works with all Internet Explorer browsers and all versions of AOL
- Windows Versions available Only!

DON'T WAIT TO GET STARTED? It's as easy as 1, 2, 3. ORDER TODAY - While this agency is still legal!

Request

[mingot (665080)]

Neal, when you post an article like this the only thing anyone cares about is what OS (and especially if it was microsoft) got ownz0red. Please try to put this information in the summary. Thank you.

Re:Request

[ScentCone (795499)]

That piece of their e-mail operations was run by AT&T. Or, was that SBC? It's all a blur...

Re:Request

[by Anonymous Coward]

Neal, when you post an article like this the only thing anyone cares about is what OS (and especially if it was microsoft) got ownz0red. Please try to put this information in the summary. Thank you.

It may have been non-Microsoft, hence censored.

Re:Request

[LurkerXXX (667952)]

The 'editors' here don't even read their own site to prevent dupe stories. Now you think they are going to actually read the article posted, and also do background research for it?

Dream on.

Re:Request

[kg4gyt (799019)]

It could be Linux, just with a poor pick for a password, or unpatched, or even configured incorrectly. Can't always immediately blame the OS, configuration can be just as large of a problem.

Pick for password.

[www.sorehands.com (142825)]

1 2 3 4

Isn't that a good password?
I use it on my luggage too.

Re:Request

[BlueTooth (102363)]

THANK YOU! I'm not a MS fanboy or anything, but this is a very good point. A well configured, well patched Windows machine (especially a server) isn't going to be very vulnerable. The same can be said of Linux. Further, an unpatched, poorly configured Windows machine will drop dead very quickly, and the same can be said for Linux. You might even argue that a talentless admin would have an _easier_ time securing up a Windows machine (since sever 2003, anyway, where all services shipped off).

Yes, there

Re:Request

[brlancer (666140)]

I'm not a MS fanboy or anything, but this is a very good point. A well configured, well patched Windows machine (especially a server) isn't going to be very vulnerable.

I call bullshit.

Will it be a cakewalk to crack? No. Will it be "very vulnerable"? Yes. Why, you ask? Because there are vulnerabilities that are still unpatched years after reports. Many "minor" vulnerabilities are actually stepping stones to administrator privileges; Bugtraq has more than a few posts regarding stringing a half dozen "mino

Re:Request

[John Whitley (6067)]

A well configured, well patched Windows machine (especially a server) isn't going to be very vulnerable.

That's true as long as you say directly vulnerable. However, in any IT shop you also need to consider indirect vulnerabilities. E.g. the server itself may be secure, but someone's got to administer that system periodically. How secure are the system(s) used by the admins, or other systems on the network? All an attacker needs are some common user apps w/ holes on *some* systems that connect to the o

Re:Request

[say (191220)]

But Netcraft confirms it, mail.fbi.gov is dead!

More seriously, netcraft sez http://www.fbi.gov was running Sun-ONE-Web-Server on Linux when last queried at 4-Feb-2005 18:26:45 GMT. Whatever that is.

Re:Request

[Frank T. Lofaro Jr. (142215)]

http://uptime.netcraft.com/up/graph?site=www.fbi.g ov [netcraft.com]

says it is running Linux.

Perhaps that is why Slashdot didn't post the operating system in the summary.

Re:Request

[by Anonymous Coward]

says it is running Linux.

It doesn't really. It says it's hosted by Akamai. Which means that the data is unreliable at best. Netcraft is actually detecting the OS and Web server software of Akamai's content serving nodes, which are most likely completely different from the FBI's actual servers.

See this FAQ item [netcraft.com] from Netcraft for more information.

How?

[The Grey Clone (770110)]

How was this said in an e-mail if their e-mail server was down?

Re:How?

[superpulpsicle (533373)]

Come on, the FBI is like Don King. Believe half of what they say at best.

Re:How?

[Gyorg_Lavode (520114)]

How many email servers can you send through right now?

Re:How?

[liquidsin (398151)]

I'm more interested in how they use an email account to view internet sites...

Re:How?

[commodoresloat (172735)]

You beat me to it! My first experience with the WWW was retrieving documents through email. I still remember the sense of excitement realizing I could get documents mailed to me by another computer. I didn't know what the web was at the time (this must have been 1992 or 1993; it was well before Mosaic). I don't know if it was the same software (don't recall the name agora) but it was the same trick, and it rocked. I remember being blown away when I learned about lynx; thinking, wow, I don't have to wai

Even worse...

[the_skywise (189793)]

How can we verify it was REALLY from them if it didn't come from their usual IP Address!?

Maybe *this* is the hack! :)

Re:How?

[VB (82433)]

It came from fbipressrelease723@hotmail.com

Server was running Linux Sun-ONE-Web-Server/6.1

[by Anonymous Coward]

From netcraft: Linux Sun-ONE-Web-Server/6.1

Re:Server was running Linux Sun-ONE-Web-Server/6.1

[eln (21727)]

Well then, I guess Netcraft confirms it: Linux-Sun-ONE-Web-Server/6.1 is dying.

And as a followup...

[Tackhead (54550)]

> "We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases," Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem.

In a followup e-mail describing the problem, Special Agent Laz Steverus said "No sensitive information was compromised, but today is a good time to remind citizens that the FBI is in posession of approximately 22,000,000,000 (TWENTY TWO BILLION DOLLARS) in uncollected judicial judgements from spammers, a portion of which we're trying to return to you folks. Just visit our web site, and read our press release, and it will instruct you in how to help us get this money back to you..."

Cool name.

[Gulik (179693)]

Man, what I wouldn't give to be "Special Agent Lazarus." Everything you do sounds cool -- I mean, it might be an utterly boring document about e-mail usage, but you still get to call it "the Lazarus Report."

Re:Cool name.

[rxmd (205533)]

Man, what I wouldn't give to be "Special Agent Lazarus." Everything you do sounds cool -- I mean, it might be an utterly boring document about e-mail usage, but you still get to call it "the Lazarus Report."

Even better: when you die, you're brought back to life by Special Agent Jesus!

Re:Cool name.

[nadadogg (652178)]

Even better: when you die, you're brought back to life by Special Agent Jesus!

Then you have sex with your mom!
[/heinlein]

Re:Cool name.

[gstoddart (321705)]

Man, what I wouldn't give to be "Special Agent Lazarus."

Everything you do sounds cool

You know, for very similar reasons, I thought to myself "oh yeah, sure, I believe an article that claims to come from Special Agent Lazarus".

It sounds like such a hackneyed/stereotyped name that I didn't initially believe it. Wierd.

They use an email server to surf the web???

[dos4who (564592)]

"'We use these accounts to ...view internet sites...".

I'm sorry, but when I hear a media spokesperson hiccup like that, my bullshit detector sends up an immediate flag. What was this email server really used for???

FBI raids themselves

[by Anonymous Coward]

The FBI reportedly surrounded the building (after leaving it) and broke down the front door, only after realizing they had the keys. They confiscated the computers and surrounding evidence for further investigation. "It must be an insider doing the hacking, these systems were secure." said agent r0\/ l337zki.

In other news...

[teledyne (325332)]

... the FBI, for a short time, became mysteriously more productive within the span of 12 hours. Some say that their coffee was spiked with a new secret uber-caffeine, while others say a lack of spam in their e-mail boxes allowed them to work more freely.

Not only that, but personnel over at the Central Intelligence Agency as well as the National Security Agency have also become more friendlier. One employee was noted saying, "Thank God! I was so fucking tired of those guys sending me pics of Goatse!"

Non Event

[I8TheWorm (645702)]

The key phrases are run by a private company and We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases.

I'm sure, like the NSA, that the FBI has (at least) two networks. One that is internal only for confidential/sensitive communication/files, and one for outside communication such as this one. At the NSA, they are completely seperate, with no ability to copy/move files from one to the other.

Re:Non Event

[nharmon (97591)]

All you need is one floppy disk, or one hard copy.

Oh shoot

[SilverspurG (844751)]

How was I supposed to know?

I'm sitting here in the training cubicle. The guy in the cube next to me decides to check his voicemail... ON SPEAKERPHONE. After he dials in his password (for the entire office to hear) I call softly over the cube wall,"I now have your password."

A tense silence followed, and I could tell that the general perception was "Yeah right--you're just the new guy."

So I brought up my handy DTMF generator and started replaying his password over and over (at a low volume, but just loud enough so that people in adjacent cubes could hear).

How was I supposed to know that he had the Admin password for the e-mail server stored in his voicemail?

At the same time... What sort of dumbass checks their voice mail on speakerphone in public office space?

Re:Oh shoot

[karnal (22275)]

Our phone switch doesn't actually play the DTMF tones; it just gives a short "beep" to let you know you've entered a digit....

On the other hand, it does show up on the display, though, so I'm sure some of the more creative people could just pick up a random phone, hit redial, and watch the numbers fly by, noting that certain combinations of numbers aren't passwords (3337 skips through a message and erases it) etc.

This means war!!!

[toocoolforschool (848274)]

Director Mueller wants his email (gunslinger_cute@fbi.gov) back with a vengeance.

No sensitive information? Re-think that

[flinxmeister (601654)]

I have worked with FBI agents on a few things, and I can't imagine this email server didn't have sensitive info flow through it.

I'm sure it's FBI policy to avoid it, but it's like a bank...how many people do you think send account numbers, SSN's, etc. to a bank via email? Do you think most people are going to see "fbi.gov" and not think it's safe to email them?

Regardless of what they say, IF this server was compromised, I bet the attacker saw all sorts of interesting things. It's not their fault, but it's probably more serious than they are letting on.

Or did he?

[NMerriam (15122)]

Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem.

Is this some sort of intelligence test? You get an email press release from someone saying the email account they use for press releases isn't reliable?

How long is this line going to hold?

[PMuse (320639)]

'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent ... Lazarus said ...

We'll be seeing the first article any time now about classified material having been sent over this server. Some one start a pool.

hm

[EMH_Mark3 (305983)]

Does that mean we need to change our passwords again?

Risk of compromise is low

[Jack Taylor (829836)]

According to the BetaNews Article [betanews.com] Officials said the actual risk of a system compromise was fairly low. So the question is, what did the sysadmin see that prompted him to shut the system down?

Special Agent Lazarus?

[i_want_you_to_throw_ (559379)]

Lazarus? Really? Special Agent Jesus? By definition he should be able to resurrect the server and dole out retribution.

I'm shocked and apalled

[b00m3rang (682108)]

How could someone actually read someone else's email without their permission? Next these crackers will be listening to other people's phone calls. Then what, a knock on the door in the middle of the night?

No Wonder 9/11 Happened!

[eno2001 (527078)]

The FBI said Friday it has shut down an e-mail system that it uses to communicate with the public because of a possible security breach. The bureau is investigating whether someone hacked into the www.fbi.gov e-mail system, which is run by a private company, officials said. 'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in

Re:No Wonder 9/11 Happened!

[eno2001 (527078)]

I also fail it as I can't tell the difference between a

<B> and a </B>

.

zerg

[Lord Omlette (124579)]

Out of curiosity, does the FBI have any "normal" agents? Cause if they're all "special" agents, are they really that special?

Re:zerg

[vanza (125693)]

A guy who used to work with me joined the FBI and got a "special agent" title right away. He also said everybody there was a "special agent", so maybe they just want to feel special.

The "usually armed" part is NOT special.

[Ungrounded Lightning (62228)]

A special agent is a federal investigative employee who has powers of arrest and is usually armed. This is "special" when compared to the powers of an ordinary federal employee, not to other agents within the FBI.

Only the powers of arrest part is "special". A mind-boggling range of government employees have federal permission to carry guns. (And this permission, like post-office driving rules, overrides state laws.)

This was apparently first noticed when an airport security employee leaked the list of a

This Story is Surprising... Why?

[Greyfox (87712)]

I mean look at the recent news. Not like they employ the brightest IT grapes in the bunch. I guess the NSA is snapping up all of those guys. Notice how whenever you hear about some government agency fucking up an IT project, it's never the NSA? So we know where all of the good IT talent in the government is...

I guess I shouldn't hit below the belt like that but I'm still pissed off about millions of my dollars (And they were all MY dollars thptt!) being wasted on Virtual Case File. I bet some corrupt individuals got really, really rich off that project, too...

Us & Them

[MSTCrow5429 (642744)]

'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases.'

You folks? Gee, thanks alot, we don't trust you much either.

Re:are you sure?

[grub (11606)]

and not somebody named 133thaxxor?

My name is Lee Thaxxor, you insensitive clod!