FBI E-Mail Server Breached 223
voma writes "The FBI said Friday it has shut down an e-mail system that it uses to communicate with the public because of a possible security breach. The bureau is investigating whether someone hacked into the www.fbi.gov e-mail system, which is run by a private company, officials said. 'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem."
Look at this spam I just got today (Score:5, Funny)
To: anonymouscoward@slashdot.org
Subject: The FBI can help you!
CONFIDENTIAL INFORMATION YOU WANT TO KNOW.
This is the agency they want banned from the INTERNET!
"The Federal Bureau of Investigations" shows you how to get the facts on anyone using our files.
LOCATE MISSING PERSONS, find lost relatives, obtain addresses and phone numbers of old school friends, even skip trace dead beat spouses. This is not a Private Investigator, but a GOVERNMENT agency DESIGNED to automatically CRACK YOUR CASE with links to thousands of our secret files.
Find out SECRETS about your relatives, friends, enemies, and everyone else! -- even your spouse! With the New - "FBI"
You will be AMAZED at what you can discover:
LICENSE PLATE NUMBER - Get anyone's name and address with just a license plate number! (Find that girl you met in traffic!)
DRIVING RECORD - Get anyone's driving record!
SOCIAL SECURITY NUMBER - Trace anyone by social security number!
ADDRESS - Get anyone's address with just a name!
UNLISTED PHONE NUMBERS - Get anyone's phone number with just a name- even unlisted numbers!
LOCATE - Long lost friends, relatives, a past lover who broke your heart!
E-MAIL - Send anyone anonymous e-mail that's completely untraceable!
DIRTY SECRETS - Discover dirty secrets your in-laws don't want you to know!
INVESTIGATE ANYONE - Use the sources that private investigators use (all on the Internet) secretly!
EX-SPOUSE - Learn how to get information on an ex-spouse that will help you win in court! (Dig up old skeletons)
CRIMINAL SEARCH - BACKGROUND CHECK - Find out about your daughter's boyfriend! (or her husband)
FIND OUT - If you are being investigated!
NEIGHBORS - Learn all about your mysterious neighbors! Find out what they have to hide!
PEOPLE YOU WORK WITH - Be astonished by what you'll learn about the people you work with!
EDUCATION VERIFICATION - Did he really graduate college? Find out!
"The FBI" will help you discover ANYTHING about anyone, with clickable hyperlinks and no typing in Internet addresses! Just download the software and go! You will be shocked and amazed by the secrets that can be discovered about absolutely everyone! Find out the secrets they don't want you to know! About others, about yourself!
LIMITED TIME OFFER -- ORDER TODAY! ONLY $20 (US)
You can access the "FBI" NOW so you can begin discovering all the secrets you ever wanted to know! You can know EVERYTHING about ANYONE with "The FBI".
- Works with all Internet Explorer browsers and all versions of AOL
- Windows Versions available Only!
DON'T WAIT TO GET STARTED? It's as easy as 1, 2, 3. ORDER TODAY - While this agency is still legal!
Re:Look at this spam I just got today (Score:2, Funny)
Request (Score:5, Insightful)
Re:Request (Score:2)
Re:Request (Score:2)
It may have been non-Microsoft, hence censored.
Re:Request (Score:2, Funny)
Dream on.
Re:Request (Score:3, Insightful)
Pick for password. (Score:2, Funny)
Isn't that a good password?
I use it on my luggage too.
Re:Request (Score:2)
Re:Request (Score:3, Interesting)
Yes, there
Re:Request (Score:3, Interesting)
I call bullshit.
Will it be a cakewalk to crack? No. Will it be "very vulnerable"? Yes. Why, you ask? Because there are vulnerabilities that are still unpatched years after reports. Many "minor" vulnerabilities are actually stepping stones to administrator privileges; Bugtraq has more than a few posts regarding stringing a half dozen "mino
Re:Request (Score:2)
IIS, IE, SMB
Re:Request (Score:2)
Yes, I think MS gets more abuse than their software deserves on /.
Your points are all good except that last one:
Consider market penetration of MS IIS vs Apache and consider the number of exploits each has seen.
Re:Request (Score:3, Insightful)
That's true as long as you say directly vulnerable. However, in any IT shop you also need to consider indirect vulnerabilities. E.g. the server itself may be secure, but someone's got to administer that system periodically. How secure are the system(s) used by the admins, or other systems on the network? All an attacker needs are some common user apps w/ holes on *some* systems that connect to the o
Re:Request (Score:4, Funny)
But Netcraft confirms it, mail.fbi.gov is dead!
More seriously, netcraft sez http://www.fbi.gov was running Sun-ONE-Web-Server on Linux when last queried at 4-Feb-2005 18:26:45 GMT. Whatever that is.
Re:Request (Score:3, Informative)
says it is running Linux.
Perhaps that is why Slashdot didn't post the operating system in the summary.
Re:Request (Score:3, Insightful)
It doesn't really. It says it's hosted by Akamai. Which means that the data is unreliable at best. Netcraft is actually detecting the OS and Web server software of Akamai's content serving nodes, which are most likely completely different from the FBI's actual servers.
See this FAQ item [netcraft.com] from Netcraft for more information.
Re:Request (Score:2)
smtp00.fbi.gov.
How? (Score:5, Funny)
Re:How? (Score:2)
Re:How? (Score:2)
Re:How? (Score:5, Funny)
Re:How? (Score:2)
American public - no doubt it was the dropbox
for the server logs from the replacements for
their CARNIVORE network.
Re:How? (Score:3, Interesting)
Even worse... (Score:2)
Maybe *this* is the hack!
Re:How? (Score:5, Funny)
Duh (Score:2)
Server was running Linux Sun-ONE-Web-Server/6.1 (Score:2, Informative)
Re:Server was running Linux Sun-ONE-Web-Server/6.1 (Score:3, Funny)
And as a followup... (Score:5, Funny)
In a followup e-mail describing the problem, Special Agent Laz Steverus said "No sensitive information was compromised, but today is a good time to remind citizens that the FBI is in posession of approximately 22,000,000,000 (TWENTY TWO BILLION DOLLARS) in uncollected judicial judgements from spammers, a portion of which we're trying to return to you folks. Just visit our web site, and read our press release, and it will instruct you in how to help us get this money back to you..."
Re:And as a followup... (Score:2)
Re:And as a followup... (Score:2)
Great, now someone is using tax payer funded accounts to view www.sexyvixens.com (just a made up site... I think)
Cool name. (Score:5, Funny)
Re:Cool name. (Score:5, Funny)
Re:Cool name. (Score:3, Funny)
Then you have sex with your mom!
[/heinlein]
Re:Cool name. (Score:2)
Or your cloned twin sisters... now that's hot!
hmmm.... so just how many kittens would god have to kill for that one?
Re:Cool name. (Score:2)
Re:Cool name. (Score:2)
Ok...that was bad. Sorry.
Re:Cool name. (Score:3)
You know, for very similar reasons, I thought to myself "oh yeah, sure, I believe an article that claims to come from Special Agent Lazarus".
It sounds like such a hackneyed/stereotyped name that I didn't initially believe it. Wierd.
The Lazarus Report... (Score:2)
*ducks*
They use an email server to surf the web??? (Score:3, Interesting)
I'm sorry, but when I hear a media spokesperson hiccup like that, my bullshit detector sends up an immediate flag. What was this email server really used for???
Re:They use an email server to surf the web??? (Score:2)
A Quote from my GEEK Calendar.....
FBI raids themselves (Score:5, Funny)
Re:FBI raids themselves (Score:2)
In other news... (Score:5, Funny)
Not only that, but personnel over at the Central Intelligence Agency as well as the National Security Agency have also become more friendlier. One employee was noted saying, "Thank God! I was so fucking tired of those guys sending me pics of Goatse!"
Non Event (Score:5, Informative)
I'm sure, like the NSA, that the FBI has (at least) two networks. One that is internal only for confidential/sensitive communication/files, and one for outside communication such as this one. At the NSA, they are completely seperate, with no ability to copy/move files from one to the other.
Re:Non Event (Score:2)
Re:Non Event (Score:2)
Re:Non Event (Score:2)
I'm pretty sure the fine folks at Ft. Meade don't confiscate eyeballs and fingers. But admittedly, if you can't trust your personnel to not deliberately transfer data manually between nets, you might as well fire them all.
Re:Non Event (Score:2)
Re:Non Event (Score:2)
Re:Non Event (Score:2)
At the NSA, there are two pc's on every desk. One connects to the local, classified network. The other connects to the outside world for research, or goofing off and reading
The folks at my ISP have no idea
Re:Non Event (Score:2)
Re:Non Event (Score:2)
Anything I know about the NSA is from a former employee of theirs who I happened to be in contact with for some time. What I told here was 100% of the information I could ever get out of him regarding working there.
Now, maybe after reading this, they'll do a background check, cross reference, find him, and he'll be the one hanging out at Club Gitmo.
"Garcon, another Mai Tai
Re:Non Event (Score:2)
Re:Non Event (Score:2)
Why in the world would you try to turn this into a partisan issue? Are you suggesting that democrats/libertarians/independants wouldn't farm out work?
Gheez, the things people will do for mod points...
Oh shoot (Score:4, Funny)
I'm sitting here in the training cubicle. The guy in the cube next to me decides to check his voicemail... ON SPEAKERPHONE. After he dials in his password (for the entire office to hear) I call softly over the cube wall,"I now have your password."
A tense silence followed, and I could tell that the general perception was "Yeah right--you're just the new guy."
So I brought up my handy DTMF generator and started replaying his password over and over (at a low volume, but just loud enough so that people in adjacent cubes could hear).
How was I supposed to know that he had the Admin password for the e-mail server stored in his voicemail?
At the same time... What sort of dumbass checks their voice mail on speakerphone in public office space?
Re:Oh shoot (Score:2)
On the other hand, it does show up on the display, though, so I'm sure some of the more creative people could just pick up a random phone, hit redial, and watch the numbers fly by, noting that certain combinations of numbers aren't passwords (3337 skips through a message and erases it) etc.
Re:Oh shoot (Score:2)
Re:Oh shoot (Score:2)
When I was doing computer support, it was fun to walk into an executive's office and smell burnt electronics -- they'd try to plug their analog modem into the digital circuit, and it would fry the modem.
Re:Oh shoot (Score:2)
This means war!!! (Score:3, Funny)
No sensitive information? Re-think that (Score:5, Insightful)
I'm sure it's FBI policy to avoid it, but it's like a bank...how many people do you think send account numbers, SSN's, etc. to a bank via email? Do you think most people are going to see "fbi.gov" and not think it's safe to email them?
Regardless of what they say, IF this server was compromised, I bet the attacker saw all sorts of interesting things. It's not their fault, but it's probably more serious than they are letting on.
Re:No sensitive information? Re-think that (Score:2)
It's even more surprising to see the number of people who think a bank's domain "kind of looks like their own bank" and go ahead to register for online banking (giving SSN's, addresses, and account numbers) to the wrong bank - often in the wrong country.
Re:No sensitive information? Re-think that (Score:2)
And what makes you think we don't monitor for that type of thing? Heaven help the fool who sends sensitive customer information unencrypted out of here. Re-education with a large wooden mallet usually ensues.
Or did he? (Score:5, Funny)
Is this some sort of intelligence test? You get an email press release from someone saying the email account they use for press releases isn't reliable?
How long is this line going to hold? (Score:3, Insightful)
We'll be seeing the first article any time now about classified material having been sent over this server. Some one start a pool.
hm (Score:2, Funny)
Risk of compromise is low (Score:2, Insightful)
Re:Risk of compromise is low (Score:2)
In cases like this,
Special Agent Lazarus? (Score:2)
Re:Special Agent Lazarus? (Score:2)
Nah... he specializes in forgiveness. There's no place for that kind in today's FBI.
I'm shocked and apalled (Score:4, Funny)
No Wonder 9/11 Happened! (Score:2, Interesting)
Re:No Wonder 9/11 Happened! (Score:3, Funny)
Re:No Wonder 9/11 Happened! (Score:2)
Re:No Wonder 9/11 Happened! (Score:2)
There was a gospel concert at my school once, and they gave out programs with something that vaguely looked like either a web or email address:
Some people are too stupid to have a computer. That include
Re:No Wonder 9/11 Happened! (Score:2)
zerg (Score:5, Funny)
Re:zerg (Score:3, Informative)
Re:zerg (Score:2, Interesting)
It's a way of constraining them. If you ever go to a federal building and see a bunch of people standing around claiming to be the "Federal Police," they're actually titled "special
police officers." The reason for this is that no Fed actually has true general police powers. The way the statute is written, they have the powers of "sheriffs and constables" when in the course of som
The "usually armed" part is NOT special. (Score:3, Interesting)
Only the powers of arrest part is "special". A mind-boggling range of government employees have federal permission to carry guns. (And this permission, like post-office driving rules, overrides state laws.)
This was apparently first noticed when an airport security employee leaked the list of a
Here come the conspiracy theories... (Score:2, Interesting)
It would also explain how they were able to send the email
This Story is Surprising... Why? (Score:3, Insightful)
I guess I shouldn't hit below the belt like that but I'm still pissed off about millions of my dollars (And they were all MY dollars thptt!) being wasted on Virtual Case File. I bet some corrupt individuals got really, really rich off that project, too...
Re:This Story is Surprising... Why? (Score:2)
That's because the first rule of working at the NSA is that you NEVER talk about the NSA.
Who wants to bet? (Score:2, Interesting)
Originally I started thinking of this post as a joke, THEN I started thinking... what if the FBI really DID have a server with a collection of confiscated mp3's being held as "evidence" for "review" by agents at their convenience? And what if RIAA really did have such as hack-bot programmed and authorized to shutdown P2P systems?
Food for thought.
Pure Poetry (Score:2)
Doh! (Score:2)
Special agent Lazarus (Score:2, Funny)
Frankly, I think we've all been duped by this false news post.
"Breached"? How? And to what extent? (Score:2, Insightful)
If an SMTP gateway was supposedly "breached", what could that entail? Somebody was able to relay through the server? Wooo, big deal! There are like a bazillion open relays out
Uhoh (Score:2)
He went on to say (Score:2)
He went on to say, "This b0x p0wn3d by daHax0r2000"
Special Agent Steve Lazarus! (Score:2)
They could even merchandise a breakfast cereal. Kids could help him by buying cereal to defeat the Evil Doctor Haxxor and his army of netbots
In a similar vein .... (Score:2)
The WB Get Lex Sweepstakes (Score:2)
Us & Them (Score:3, Interesting)
You folks? Gee, thanks alot, we don't trust you much either.
Re:are you sure? (Score:5, Funny)
and not somebody named 133thaxxor?
My name is Lee Thaxxor, you insensitive clod!
Re:are you sure? (Score:2)
From the DEAD!
Re:Familiar Special Agent (Score:2)
Re:Kinda makes you wonder... (Score:2)