Pentagon thwarts spoofed e-mail

The Pentagon said today that an attempt to send a virus through its systems last week was thwarted before damage could be caused.

On the morning of Feb. 14, someone "spoofed" the Defense Technology Information Center (DTIC) header, camouflaging the sender's real address to make recipients think the message had come from the Defense Department. The message had a virus attached and was sent through Pentagon computers to two mailing lists.

"Our computers caught the virus and stripped it out," said Terry Davis, manager of the Public Web Program in the Office of the Secretary of Defense. "So what went out was the original text message that was sent in the e-mail, but the virus and the attachment were both stripped."

Davis said he and a few co-workers then went into the system to put safeguards in place to prevent someone else from spoofing a DTIC header. They tested their work off line to ensure its stability before bringing the system back online. When they did that, however, an unforeseen side effect became apparent.

"We didn't realize that the effect of the settings we had changed would leave the subscription list open, giving anyone the ability to post messages to the entire list," Davis said. "And we definitely underestimated how much people like to talk."

In a short time span, dozens of messages were flying around as people inadvertently clicked the "reply all" button to warn of the e-mail problem and sent messages to the entire list, which contains many thousands of people.

"What we want people to know is the system was not hacked, the system was not taken over, and a virus was not sent out," he said. "The only problem that really occurred is the people who replied to the entire list exposed themselves to thousands of other people."

Davis said both problems have been corrected and he personally sent a message of apology to every person on the list.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.