Pentagon thwarts spoofed e-mail

The Pentagon said today that an attempt to send a virus through its systems last week was thwarted before damage could be caused.

On the morning of Feb. 14, someone "spoofed" the Defense Technology Information Center (DTIC) header, camouflaging the sender's real address to make recipients think the message had come from the Defense Department. The message had a virus attached and was sent through Pentagon computers to two mailing lists.

"Our computers caught the virus and stripped it out," said Terry Davis, manager of the Public Web Program in the Office of the Secretary of Defense. "So what went out was the original text message that was sent in the e-mail, but the virus and the attachment were both stripped."

Davis said he and a few co-workers then went into the system to put safeguards in place to prevent someone else from spoofing a DTIC header. They tested their work off line to ensure its stability before bringing the system back online. When they did that, however, an unforeseen side effect became apparent.

"We didn't realize that the effect of the settings we had changed would leave the subscription list open, giving anyone the ability to post messages to the entire list," Davis said. "And we definitely underestimated how much people like to talk."

In a short time span, dozens of messages were flying around as people inadvertently clicked the "reply all" button to warn of the e-mail problem and sent messages to the entire list, which contains many thousands of people.

"What we want people to know is the system was not hacked, the system was not taken over, and a virus was not sent out," he said. "The only problem that really occurred is the people who replied to the entire list exposed themselves to thousands of other people."

Davis said both problems have been corrected and he personally sent a message of apology to every person on the list.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.