Friday, February 08, 2008

Cyberblue on cyberblue

When the Department of Homeland Security ran its first cyberwargame in February of 2006, it found it easier to fight intrusions to individual networks than fight a shifting and expanding attack across a spectrum of targets. This was precisely the kind of attack the Russians launched against Estonia a year and two months later. Suitably warned, the DHS grimly began to ramp its game, uneventfully on the whole, but with one tiny exception ...

In late 2007, a contractor for the US Department of Homeland Security sent its daily Open Source Intelligence Report to "a subscription list of hundreds, perhaps thousands of recipients" according to Michael Sachs, the director of the SANS Internet Storm Center. You can guess what happened next.

A fault in the settings created a storm of emails. Replies went to everyone on the DHS mail list, as did every other reply from people who replied back. Subsequent e-mails pleading with members to "stop hitting the reply-to-all button" added themselves to the din. Within a short time a storm of mail, most sent by misadventure was crisscrossing the network. ZDNet describes the tragicomic sequence of events.

Almost half of the emails were either pleas to stop sending more emails, or people demanding to be unsubscribed, despite the fact that unsubscribe instructions are at the bottom of the DHS daily reports, wrote Sachs. ..."This is your combating terrorism office for DoD asking you to kindly stop now please. We actually have work to do," wrote Michael Kinder of the US Department of Defence Technical Support Working Group, according to a blog post on

One State Department employee on the list got 500 messages on her handheld device each of which was individually billed to her. In a final bizarre touch one of the replies that turned up in the storm was from an Iranian employed with Teheran's defense industry. It said:

From: Amir Ferdosi
To: DHS Daily OSIR Distribution List
Sent: Wednesday, October 3, 2007 3:24:28 PM
Subject: Is this being a joke?
why are so many messages today?
Amir Ferdosi
Sazeman-e Sana'et-e Defa'
Qom, Iran

This is very distracting to my messages. I read English slowly. My main office is in Iran, but I commute to Europe. I am a researcher for the defence ministry. Today I am just outside Marseille, France--it is very mild temperature.

My brother lives in Tustin, California. Is that near you. I visited several years ago.

with respenct, amir


Blogger Doug said...

Reminded me of this:

Energy Dept. Funding Institutes with Iranian Ties
WASHINGTON — The Energy Department is subsidizing two Russian nuclear institutes that are building key parts of Iran’s Bushehr reactor even though the United States has spent years trying to shut it down, according to a House committee.

2/08/2008 03:34:00 AM  
Blogger Peter Grynch said...

To err is human but to REALLY screw up takes a computer.
--Old Programmer's saying

2/08/2008 03:36:00 AM  
Blogger JAF said...

I remember that day as to I was one of the many recipients. When it first really got going, our office was told to not reply or encourage it, but there were plenty of people out there that thought it was funny and seemed to encourage it. I think it started as a couple of stupid people doing the reply all without realizing how many people would recieve it, then it turned into a joke that got out of hand. I don't recall getting that message from IRan so I can't verify that peice of the story.

2/08/2008 05:33:00 AM  
Blogger John J. Coupal said...


To err is human, but to REALLY screw up takes a government human, sometimes with aid of a computer.

--Old Human's saying

2/08/2008 05:35:00 AM  
Blogger RWE said...

This is a variation on the old WWII "Who dat?" bit.

A hundred plus airplanes are droning along, enroute to a target, and over the previously silent airwaves comes "Who dat?"

The reply is "Who dat say who dat?"

Then "Who dat say who dat say who dat." And so on, until the mission commander comes up on the frequency and tells everyone to knock it the hell off.

And someone responds "Who dat?"

Anyway, the funniest e-mail I ever saw was one, supposedly from the FBI (complete with FBI seal) that said to ignore all e-mails from the FBI because the FBI DOES NOT SEND OUT E-MAILS.

I figured that it had to be genuine.

2/08/2008 06:01:00 AM  
Blogger Marcus Aurelius said...

Oh the joy of lists and reply all!

When at the UAE University instructors from the English department setup an e-mail list to discuss their work.

One guy in frustration talked about how he wouldn't get any more attention from "his stones of students" if he was teaching stark naked. I don't recall how exactly it happened, but he ended up sending that note to our entire university division admin and all.

I asked my neighbor about it in the hallway once (him being a middle level teacher/manager in the dept) and he gave me unmistakable "subtle" gestures to not bring it up at the U.

About a year ago at work we got into one of those liststorms. It was funny.

Hehehe reminds me of the old stories about the combination of lists & auto-replies setting off liststorms.

2/08/2008 08:06:00 AM  
Blogger Red River said...

This brings back memories.

A colleague brought down the email servers and internal networks for all the top telecom firms over a decade ago due to a bug in automated notification software that kept sending emails een if they had been sent before.

It ran over a long weekend and when we stopped it, it had over a billion emails still in the queue.

It had a really nifty parallel feature that forked processes for each distinct email address and because it ran on a cluster, it had all the horsepower it needed.

It was the first large scale DDOS attack that I can recall, even if it was not malicious.

2/08/2008 10:53:00 AM  
Blogger Mad Fiddler said...

Sorta like a certain widely circulated "dumb you-name-it" joke:

A certain person of a gender, hair color, and intelligence quotient perennially used as the butt of insensitive jests, went missing.

Turned out this person had been in the shower for three weeks, following the directions on the shampoo bottle:

"Apply shampoo to hair. Rinse. Repeat."

2/08/2008 02:32:00 PM  
Blogger newscaper said...

Back in my manufacturing career several years ago we had some email fun.

I had a machine on the production line down a couple days due to the obsolete crap running on the DOS PC used to control it (a glue dispensing machine on a surface mount electronics line). After getting nowhere with the 1st line tech (I knew more about PCs than he did) I browbeat him into putting me in touch with one of their internal s/w developers.

That guy sent me an email offering his help, and thoughtlessly left attached the email *he'd* received internally form the tech I had been dealing with in vain. The attached message began, "Hey Todd, I'd appreciate it if you could take care of this guy before I have to fly down there and kick his fucking ass. He's really pissing me off..."

The "he" referred to was *me*.

Rather than pissed off, I died laughing when I saw it, practically literally fell out of my chair. All it took was bouncing it back to the CEO, Prez and various VPs.

A day later we had the Eastern US VP of sales in town to kiss our asses at lunch, and a whole new controller PC gratis instead of arguing about their shitty s/w's reliance on an expensive obsolete, proprietary trackball instead of using an off the shelf one that emulated an ordinary mouse.

P.S. At the luncheon I told'em I didn't want the tech fired but to make sure they all learned their lesson.

2/08/2008 07:07:00 PM  
Blogger Marcus Aurelius said...


A former colleague of mine resented being put through MS Office User (aka MOUSE) training and being utilized as a helpdesk resource. So he goofed off and acted non-pro. Mike's morgue you stab 'em we slab 'em etc. Until one day he got the john's president (I work for a contracting firm) well he was out of the client's site and my firm let him go too.

Good riddance the guy was @$$hat.

2/08/2008 09:02:00 PM  

Post a Comment

<< Home

Powered by Blogger