It started with one email from a businessman in North Carolina who wanted to alert the news list owner of his change of address. From there, it snowballed to 2.2. million messages to people at all levels of government and private security.
Here’s how it started: The Department of Homeland Security sends out an open source bulletin every day, which includes news reports on terrorist threats. What happened last Wednesday was what the SANS Institute describes as a “mini-DDos” of sorts; 275 email messages were sent throughout the day by recipients of the bulletin using the reply-all function. That hole in security allowed so many messages to be sent that it would even be the envy of many-a-spam-kings. One respondent sent out a message from Iran, saying “Why are so many messages today?” [sic], which prompted another respondent to chime in with: “Wow a reply from Iran!!!! Open source really does mean open source!!!!!”
Sans Internet Storm Center offers one moral of the story: “If you maintain a broadcast mailing list make sure that the address will not reflect email from sources other than the owner of the list. Otherwise, you will become a training example for SANS.”
Chain Reaction image by CxOxS
