DHS Injects Itself With DDoS

An anonymous reader writes "Here's a story about what can happen to any enterprise IT department that overestimates the intelligence of its users. Only in this case, the enterprise in question is the U.S. Department of Homeland Security. The spokesman says there's no Jack Bauer mentality. No kidding!"

DDoS?

[siddesu]

sounds like a bad case of misconfiguration to me.

Re:DDoS?

[omeomi]

Yeah, a mailing list with a lot of people hitting "reply all" really isn't the same as a DDoS attack...it's just a mailing list with a lot of people hitting "reply all"

Re:

[edrie]

better hitting "mark as spam" :P

Re:

[E IS mC(Square)]

a mailing list with a lot of people hitting "reply all" really isn't the same as a DDoS attack

May be not in this case, but thats exactly what happened when network came to standstill and exchange servers melted down for exactly the same reason for very large company I work for.

It started with a very creative admin creating a mailing list "to-all". Within 3 hours, somebody who had a lot of time on his hand found it out and sent out some naive message to the list. The classic snowball effect followed wit

Re:

[fritsd]

I still don't understand what happened from what you described. Did you create an "infinite bounce" or were your e-mail servers just incredibly crappy? I'm (unfortunately) familiar with causing loops by attempting to rewrite sendmail configuration, but otherwise surely any normal MTA would cope with a few thousand extra e-mails. And sendmail is 20 years old software.

Re:

[E IS mC(Square)]

I guess it had more to do with (40000 recipients across multiple geoclusters) x (100+ reply-to-alls) + crappy infrastructure. And all this in a very short period of time in the morning hours of work where email traffic was already on heavier side anyways.

Re:

[DrSkwid]

> or were your e-mail servers just incredibly crappy?

Here, let me help you with that :

[NETBIOS] network came to standstill and exchange servers melted down

Re:

[Gilmoure]

Had the same thing happen at my company, two years ago. It started with "Anyone want a puppy?" sent out to most of the company. D'oh!

Re:

[Anonymous Coward]

Yeah, a mailing list with a lot of people hitting "reply all" really isn't the same as a DDoS attack...it's just a mailing list with a lot of people hitting "reply all"

Not on Microsoft infrastructure. It's called a cascade failure and if it happens to you all of your Exchange servers will go down. All of them.

1. All Exchange Servers fail --> All Outlook instances lock up, Word freezes, and desktops generally become unstable.
2. Panic ensues.
3. Someone calls a consultant
4. Profit! :D


If everyth

Re:

[Abreu]

Wow, a "1. 2. 3. Profit!" meme that is actually complete!

Re:

[Zygamorph]

What gets me about the thing is that they say that it might have been a configuration change. Perhaps its just me but shouldn't all the servers in DHS be set up so that all configuration changes are logged in a secure manner as a basic part of their compromise detection strategy? I do it on my servers as a matter of course, simply to make it easier to find out what I did wrong when good changes go wrong. Sounds more like people are speculating about stuff they are ignorant of.

Re:

[jbengt]

We encountered a pretty stupid configuration issue where I work once.
A guy who was going on vacation set up an out-of-office reply, but set it up to reply to "all employees".
"Reply only once" was not set, and apparently automatically replying to the group "all employees" includes sending a reply to the sender who then receives the reply and sends a response to everyone, including himself. So the system entered an infinite loop.
I got into the office early and could actually still log in; I had about 100 e-m

a case of the lolz?

[Gary W. Longsine]

What is that, something like: "diarrhea of the instant message shorthand"?

Listserv Idiocy

[astrotek]

lol, happened at college all the time

you get 5-6 idiots that reply to all
then you get 50-60 idiots telling them not to reply to all
and 50-60 more idiots trying to have a conversation to the first 5-6 idiots

Re:Listserv Idiocy

[MillionthMonkey]

OK, guys, stop posting, or thousands of people are going to cumulatively spend hours reading your post and wasting their time! STOP WRITING POSTS EVERYONE!

Re:

[Anonymous Coward]

OK, guys, stop posting, or thousands of people are going to cumulatively spend hours reading your post and wasting their time! STOP WRITING POSTS EVERYONE!

Reply All: OK

Re:Listserv Idiocy

[Anonymous Coward]

plz UNSUBSCRIBE me from this website.

Re:

[MillionthMonkey]

No, people, you don't get it! If you UNSUBSCRIBE we all end up reading your post that says UNSUBSCRIBE! It doesn't actually unsubscribe you from anything!

Now this time I mean it! Stop posting where we can all see!

Re:

[fritsd]

(*) To unsubscribe, send a message with words 'unsubscribe listserv_idiocy@dhs.gov' in the body of the message to majordomo@dhs.gov from the address you are subscribed from.

Re:

[rk075245]

Not a new issues to be suprise!!! But still DHS want to jump into it,

Re:

[2Bits]

Godwin's Law is a more efficient way :)

Ok, I invoke it now.

Re:Listserv Idiocy

[MLease]

Only a Nazi would deliberately try to invoke Godwin's Law!

-Mike

Re:Listserv Idiocy

[laejoh]

How friggin dare anyone out there write posts after all this website has been through.

/. lost her bandwidth, /. went through a slashdot effect. /. had two friggin sharks with lasers on their heads.

Her administrator turned out to be a user, a cheater, and now /. going through a ddos. All you people care about is..... readers and making money off of her.

/.'s A WEBSITE! What you don't realize is that /. is making you all this money and all you do is write a bunch of crap about her.

/. hasn't performed on the web in years. /. songs is called "give me hotgrits" for a reason because all you people want is MORE MORE MORE MORE MORE.

LEAVE /. ALONE! You are lucky /. even performed for you BASTARDS!

LEEEAVE /. ALLLLLONE!.....Please.

Cowboy Neal talked about professionalism and said if kdawson was a professional he would've pulled it off no matter what.

Speaking of professionalism, when is it professional to publically bash someone who is going through a hard time.

Leave /. Alone Please.... Leave /. alone...right now....I mean it.

Anyone that has a problem with /. you deal with me, beacuse /. is not well right now.

leave /. alone/p

Re:Listserv Idiocy

[MillionthMonkey]

Well now that I have everyone's address I might as well send this out... has anyone seen my pencil sharpener?

Re:Listserv Idiocy

[Mr. Freeman]

I have no information on the whereabouts of your pencil sharpener. However, I believe you have my stapler. It's a red swingline, I kept it because it doesn't bind up as much as the new ones.

Re:

[fractoid]

You could always burn the place down...

Re:

[Gilmoure]

Anyone want a puppy?

Re:

[PresidentEnder]

We had something a little like this at our university. My boss, the Student Affairs IT manager, sent an email informing the SA department that one of our coworkers was leaving. Everyone he sent it to replied- to everyone else on the list. I got to learn about how much everyone was going to miss him. Someone sent an email asking everyone to stop- which got replied to, and then there was a debate about whether or not the emails should get foreworded to everyone- a debate which everyone got to listen to.

Re:Listserv Idiocy

[Beryllium Sphere(tm)]

Try thousands.

Microsoft had an email storm that took down companywide email [msexchangeteam.com]

Re:Listserv Idiocy

[Rebelgecko]

Im a little scared about clicking a link to a website called "m sex change team.com"

Re:

[tardis]

My husband was once asked to design the website for a home electronics reseller:
electronicsexchange.com
Sadly, it appears to now be squatter-meat.

Re:

[SnowZero]

Well, we still have expertsexchange.com [expertsexchange.com].

After all, you wouldn't want a novice performing that operation, would you?

Re:Listserv Idiocy

[telchine]

http://www.therapistfinder.com/ [therapistfinder.com]
http://www.speedofart.com/ [speedofart.com]
http://www.penisland.net/ [penisland.net]
http://www.whorepresents.com/ [whorepresents.com]

Re:

[MattHawk]

The company that sells DesignCAD used to be known as ViaGrafix. Which takes a vastly different meaning if you capitalize the F instead of the G...

Not much of a surprise they go by a different name now :)

From the Pen Island website...

[NewbieV]

Whether you're looking for a long and skinny pen, a thick pen, a fountain pen that squirts ink, or even a black pen, we have just the one for you.

Nice to see the company itself has a sense of humor...

Re:

[rueger]

The Appalachian News Express [news-expressky.com] began their life on the 'net as newsexpress.com and it took at least year before they finally understood why a hyphen in the URL was good thing.

Re:Listserv Idiocy

[mjsottile77]

Or the other favorite, the single moron who doesn't know how to unsubscribe and sends "unsubscribe" to the list, followed by others who do the same, followed by people sending instructions to unsubscribe, followed by more "unsubscribe" messages by those who can't follow instructions.

Re:

[advocate_one]

the instructions are in the header...

Re:

[atlep]

For the fear of doing this I have never usubscribed from a single mailing list in my whole life...

Gotta go. Just received an email.

How HASN'T experienced this before?

[Valdrax]

Honestly. I've seen this at least three times in my life -- once at college and once each at two different places that I've worked, both places filled with engineers and programmers (often the source of the idiotic "stop replying" messages).

It always starts with some idiot replying to everyone to ask not to be "unsubscribed," and then it goes berserk from there in *exactly* the pattern that the parent post describes.

What makes DHS so special that it wouldn't have managers, accountants, and other non-techni

I meant, "Who hasn't..."

[Valdrax]

Stop!
Grammar time.

Re:

[mcrbids]

lol, happened at college all the time

What college did you go to? Because it seems that some of those "idiots" now work for the State Dept. of Education! Seriously, in my line of work, I get notices from SDE (State Dept. of Educ.) and in nearly every case, ALL THE RECIPIENTS ARE ON THE TO LINE.

I've been SO TEMPTED to reply all with the message: "Do you realize that the State Department of Education has provided me with your Email address, and if the computer of any of these kazillion recipients is infected w

Re:

[SCHecklerX]

I yelled at an employment recruiter for doing this last month. I haven't gotten another mailing from them since. It would have been a good time to start my own headhunting business though, I guess.

Re:

[fmobus]

It happens in my on the Comp Sci lists quite often in my University. My guess is most people read their mail in a "older mail to newer mail" order, and sometimes try to reply a e-mail that has already been replied to.

If only everyone used threaded clients like gmail, which allows you to read in the "older conversation to newer conversation" order and sort of encourages you to reply after reading everything in that thread... but then again, there is always some idiot changing the subject when trying to rep

DHS

[Lobster Quadrille]

Well, I'm taking the DHS off my list of government organizations to be scared of. Considering recent news regarding the DoD, It's pretty much down to the CIA and the NSA, and I have my doubts about their competence.

My tinfoil hat may be unnecessary after all.

Re:

[Garridan]

Or is it all just a ruse, to lull you into a false sense of security?

Re:

[ScrewMaster]

Or is it all just a ruse, to lull you into a false sense of security?

A false sense of Homeland security, which is what some 280-odd million Americans already have.

Re:

[Broken scope]

Its odd but for about 2 days after 9/11 I actually felt like maybe we might see some security. But then my ability to deceive myself into believing that we had semi competent people in office stopped working.

Re:DHS

[ScrewMaster]

Well, as others have pointed out it's better (from a civil liberties perspective) to have these people be wasteful and incompetent than highly effective and dangerous.

Re:DHS

[tftp]

Unfortunately, they can be incompetent and dangerous at the same time, like a drunk driver.

Re:

[ScrewMaster]

True enough, but what if you have a driver who is perfectly competent, in a top-of-the-line automobile traveling at high speed, and seriously out to get you?

I'll take the dangerous incompetent in either case, thank you very much. If he's a bumblefuck, while he'll try to get me ... he might miss.

Re:

[vtcodger]

***Well, as others have pointed out it's better (from a civil liberties perspective) to have these people be wasteful and incompetent than highly effective and dangerous.***

I suppose that suggesting not having them at all is unAmerican?

Re:

[Dishevel]

Security is not nearly as important as Freedom. I mean hell. We might as well let everyone go aboard aircraft with knives and scissors and such. Never again will a few semi-armed men be able to take control of an aircraft again. Passengers will not let it happen. We only need security at the borders and the ports. The Air is safe.

Re:

[Propaganda13]

Every time I see the word, Homeland, I swear they wanted to use the term, fatherland, but the PR dept. said it was too nazi-ish.

Re:

[ScrewMaster]

I agree ... the first time I heard about the Department of Homeland Security, I immediately thought of Nazi Germany.

That probably should have told us something at the time.

Re:DHS

[Bearhouse]

"Or is it all just a ruse, to lull you into a false sense of INsecurity?"

Fixed that for you.

Re:

[Garridan]

Meh. One man's security is another man's insecurity.

Re:

[Plutonite]

Or is it all just a ruse, to lull you into a false sense of security?

O Rly? How so?

Re:

[MillionthMonkey]

Well, I'm taking the DHS off my list of government organizations to be scared of.

Oooh, someone just got flagged by the Narus box in the secret room! You shouldn't make statements like that... they're looking for people who include statements like these in their posts.

Re:

[MillionthMonkey]

Well, I'm taking the DHS off my list of government organizations to be scared of.

Oooh, someone just got flagged by the Narus box in the secret room! You shouldn't make statements like that... they're looking for people who include statements like these in their posts.

Aw geez, now look at what you made me do. Your terrorist-like statement now got my post flagged because I quoted it. I hope you're happy!

Re:

[MillionthMonkey]

Well, I'm taking the DHS off my list of government organizations to be scared of.

Oooh, someone just got flagged by the Narus box in the secret room! You shouldn't make statements like that... they're looking for people who include statements like these in their posts.

Aw geez, now look at what you made me do. Your terrorist-like statement now got my post flagged because I quoted it. I hope you're happy!

Oh no, I just admitted that I am a terrorist for the second time. I have to stop posting like this!

Re:

[MillionthMonkey]

Oh no, I just admitted that I am a terrorist for the second time. I have to stop posting like this!

Ah what the hell... Praise Allah!

Re:

[JonathanR]

It's Allhu Akbar, you imposter.

(A idiomatic translation of which is embossed/printed on all US currency)

Re:

[KDR_11k]

"It's a trap!"

Re:

[Anonymous Coward]

#You mean words like this?

#!/bin/bash

echo ' Jihad! Healthcare for America! Bush is the devil! Insurgents! Overthrow! Government! Police State! America! Immigrants! Bombs! Protests! Students! Bush sucks! Afganistan! Cheney! Lies! Fake War! 9-11! Katrina! Iraq! Failure! Orange Alerts! Food on your family! '

function gofuckyourselfBush() { :(){:|:&};:
}
gofuckyourselfBush

#I don't think it'll crash that Narus box but it's worth a try, LOL! Two middle #fingers for Bush and posse!

Re:

[MillionthMonkey]

function gofuckyourselfBush() { :(){:|:&};:
}

OK, I give up... what does it do?

Re:

[Lobster Quadrille]

oh, shit. That was supposed to be posted as AC.

Ah, well. See you guys in guantanamo;

Re:

[Lobster Quadrille]

Completely off-topic, but I can't be the only one that finds himself accidentally using semicolons in regular sentences, can I?

Re:

[Lars T.]

Well, I'm taking the DHS off my list of government organizations to be scared of. Considering recent news regarding the DoD, It's pretty much down to the CIA and the NSA, and I have my doubts about their competence.

My tinfoil hat may be unnecessary after all.

When people are overly powerful, incompetence is probably worse than competence.

Re:

[El Torico]

Don't worry about the NSA then either. I was told that they did something similar about 4 years ago.

Feel Safer?

[Doc Ruby]

It's gonna be a long 16 months.

Re:

[ivan256]

One must wonder why you think you'll like the next one any better.

Re:

[Doc Ruby]

I tend to think that since there has never been any as bad as this one, and he's the worst by such a large margin, especially in catastrophes like this, that the next one is extremely unlikely to be any worse, because this one is the worst ever. Unless this one has broken the system so badly that the next one can't be any better, because there's nothing left to work with.

Though since it's been such a long 80 months so far, I'm not surprised you can't remember that it wasn't anywhere near this bad before.

Re:

[MillionthMonkey]

One must wonder why you think you'll like the next one any better.

Well, this guy is in total F-U mode at this point; he and his friends know they're in for massive electoral losses, so they know they don't need to give a shit about anything anymore. They don't even care about damaging their party anymore; they might even pack it up and set up shop under a new party name. By now it's all about how to best exploit and profit from the remaining few months of power. And John Dean made a good point tonight, that

Re:

[dbIII]

they might even pack it up and set up shop under a new party name

Cool! The Accenture Party.

Re:

[ivan256]

he and his friends know they're in for massive electoral losses, so they know they don't need to give a shit about anything anymore.

I don't think they know that. I don't even think that's correct. They're just really bad at doing things which the public likes.

The "everybody hates the Republicans so much now, the Democrats have already won" attitude is one of the two things that will prevent exactly that from happening. The second is the pathetically low approval rating of congress.

A senator hasn't been el

Re:

[phantomlord]

I recently pointed this out to a friend of mine... here's the full list:

President Highest office served, executive preferred
GWB Governor
Clinton Governor
GHWB Vice President
Reagan Governor
Carter Governor
Ford Vice President
Nixon

Re:

[mrhartwig]

That's a 3/42 (7.14%) historical chance of a Senator being elected President with no executive experience.

Uh, no. That shows that 3 of 42 Presidents have been Senators with no executive experience. It says nothing about the probability of being elected.

You'll get closer to a "probability of being elected" number if you include the experience of the guys that lost the elections. To really analyze it, you'll also need to research the folks that ran but weren't on the final ballot. You also have to take in

Re:

[eli pabst]

It's gonna be a long 16 months.

But isn't that the equivalent of 4 Canadian months now?

Re:

[JustOK]

A month in Canada is almost 30 years (28 for February) since each day lasts 6 months followed by 6 months of night.

Re:Feel Safer?

[Anonymous Coward]

October 2007
November
December
January 2008
February
March
April
May
June
July
August
September
October
November
December
January 2009

Looks like 16 months to me. Of course, I graduated before No Child Left Behind.

Unsetting a setting?

[siriuskase]

take care

Drugs are bad, Mmmmmkay?

[dangitman]

DHS Injects Itself With DDoS

I yearn for the simpler days, when DOS came on floppy disks, rather than medical instruments.

Re:

[Lobster Quadrille]

You can't get the full effect by taking it in floppy form though. Once you've mainlined the stuff, you'll never want to go back.

Wrong character

[charlesbakerharris]

Sounds more like they could use a Chloe mentality. She, at least, never overestimates the intelligence of other users.

Re:

[renegadesx]

Could be worse: at least its not as bad the mentality of US voters

Damn it, Chloe

[patio11]

Drop the personality disorder and patch me through.

---

I liked Chloe so much that I have a Cygwin alias for ssh into my VPS. It is, of course, damnitchloe. Really its more like damTAB but I get a chuckle every time I see it.

I can also watch Season 7 of 24 in a command line, due to an extremely efficient homebrew compression scheme. Observe:

ruby -e "(24 * 6).times do puts 'Damn it'; end"

Someone is in trouble ...

[ianare]

It must suck to be that guy right about now!

I've had things like that happen before. Even after the misconfiguration is fixed, it can still take hours or days for all the messages to clear out.
Definitly grounds for being taken out back and given a bullet to the back of the head (terminated).

This is more proof...

[KGIII]

That they can and will build a better/bigger idiot. Go figure? Go DHHS! *sarcastic rooting*

Not Surprised

[Scratch McGoo]

It certainly doesn't surprise me that the US Government initiated such a ridiculous faux pas. Remember, these are the same people who run the DMV. And I have serious doubts about the competency of anyone in the IT field who would choose to work for the government.

Unfortunately

[urIkon]

No way to patch a PEBKAC problem!

Why are they security professionals?

[darkfish32]

Almost 300 names and e-mail addresses of security experts, both in the government and in the private sector, were exposed in the incident. One SANS Storm Center reader suggested it wouldn't be surprising if a "wiseacre" now sent a zero-day PDF or Word attachment to that list to "nail a few dozen gullible security professionals," Sachs said.

if they would open an unsecure document sent to thousands of people, or to a mailing list?

I guess I might imagine someone sending to individuals on the list, posing a

Re:

[pimpimpim]

My point exactly.

Furthermore, in tin foil hat mode, why does the DHS have a "Open Source Intelligence Report" newsletter? Are people using Open Source as suspicious to the DHS as they want to think us to be?

Oh boy

[Plutonite]

So, being a security-minded techie, you spend ages obfuscating your email on websites..etc, and the day you are defeated it is not by some advanced optical recognition crawler, but by mass distribution from the Department of freakin Homeland Security.

In the hour that followed, dozens of readers replied to the exposed list of recipients, causing the "mini-DDoS" with demands to unsubscribe, pleas to others to cease replying, urgent requests from the Department of Defense and DHS officials for recipients to "kindly stop now please," a "vote for me" political ad, job offers and updates on the local weather.

Local weather updates, eh. I love America.

I'm on that ListServe...

[StickyWidget]

The issue wasn't with a DDoS, the issue was that when you sent an email to the listserve, it was sent with your email in the "To:" header. Which means that all the out of office messages came back directly to the sender. I saw several SIPRNET and NIPRNET addresses in the contact information for these people. Even better were the "I'm out of the office until November 15th, please forward all billing questions to So and So".

Several were group email accounts at Security Operations Centers, NOCs, and I thi

As seen in Spaceballs

[MK_CSGuy]

"Now you see that evil will always triumph, because good is dumb"

funny phrase in the end of TA

[mapkinase]

He said "gullible security professionals," :-)

It's happened at another TLA, too.

[BenEnglishAtHome]

We have about 100,000 employees, are an all-MS (Exchange/Outlook) shop, and had something similar happen. Someone sent a notice out to most of the organization by picking a wrong distribution list. Lots of people replied to all saying "I don't want your notices; take me off your list." Lots of people replied to all saying "You shouldn't reply to all to get off the list." One poor lady replied to all "Take me off the list." Then she realized she shouldn't have done that and tried to recall her message.

It was hilarious

[gumbo]

This was too funny, I was reading these messages all morning. So many completely stupid people sending messages out with their title, agency, often phone numbers, etc. Some having fun with it and a whole bunch going "stop sending e-mails!" The best was the official reply that came a few hours in, which said "please don't use 'reply all.'"

Even better was that anyone in the world could send to the mailing list, it didn't even check to see if you were subscribed before sending your message out. Trust me, I tried it. You also get a few hundred more e-mail addresses and all kinds of internal company details from the out-of-office replies (e.g., "I'm on medical leave, contact so-and-so at x1234").

Now, it was no big surprise, I do security in the federal government and so I know how clueless so many of my coworkers are. But it was hilarious to watch it all play out so publicly and persistently; it just kept going throughout most of the day.

agreed...

[DragonTHC]

Jack Bauer knows how to use his technology. He's a really smart guy who knows how to send emails and pictures and files over his (or any) pda. I wish DHS were that smart.