Slashdot Mirror
FBI E-Mail Server Breached
voma writes "The FBI said Friday it has shut down an e-mail system that it uses to communicate with the public because of a possible security breach. The bureau is investigating whether someone hacked into the www.fbi.gov e-mail system, which is run by a private company, officials said. 'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem."
From: rmueller@fbi.gov
To: anonymouscoward@slashdot.org
Subject: The FBI can help you!
CONFIDENTIAL INFORMATION YOU WANT TO KNOW.
This is the agency they want banned from the INTERNET!
"The Federal Bureau of Investigations" shows you how to get the facts on anyone using our files.
LOCATE MISSING PERSONS, find lost relatives, obtain addresses and phone numbers of old school friends, even skip trace dead beat spouses. This is not a Private Investigator, but a GOVERNMENT agency DESIGNED to automatically CRACK YOUR CASE with links to thousands of our secret files.
Find out SECRETS about your relatives, friends, enemies, and everyone else! -- even your spouse! With the New - "FBI"
You will be AMAZED at what you can discover:
LICENSE PLATE NUMBER - Get anyone's name and address with just a license plate number! (Find that girl you met in traffic!)
DRIVING RECORD - Get anyone's driving record!
SOCIAL SECURITY NUMBER - Trace anyone by social security number!
ADDRESS - Get anyone's address with just a name!
UNLISTED PHONE NUMBERS - Get anyone's phone number with just a name- even unlisted numbers!
LOCATE - Long lost friends, relatives, a past lover who broke your heart!
E-MAIL - Send anyone anonymous e-mail that's completely untraceable!
DIRTY SECRETS - Discover dirty secrets your in-laws don't want you to know!
INVESTIGATE ANYONE - Use the sources that private investigators use (all on the Internet) secretly!
EX-SPOUSE - Learn how to get information on an ex-spouse that will help you win in court! (Dig up old skeletons)
CRIMINAL SEARCH - BACKGROUND CHECK - Find out about your daughter's boyfriend! (or her husband)
FIND OUT - If you are being investigated!
NEIGHBORS - Learn all about your mysterious neighbors! Find out what they have to hide!
PEOPLE YOU WORK WITH - Be astonished by what you'll learn about the people you work with!
EDUCATION VERIFICATION - Did he really graduate college? Find out!
"The FBI" will help you discover ANYTHING about anyone, with clickable hyperlinks and no typing in Internet addresses! Just download the software and go! You will be shocked and amazed by the secrets that can be discovered about absolutely everyone! Find out the secrets they don't want you to know! About others, about yourself!
LIMITED TIME OFFER -- ORDER TODAY! ONLY $20 (US)
You can access the "FBI" NOW so you can begin discovering all the secrets you ever wanted to know! You can know EVERYTHING about ANYONE with "The FBI".
- Works with all Internet Explorer browsers and all versions of AOL
- Windows Versions available Only!
DON'T WAIT TO GET STARTED? It's as easy as 1, 2, 3. ORDER TODAY - While this agency is still legal!
Neal, when you post an article like this the only thing anyone cares about is what OS (and especially if it was microsoft) got ownz0red. Please try to put this information in the summary. Thank you.
How was this said in an e-mail if their e-mail server was down?
Are thay use WWW to send/receive e-mails like HotMail (WebDEV) or SMTP like every one else
they explain that in the other email.
the post says The FBI said Friday it has shut down an e-mail system that it uses to communicate with the public because of a possible security breach. .... Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem."
I mean WHICH FBI email server was he using to send the message? How do we know its really Agent Steve and not somebody named 133thaxxor?
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
How can we verify it was REALLY from them if it didn't come from their usual IP Address!?
:)
Maybe *this* is the hack!
From netcraft: Linux Sun-ONE-Web-Server/6.1
"Slashdot said Friday it has shut down an e-mail system that it uses to communicate with the public because of a possible security breach. The bureau is investigating whether someone hacked into the www.slashdot.org e-mail system, which is run by a private company, officials said. 'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent CoyboyNeal, Slashdot's media coordinator in Atlanta, said in an e-mail describing the problem."
'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem.
Is that the same Special Agent Steve Lazarus who works in the marketing department at Yahoo and who is known for his CIA, FBI and NSA trolls?
In a followup e-mail describing the problem, Special Agent Laz Steverus said "No sensitive information was compromised, but today is a good time to remind citizens that the FBI is in posession of approximately 22,000,000,000 (TWENTY TWO BILLION DOLLARS) in uncollected judicial judgements from spammers, a portion of which we're trying to return to you folks. Just visit our web site, and read our press release, and it will instruct you in how to help us get this money back to you..."
Man, what I wouldn't give to be "Special Agent Lazarus." Everything you do sounds cool -- I mean, it might be an utterly boring document about e-mail usage, but you still get to call it "the Lazarus Report."
HERE
I'm sorry, but when I hear a media spokesperson hiccup like that, my bullshit detector sends up an immediate flag. What was this email server really used for???
"Yes, I have a Disaster Recovery Plan. It's called my Resume"
The FBI reportedly surrounded the building (after leaving it) and broke down the front door, only after realizing they had the keys. They confiscated the computers and surrounding evidence for further investigation. "It must be an insider doing the hacking, these systems were secure." said agent r0\/ l337zki.
... the FBI, for a short time, became mysteriously more productive within the span of 12 hours. Some say that their coffee was spiked with a new secret uber-caffeine, while others say a lack of spam in their e-mail boxes allowed them to work more freely.
Not only that, but personnel over at the Central Intelligence Agency as well as the National Security Agency have also become more friendlier. One employee was noted saying, "Thank God! I was so fucking tired of those guys sending me pics of Goatse!"
The bureau is in the process of switching its e-mail accounts, officials said.
BETTER GET GMAIL!!!
The key phrases are run by a private company and We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases.
I'm sure, like the NSA, that the FBI has (at least) two networks. One that is internal only for confidential/sensitive communication/files, and one for outside communication such as this one. At the NSA, they are completely seperate, with no ability to copy/move files from one to the other.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
How was I supposed to know?
I'm sitting here in the training cubicle. The guy in the cube next to me decides to check his voicemail... ON SPEAKERPHONE. After he dials in his password (for the entire office to hear) I call softly over the cube wall,"I now have your password."
A tense silence followed, and I could tell that the general perception was "Yeah right--you're just the new guy."
So I brought up my handy DTMF generator and started replaying his password over and over (at a low volume, but just loud enough so that people in adjacent cubes could hear).
How was I supposed to know that he had the Admin password for the e-mail server stored in his voicemail?
At the same time... What sort of dumbass checks their voice mail on speakerphone in public office space?
fast as fast can be. you'll never catch me.
Director Mueller wants his email (gunslinger_cute@fbi.gov) back with a vengeance.
I have worked with FBI agents on a few things, and I can't imagine this email server didn't have sensitive info flow through it.
I'm sure it's FBI policy to avoid it, but it's like a bank...how many people do you think send account numbers, SSN's, etc. to a bank via email? Do you think most people are going to see "fbi.gov" and not think it's safe to email them?
Regardless of what they say, IF this server was compromised, I bet the attacker saw all sorts of interesting things. It's not their fault, but it's probably more serious than they are letting on.
Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem.
Is this some sort of intelligence test? You get an email press release from someone saying the email account they use for press releases isn't reliable?
Recursive: Adj. See Recursive.
'We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases,' Special Agent ... Lazarus said ...
We'll be seeing the first article any time now about classified material having been sent over this server. Some one start a pool.
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
Does that mean we need to change our passwords again?
Burn the land and boil the sea, you can't take the sky from me
With all of the technical know-how of people here on slashdot ... Has Slashdot ever been breached?
According to the BetaNews Article Officials said the actual risk of a system compromise was fairly low. So the question is, what did the sysadmin see that prompted him to shut the system down?
One good turn - gets all the covers.
Lazarus? Really? Special Agent Jesus? By definition he should be able to resurrect the server and dole out retribution.
I like to see stuff on slashdot I didn't read on cnn 4 hours ago...
Well then, I guess Netcraft confirms it: Linux-Sun-ONE-Web-Server/6.1 is dying.
How could someone actually read someone else's email without their permission? Next these crackers will be listening to other people's phone calls. Then what, a knock on the door in the middle of the night?
OMFG!!!! The FBI can't tell the difference between the web www.fbi.gov and e-mail user@fbi.gov! Not only that, but they use their e-mail system to "view internet sites"???!!! WTF!!!? That's like a friend of mine asking me about a web address that looks like: http://user@fbi.gov! And the final nail in the coffin is that Special Agent Steve Lazarus sent an e-mail describing the problem to "communicate with you folks". Any guess that they are still using the same web/e-mail system to send out the press release? Wahoo it's so fun to participate in the idiotry of Slashdot!!! ;P
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Isn't that a good password?
I use it on my luggage too.
Fight Spammers!
Out of curiosity, does the FBI have any "normal" agents? Cause if they're all "special" agents, are they really that special?
[o]_O
has that joke ever been more ontopic? mod parent up!
:-D
"A witty saying proves nothing." ~Voltaire
"d'Oh!" ~Homer
Sending out press releases designed to provoke your suspect is a tried and tested method in law enforcement. What if they had a mission-critical email server that had been hacked but had to stay online no matter what? (Think of secure intelligence channels.) This press release could be to try and prevent him from coming back...
;)
It would also explain how they were able to send the email
One good turn - gets all the covers.
I guess I shouldn't hit below the belt like that but I'm still pissed off about millions of my dollars (And they were all MY dollars thptt!) being wasted on Virtual Case File. I bet some corrupt individuals got really, really rich off that project, too...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This can't be!! Linux is secure!! Microsoft is teh suck!
I love the irony of the FBI sending an E-mail press release explaining how they use E-mails for press releases.
Surprisingly the site runs linux.
Originally I started thinking of this post as a joke, THEN I started thinking... what if the FBI really DID have a server with a collection of confiscated mp3's being held as "evidence" for "review" by agents at their convenience? And what if RIAA really did have such as hack-bot programmed and authorized to shutdown P2P systems?
Food for thought.
Why, oh why, didn't I take the Blue Pill?
It's even more surprising to see the number of people who think a bank's domain "kind of looks like their own bank" and go ahead to register for online banking (giving SSN's, addresses, and account numbers) to the wrong bank - often in the wrong country.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
Did anyone else notice that the RIAA spokesman's name is "Lamy"?
Actually, I was trying to be Insightful, not Funny.
Frankly, I think we've all been duped by this false news post.
Posted to the wrong story....
Actually, I was trying to be Insightful, not Funny.
An "E-mail system used to communicate with the public" sounds like an Internet facing SMTP gateway. I can't be sure, obviously, but that's the most likely type of a system that got "breached". The really juicy stuff, the e-mail servers that host the mailboxes, would be on the internal network, and much better protected against hacks.
If an SMTP gateway was supposedly "breached", what could that entail? Somebody was able to relay through the server? Wooo, big deal! There are like a bazillion open relays out there. Or someone installed a trojan that allowed them to intercept the SMTP traffic? Again, it is not a big deal. The e-mail messages were sent to the public, and SMTP traffic being sent to the outside mail servers isn't encrypted or secure in any way anyhow. It can be intercepted, and e-mail can be read, at any upstream router.
This has been blown out of proportions, IMO.
One way you can tell it isn't within the FBI is that they aren't saying, "Yeah, George "DarkRathe" Smith hacked into our mail server." A buddy of mine did this years ago. I believe it was either a government web server or they had a list of modem numbers they were hacking. They got in. Played around for about an hour before the knock came at the door. The guys at the door were not amused.
"We use these accounts to communicate with you folks, view internet sites, and conduct other non-sensitive bureau business such as sending out press releases," Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem.
He went on to say, "This b0x p0wn3d by daHax0r2000"
SPAM
The person who hacked the mail server was also the one who notified Slashdot about the mail server getting shut down.
No one will get his address, because Windows is so secure.
http://www.robotwisdom.com
or this site.
http://english.aljazeera.net
Peace.
starting today. Today the FBI's mail server gets Pwn3d. Hmmmm. Nah, those two things couldn't possibly be related...
With a name like that he should have his own TV show and action figure!
They could even merchandise a breakfast cereal. Kids could help him by buying cereal to defeat the Evil Doctor Haxxor and his army of netbots
Curiosity was framed. Ignorance killed the cat.
n/t
but rather more encouraging: A police employee who used the police computer to check progress of an investigation into his drug dealing has been jailed for three years
A special agent is a federal investigative employee who has powers of arrest and is usually armed. This is "special" when compared to the powers of an ordinary federal employee, not to other agents within the FBI.
"Special Agent Steve Lazarus, the FBI's media coordinator in Atlanta, said in an e-mail describing the problem."
Does anyone else find that amusing?
-Jay
Gmail, of course!
...runs Linux. That does not necessarily mean that the EMAIL server in question is the same machine or was running Linux either.
I'm sure it's FBI policy to avoid it, but it's like a bank...how many people do you think send account numbers, SSN's, etc. to a bank via email?
And what makes you think we don't monitor for that type of thing? Heaven help the fool who sends sensitive customer information unencrypted out of here. Re-education with a large wooden mallet usually ensues.
The truth about Scientology, Xenu, and you: Operation Clambake
Obviously this is just some rabid Smallville fan trying to get a leg up on the competition for the Get Lex Sweepstakes where you gain access to Lex Luthors email account. By hacking the account, he figured he'd be able to change the password and lock everyone out of the WB competition. Of course, he figured Lex might not have an email account at the FBI, but he figured it was as good as any a place to start... well... turns out Lex didn't. Lex does however have a lexluthor@verizon.com address. So the perp sends his apologies to the FBI for any undue alarm caused.
... Uhhhmmm .... I of course have no idea as to who this person is or his whereabouts.
And
Just do a quick, harmless little port scan on their mail server when it comes back up.
Remember:
25 -> SMTP
80 -> HTTP
443 -> HTTPS (More likely than plain HTTP; they are the FBI, after all)
Thank you for your support.
Dear reader, you have now opted in to a new and exciting program in government monitoring. You are now a member of our cyber-terrorists group. Active participation earns you amazing awards such as escorts, email, telephone, and web surfing archives, and are brought to you by the freedom isn't free crowd out of that great state of Texas!
I don't know whether they're talking about their webserver or their email server, but they're joking themselves if they think correspondence directed to asmith@fbi.gov (first initial, last name) is unclassified.
I did cash-only, non-1099'd, no-real-name-on-file work gathering data for the FBI in 2002. The vast majority of the communication I had with my contact was through said "unclassified" channels, including various reports I wrote up, and scheduling of meeting times and locations. The physical meetings were when we exchanged most of the physical stuff (cash and documents), but if somebody really gave a rat's ass about what I, and I'm sure a lot of others did, their "unclassified" system would be a nice jumping off point.
I doubt I'll be working for them again any time soon.
Why are you kids laboring under the delusion that the web server OS - as reported by Netcraft - has any bearing on what the mail server OS might have been?
They uh...needn't be the same machine.
You folks? Gee, thanks alot, we don't trust you much either.
Slashdot: Playing Favorites Since 1997
...no matter what, the evidence you buried just keeps coming back
*ducks*
Get your Unix fortune now!
A special agent is a federal investigative employee who has powers of arrest and is usually armed. This is "special" when compared to the powers of an ordinary federal employee, not to other agents within the FBI.
Only the powers of arrest part is "special". A mind-boggling range of government employees have federal permission to carry guns. (And this permission, like post-office driving rules, overrides state laws.)
This was apparently first noticed when an airport security employee leaked the list of agencies whose members could carry thorugh airports. In 1997, according to a GAO study (the source for info in this libertarian party press release) the nubmer of agencies was 45 and the number of gun-toters approaching 60,000 and had grown by over 2,400 in the previous year. I've heard nothing to indicate that the number has not continued to climb since then.
Some non-law-enforcement worker categories:
Poultry inspectors.
Disaster aid workers.
IRS auditors.
Some agencies with "special agents":
Small Business Administration
NASA
Department of Education
U.S. Fish & Wildlife Service
Department of Veterans Affairs
The Energy Department has access to machine guns and other agencies can summon tanks and military helicopters.
According to the Western Journalism Center these agencies have SWAT teams:
The National Park Service
the Department of Health & Human Services
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Yeah, what flinxmeister said.
I once posted something here on Slashdot that got me an interview with an FBI Special Agent (I wasn't in trouble--more like: I was a good candidate for a supporting witness). So, out of the blue, I get this email claiming to be from an FBI agent.
What's the first thing you do when that happens? View the raw source and look at the headers. Start back-tracking the return path and see if it isn't obviously bogus. Eventually, I had to go through this weird game of telephone tag before I could feel confident I wasn't being gamed by someone pretending to be the freaking FBI.
Would somebody please tell me who is to blame for the fact that the FBI has outsourced its Internet presence to somebody basically indistinguishable from an Al Qaeda front on the first glance at the mail headers? How freaking difficult is it for FBI email to come from a return path terminating in an actual fbi.gov domain MTA? Jeebus!
jhw
And what makes you think we don't monitor for that type of thing? Heaven help the fool who sends sensitive customer information unencrypted out of here. Re-education with a large wooden mallet usually ensues.
Heh heh...I banking industry fanboy? Well, there's always a first. (j/k)
Of course...I'm talking about sensitive information into a bank...by customers. I have yet to encounter a bank or credit union who will close an account (or apply a large wooden mallet treatment) because the member/customer sends too much information via email.
What I'm talking about is people who sent things TO the FBI. Anonymous tips, etc. I'm sure there are people who are interested in the information, and if joe random had a servers eye view of all of it for any length of time....well let's just say that email is probably always more fun to read than it should be...almost definitely more sensitive than they are letting on.
OK. Let me get this straight. You have one of the country's most secretive organizations, one that deals with vast quantities of highly secretive data, and they hired an outside company to manage their public email? Um, duh!! Surely they could have hired one or two geeks to do this for them instead?
Damien
They used to use carnivore to read our mail. Maybe they just thought it would be nice to take turns and let us read their mail for a while.
I report all phishing attempts my mailbox recieves to the FBI. I usually go to the trouble of looking up the network provider, server latitude & longitude, the DNS server, and the domain information. Haven't seen one in months.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
You are this close, |--|, to insulting Special Agents Fox Mulder and Dana Scully. And they won't be happy about that.
someone should mirror www.fbi.gov
:)
The more they add fucking electronics and computers and software the more our elections will be rigged, the "confidential informants" compromised, god know what else with their huge ass databases full of OUR INFO!
The Shit were seeing is a fucking catastrophic disaster.
WAKE UP AMERICA!
Thank you for your support.
Dear reader, you have now opted in to a new and exciting program in government monitoring. You are now a member of our cyber-terrorists group. Active participation earns you amazing awards such as escorts, email, telephone, and web surfing archives, and are brought to you by the freedom isn't free crowd out of that great state of Texas!
if the electronic vote is allowed to exist then everything, and I mean EVERYTHING is 0w3nd.
WAKE UP AMERICA!
Maybe Fox "Spooky" Mulder isn't happy that X-Files has been canceled 2.5 years ago, and he is out of the job.