Slashdot Mirror
FBI Accidentally Received Unauthorized E-Mail Access
AmishElvis writes "The New York Times reports that 'glitch' gave the F.B.I. access to the e-mail messages from an entire computer network. A hundred or more accounts may have been accessed, rather than 'the lone e-mail address' that was approved by a secret intelligence court as part of a national security investigation. The episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, as part of a Freedom of Information Act lawsuit the group has brought."
Oh wait too late.
Better cover it up.
Oops, we botched that too.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Can any kind government access be considered unauthorized anymore? There have been so many executive orders, bending of laws, etc. that just about every form of government access to information is authorized by something.
Anybody want my mod points?
black cat!
glitch in the matrix!
man in chair sweats
mysterious metal flower pots dance around
So they "accidentally" gained access to more than what they where supposed to? Aren't we supposed to be able to TRUST them to stick to what they where authorized to access even if they "accidentally" gained greater access? If we can't trust the FBI, who can we trust?
If you want news from today, you have to come back tomorrow.
Seriously. What's the story here? Some sysadmin who apparently didn't know what he was doing put the wrong thing in his e-mail server configuration and inadvertently sent all e-mail for the entire domain instead of e-mail for one address.
Mistakes happen all the time. The appropriate thing to look for is whether the mistake was caught and corrected in a timely fashion. It seems that the mistake was caught and corrected in a timely fashion which basically makes this a story about an everyday occurrence.
This story might make a good one for some sysadmin journal reminding sysadmins to document policies that help ensure mistakes do not happen and if they do are caught by the company itself instead of by the FBI. For example, a simple procedure would be to check the appropriate logs after changing the configuration to make sure the configuration is doing what it was intended to do.
The truth is justice systems everywhere will often employ the corrupt tactics that the criminal mind would expound. The result is a fragmented one, stemming from the inability to deliver justice without the compromise of justice.
The dangers of knowledge trigger emotional distress in human beings.
This ought to be tagged with "!amistake".
</conspiracy-theory>
Tomato wedge sperm darts that are Republican.
Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?
If the ISP screwed up, then it should get sued by the extra people whose mailboxes it turned over without authorization. If the FBI "screwed up", then it's just another example of why these courts cannot be secret if the government is to do its job protecting our rights - including protecting us from the government.
--
make install -not war
Google: "A break-in to end all break-ins"
... The Citizens' Commission to Investigate the FBI, as the group called itself, ..."
"Thirty-five years ago today, a group of anonymous activists broke into the small,
When I read this, I wasn't wondering how that happened, or what the nature of the "glitch" was, or how many accounts were accessed. What I was wondering is WHY THE FUCK DOES THE UNITED STATES HAVE A SECRET COURT OF ANY KIND?!?!. Yeah yeah, to protect the children, save the whales, stop the terrorists, keep you safe, "our intentions are pure and we're really a bunch of big-hearted individuals who care about your well-being" etc... I still don't know what is wrong with the assholes who actually believe this shit.
And hell, I want to believe we have a good, honest government. The fact is, we don't. I don't understand what being in this level of denial is supposed to do to remedy the situation. There is a very good reason why the founding fathers intended for most of our interaction with government to come from the local and state level. The only thing the federal government can do that the state & local governments cannot do is resolve disputes between states, conduct foreign policy, regulate interstate trade, oh and it can slowly become a dictatorship too. Speaking of remedies, I'm betting that nothing will happen either to the FBI as an organization or to the individuals who made this "mistake", that at most they will receive a slap-on-the-wrist.
It is a miracle that curiosity survives formal education. - Einstein
... when you let it continue to happen.
"But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: "It's inevitable that these things will happen. It's not weekly, but it's common."
This falls into the area of cheating in a manner that an excuse can be used to "get away with it". This sort of cheating had been labeled "Neo-cheating" and is a form of dishonesty that is easy to apply and safe from proof.. "Oh it was just an honest mistake." Technology should not be an escape goat for such obvious deceptions.
To give a simple example of a verification loop, when you sign up for a mailing list, messages boards, etc., in order to prevent spamming email accounts etc, there is a feedlack verification loop used. The point is, there are ways to prevent such spying "mistakes" from happening. And there should have already been such methods being applied as standard practice.
The "it's not weekly but its common" is nothing but evidence of intent to cheat and to continue it.
This "allowing deception" is similar electronic voting security failure vs. ATM financial security practices.
Computer technology is not an excuse, but a way for dishonest human intent to hide behind technology excuses.
The FBI hacked into an email service which happened to have the emails of one person they were investigating. Since in this type of attack you would simply hack into a service rather then the one account specifically, it gave access to the network.
Since the code design is reused for every account it's not like they can ever control such a thing. While technically the internet is simply facilitating communication the run away effect of improvement of software should take place. This is happening but security is usually slower to catch up. Expect these stories to fade out as organizations get more and more secure.
We are after all talking about simply a hack job..... it's not always possible to hack a target. Many people forget this, unfortunately.
Something is wrong here...I can't quite put my finger on it...
Wait a minute, that's it!
You're a spy! No self-respecting Slashdotter would willingly still have a Hotmail address! You're one of them!
I don't like Linux. This doesn't make me a troll.
whose e-mail network was it that was revealed? Was it the NYT's network, or simply another one that they are reporting on?
(TFAS is ambiguous, and TFA is behind a login screen.)
Thanks,
- RG>
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
The writer of this article, Eric Lichtblau, won a shared Pulitzer Prize for his work in exposing the illegal warrantless wiretapping program, authorized by the government and championed by the White House after 9/11. In fact, it was in existence even before 9/11, but that's another story entirely.
This program supposedly expired just yesterday when congress let the clock run out on its dependent legislation. The problem here, clearly, is that it doesn't matter if this program is never renewed; overproduction of data under FISA will still happen all the time. That's the entire point of this article. There are no checks and balances. There is no accountability. There is NOTHING. Total secrecy and legal immunity are all but guaranteed for the perpetrators. Period.
"The illegal we can do right now; the unconstitutional will take a little longer." --Henry Kissinger
The truth is that FBI agents are actually very, very busy people. They are often working a bunch of cases at once and they don't have enough time to go on illegal fishing expeditions that wouldn't be admissible in court anyway. It is almost certain that the FBI agents not only didn't read the email they weren't looking for, but actively stopped the problem and got rid of the excess because sifting through a mountain of crap would only hinder their investigation. In either case, the FBI did report the issue to both the court AND their executive oversight (that would be 2 branches of government).
You can wear your tinfoil hat if you want, but it really seems to me that the FBI didn't ask for it, didn't want it, stopped it when they noticed it, and reported the issue to the proper oversight authorities. I'm just not seeing a scandal here.
The
...why do people still send sensitive email unencrypted?
I wonder how long before the government will require some sort of security clearance or background check on telecommunications workers and sysadmins on the basis that setting up these taps and email filters makes them privy to at least some of the details of who is being watched and why. What if any steps is the government taking to insure that the lowly sysadmin does not give the target of the investigation a heads up saying that they are being watched?
"Jesus Bobby Swan! Looks like they gave us too much access!"
"So kay, We need all the Juice we can get on anybody. Grab everything you can."
"Ok. Is that your petty coat or mine?"
If the FBI was under a PATRIOT ACT warrent, then once they are on the box, they are allowed to look all over AND they get to use the data however they see fit. I am guessing that is exactly what happened here, or it will be said that it was. If so, then this should be used as part of the reasoning on how to kill PATRIOT Act.
Your comment is missing the point. I was simply explaining that it's reasonable to have this kind of court be secret because the GP was concerned about the existence of secret courts.
Now, we can have a separate discussion about whether this secret court is working.
Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.
OK, well, note that there is a record, and that we can actually see whether the court is working well based on that record. That's a start.
Now, the FISA court may not be working very well. Why is that? Because of the judges that make it up are quite cozy with the executive, including the president, the military, and police. And why is that? Because that's the kind of judges that get appointed at the federal level by the right-wing law-and-order politicians that Americans elect.
So, the fact that the FISA and similar courts exist in the first place is a good thing: it means that there is at least the potential for oversight and that there is a paper trail. Now, we just need to get judges with backbone in there. That will take a while, but sooner or later it's going to happen. Don't move us backwards by complaining about the institution of the FISA court simply because it happens to be staffed with the wrong people right now.
I did no such thing. I swear. Oh, whew, this must have been glitch #1.
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
This just goes to show that the FBI and other law enforcement agencies will do ANYTHING that they are allowed to do. Give them an inch and they'll take a mile. They will abuse the authority and law enforcement tools given to them until they are finally reigned in. Look how they are using tazers to tame nonviolent drunks. They are basically torturing our own citizens into submitting to 'authority' now. That is unacceptable to me. This is why we shouldn't have a national ID card. This is why the mislabeled 'patriot' act was a bad idea. This is why we shouldn't have a national DNA database. This is why you should not submit to being fingerprinted or having your DNA taken unless they have a warrant. Sure it is only to 'help' their investigation, but the only way it would really help is if they found or planted a match. Cops will search through your trash. They will follow you for days waiting for you to discard a coffee cup so they can get your DNA. Watch Forensic Files or Law and Order. Those shows probably paint a rosy picture compared to the dirty underbelly of real law enforcement.
Sorry, but that WASN'T a separate discussion when you made your original argument for a secret court. Your attempted rationalization for the secret court DEPENDED on what you now claim should be a "separate discussion":
Nice try, nguy
A cheap Linux box running Sendmail and an installation of OpenSSL to let Sendmail be able to run SMTPS.
On top of that use a POP3/IMAP server that can do POP3S/IMAPS and you can access your mail without the risk of an accidental peek.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
What a total nonsense. The government and local spy organizations in every little town have full access to EVERYONE'S e-mail and web browsing at ALL times, in REAL TIME. The mainstream media puts out silly articles like this to make people believe there is still some kind of privacy today. Don't believe a word of it. This is not conspiracy theory, this is HOW IT IS today.