Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Congress gets Spammed by Self

Posted by Hemos on from the a-taste-of-the-real-world dept.

Doug Muth writes "There is an article on MSNBC's website that talks about a recent bout of spam that seriously bogged down some of the mailservers delaying message delivery for some users by "several hours". Maybe now that they got hit in the face with a spamming incident Congress will finally try to write some decent anti-spam legislation. " Heh - an aide to Rep. Alcee hastings (D-FL) sent out an e-mail to hundreds, potentially thousands of people on an internal mailing list - no BCC or majordomo, so when people hit "Reply All"...well. You can imagine the fun that ensued. The great part is that the letter was apparently recommending a weight loss pill.

21 of 115 comments (clear)

  1. Re:It's all about education by A+Big+Gnu+Thrush · · Score: 2

    This is a great idea. Let's install the most byzantine operating system imaginable. Congress and tHoR will grind to a halt. Libertarianism through bad software! Bad UI coders of the world unite!

  2. Read the legislation by Fastolfe · · Score: 2

    The "Can Spam Act" merely allows ISP's to enforce their "no spam" policies by making it illegal for a spammer to spam to/via an ISP that expressly forbids UCE.

    They're not regulating at all, they're just giving ISP's the express ability to sue.

    1. Re:Read the legislation by Fastolfe · · Score: 2

      Unfortunately the current laws make it much more difficult for an ISP to "prove" conclusively that damage and tresspass actually occurred. ISP's have been successful in the past, but only in small numbers and with relatively large legal budgets.

      This law makes spamming instantly and immediately recognized as illegal and all the ISP has to do is prove that spamming occurred.

  3. We're not doing our job by jflynn · · Score: 2

    It occurs to me that if a congresscritter can notice a mere 20 e-mails extra in their inbox, we citizens must not be doing our job!

    Congress should be getting thousands of emails each day, making 20 more unnoticeable. Clearly, they don't read their e-mail from us, or we aren't mailing them often enough!

    Or maybe they only read "important" mail - those whose subject and body are all caps? :)

    1. Re:We're not doing our job by tweek · · Score: 2

      Actually I think grammar says to use his as the possesive unless you explicitly define the subject as feminine.

      --
      "Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
  4. Re:And they were running...? by PenguinRadio · · Score: 2

    The majority of Hill offices run Microsoft Outlook (I worked there for quite awhile). In the TO: field, you can select from almost all House offices, leadership, and committee staff.

    Personally, I don't buy it. You have to go out of your way to e-mail the entire House e-mail list. While there are only 440 members (5 delegates) there are thousands of staffers. It's not like there is one button that says "everyone" that you hit by accident (if that was the case, this wouldn't have been the first time).

    By default, you are set to your own office, but many users change that to a personal e-mail listing). I think the "mistake" was a cover up for a real spam.

    Anyway, the House system has a pretty good firewall against the outside, but once you are on the inside, it is, well, "possible" to get into a bunch of systems around the Hill. The encryption isn't that tough and with a dictionary, you can do wonders.

    The passwords on a lot of Hill offices are a joke. At one time, I had nearly 300 user ID's w/ passwords onto the old HIS system (they shut it down due to Y2K). With a staff turnover of something like 40% a year (yes, it's that high) system security often falls by the wayside. Amazing how many Intern accounts have passwords of "Intern" "Intern2" "Monica" etc.

  5. Somehow I doubt this will make a big difference by Lord+of+the+Files · · Score: 2

    First of all most of these people have already been the victims of spam at some point. Second of all I doubt many of them want the guy who sent the original message (who didn't seem to be aware that it was inappropriate) to be punished that severely. It was a only minor annoyance.

    More than anything it demonstrates how careful you need to be in setting up large listservs, and things of the sort.
    A moderated listserv would do far more to solve their problem than an anti-spam bill.

    --

    God does not play dice - Einstein

    Not only does God play dice, he sometimes throws them where they

  6. Links, more info... by The+Musician · · Score: 2

    Here's the actual article from RollCall (congressional newsletter).

    Text of the actual mail:"IF YOU'RE LOOKING TO LOSE WEIGHT PERMANENTLY AND YOU DON'T HAVE TIME TO SEEE AN EXPERT HERE'S THE PERFECT OPPORTUNITY. MY FRIEND LOSS 40 LBS. READ THIS! [sic]"

    Yeah, uh, real important stuff...

    --

  7. Funny? Try Scary by Alex+Pennace · · Score: 4

    This incident is a laser pointer at the crux of the problem: our old guard politicians just aren't capable of handling today's technological world.

    We need to get some geeks elected soon, or at the very least get the 18-24 demographic group into the polls.

    1. Re:Funny? Try Scary by Roundeye · · Score: 3
      Um... no.

      They make it a crime to send unsolicited commercial e-mail to a recipient whose ISP has a posted policy forbidding it. Tying in the source ISP might be part of the issue, but this is hard to pass the courts (free speech, prior restraint, all that sorta stuff tends to get in the way). At most forcing the source ISP to submit usage/registration records under force of court order is probably sufficient. Of course for obliging ISPs "conspiracy to commit a felony" (if the crime is a felony) is likely sufficient to keep ISPs from "knowingly" harboring spammers.

      As far as tracing spam, yes, Virginia, much of the unsolicited email out there is essentially forged. However, most forgeries are poor, and few forgeries are truly hard to trace. In addition, open SMTP relays are becoming harder and harder to find. In addition to any legislation that exists, resources like the RealTime BlackHole List make it harder and harder for the spammer to even send or relay spam.

      Of course this discussion is completely independent of whether I believe illegalizing spam is a good idea. I personally think the government shouldn't have its nose in the issue, and it reeks of censorship. Given a little more time users will be more savvy, tools like the BlackHole List will be more prevalent, and spam-ridden ISPs (like AOL) will be forced to filter more actively or lose a noticeable number of customers to places (like Mindspring/Earthlink) which do more filtering. I have had a Perl source and content-based spam filter in place for over two years now and have filtered over 700 spam mails automatically (about 10 false-positives...). Between that and the judicious use of spam-drops (like the hotmail address listed above) my life is generally spam-free.

      --
      "Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
  8. Quotes from Congress... by The+Musician · · Score: 4

    Here's some amusing quotes from the article in RollCall.

    • I have 20 e-mails. It totally filled up my in-box.
    • It's annoying. I've gotten so many of them and they're so large, it's made my system unstable today. It's crashed twice today.
    • "Thanks, I need to lose 40 lbs.," the employee wrote in a reply -- to the whole House.

    Wanna bet they're using Micro$oft?

    --

    1. Re:Quotes from Congress... by aqua · · Score: 2
      Wanna bet they're using Micro$oft?

      You betcha. The US taxpayers shelled out an inordinate amount of money a while back to upgrade them to MS Exchange 5, I think it is (from one version down), because flaws in the old version were killing the system.

      Not to say automatically that a UNIX box could have handled it better (the implication is sufficient), but it does point out some things, most of which have already been elucidated here, and which will likely be further so once the Exchange/sendmail/qmail/exim/cheeseburger brigates start having at it.

      Unfortunately, I suspect that the PR mess may be handled as a "regrettable abuse of government computing resources" and overlook completely that it's happening to the whole network. :)

      Most Congressbots have aides whose jobs include summarizing the opinions in their email, as with postal and telephone contacts -- those that don't throw the email away automatically, anyway. Presumably they can't filter their mail, lest some hapless Citizen's Heartfelt Feedback be lost, so I wonder how the summaries go. "450 letters in favor of the new social security reform bill," "275 urging cutting defense spending for this year's budget, 16 notes praising your passage of Yoghurt Appreciation Week, and 520 offers for free porn site passwords, email lists and html programming classes."

  9. Cunning trick to gather anti-spam support? by gargle · · Score: 2

    Maviglio said that the anti-spam bill, known as the Can Spam Act , had picked up a half-dozen additional sponsors in a 48-hour time span.

    hmm..It might be possible that the aide deliberately sent out the spam to gain support for the anti-spam bill.

  10. It's all about education by Dan+B. · · Score: 2

    The whole problem here seems to be one or two (thousand) misinformed individuals using their email the only way they've ever done before.

    I'd like to see some people read this in to the whole story:

    "It's all Microsoft's fault. They try to make it so easy for total newbies to use a PC and Windoze that that at least one of the uneducated fools is bound to f*ck up from time to time, and every now and then, in a very big way".

    Because basically that's how I see it. That MS guy said "I wan't my mother to be able to use it" when reviewing the W95 OS. Quite frankly I wouldn't trust my mother on my PC. Why? because there is too much that can go wrong when left in uneducated hands.

    Same goes here. A little bit of education can prevent a whole lot of trouble.

    --
    Dan. -- So what if it's spelt wrong, nobody's perfect
  11. Time to amend the Constitution! by fable2112 · · Score: 3
    U.S. Representatives must be at least 25, Senators must be at least 30, and the President and VP must be at least 35. Kind of sucks for the 18-24 crowd, though I don't think there are quite so many age restrictions at the level of local politics.


    Come to think of it, people's brains need to get amended a bit, too. Those may be the age limits, but how many under-30 Representatives are there? I'd say probably not very many. The youngest president we've ever had was IIRC 41, and he wasn't elected -- he was a VP who succeeded a Prez who got shot (T.R., who became President after McKinley's death.)


    Even when Clinton/Gore ran for the first time, "are they too young?" was a big campaign issue even though they were in their mid-40s. Sheesh. For all the "Don't Trust Anyone Over 30" buttons, it seems like in practice "Don't Trust Anyone Under 50" is the way politics are REALLY played.

    --
    "Somebody exploded a letter-bomb today ... but it wasn't anybody I knew" -The Moody Blues, "Dear Diar
  12. No Hipocrisy by schon · · Score: 3

    You're missing something...

    Unrestricted internet communication IS NOT THE SAME AS HARRASSMENT.

    SPAM == HARRASSMENT.

    Harrassment is illegal - freedom of speech does not give you the right to scream into your neighbor's windows at 4:AM with a megaphone.

    The people who are crying for anti-spam legistlation are only trying to clearly define what spam is, so that existing legal principles can be applied.

    But what I'm getting at in the end is that anyone who can say that they want to legislate SPAM while simultaneously stating that there should be no internet censorship of any kind is simply a fool.

    So... by this logic, anyone who says "there should be no internet censorship", and also says "kiddie porn should be illegal" is also a hypocrite? Not likely. One has absolutely nothing to do with the other.

  13. Re:On /., Microsoft is to blame for everything by Fastolfe · · Score: 2

    Agreed.

    This problem could/would easily have happened regardless of the chosen platform of the recipients. This has nothing at all to do with evil Microsoft and everything to do with a lack of training.

    Perhaps when you click on the "Reply To All" button and there's more than a handfull of recipients the mail client should pop up a suitable warning?

  14. Re:Stupid origins by Fastolfe · · Score: 2

    And these are elected leaders.

    No, they're the fresh-faced aids.

    but also TO HERSELF AT HER OWN ISP MAILBOX. This normally bright person had sent and resent numerous times, AND NEVER ONCE BOTHERED TO LOOK AT WHAT SHE WAS DOING.

    In many e-mail clients there's a setting to automatically add your own e-mail address to the list of recipients on all outgoing messages. It sounds like this is enabled in her e-mail client. She likely made no conscious effort to send this to herself (in all likelyhood the To: line in her client didn't even have her own address in it) and it's understandable that she was confused.

    I do agree that if she had been better trained in the e-mail software, this probably would have been averted, but I don't think this was due as much to incompetance as you think. I know lots of educated people that would be just as confused if this setting were enabled and would also make the assumption that they were receiving e-mail via the recipient address they were using. *shrug*.

  15. SO EDUCATE THEM by Fastolfe · · Score: 2

    These are people YOU elected into office. It is your RESPONSIBILITY to see to it that they are educated with respects to matters that affect you, the constituent.

    Write a letter. Make the world better.

  16. Let me see if I understand this correctly... by jd · · Score: 2
    The contract all Federal employees and contractors sign explicitly states that the computers and networks be used STRICTLY for Federal business, and that misuse of Government computers is a Federal offence.

    This statement is repeated on all login screens on all Government computers.

    If a contract programmer reads Freshmeat, without proper authorization, they are liable to be sacked at best, and face the threat of court action from the DOJ for gross misuse of Government-furnished Equiptment.

    If a Government employee violates privacy, misuses a list of e-mail addresses, sends spam that's illegal in several States, recklessly puts Congress' e-mail system in jeapordy, advocates a product that may be a severe health risk, violates European privacy law (which may adversely impact relations between the US and the EU), has triggered a scandal in the media which could damage the image of the US Government (if that's still possible), they get a minor telling-off.

    You'd never guess I'm a bit pissed-off over this.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  17. Only 40 addys listed in the header? by Evil+Poot+Cat · · Score: 2

    I wonder if it's displayed in a "collapsible" list, or is just being truncated, for display purposes....but it also means that the original spammer probably put them in the to: or cc: instead of bcc:.

    I'm glad that some folks are putting their poli-sci degrees to good use.

    _______________________