[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Now *this* is funny...

--- begin forwarded text

Delivered-To: [email protected]
X-Sender: [email protected]
Date: Sat, 17 Oct 1998 11:06:07 -0500
To: [email protected]
From: [email protected]
Subject: IP: Fake Message Sends AOL E-Mail Astray
Mime-Version: 1.0
Sender: [email protected]
Precedence: list
Reply-To: [email protected]

Source:  Washington Post

Fake Message Sends AOL E-Mail Astray

By Leslie Walker
Washington Post Staff Writer
Friday, October 16, 1998

A fake e-mail sent to the keeper of the Internet's global address book
yesterday erased America Online Inc.'s spot on the global computer
network, causing thousands of incoming e-mails to go to the wrong place
and preventing many people from visiting AOL's World Wide Web site.

AOL officials said all the misdirected e-mail should show up eventually in
the correct mailboxes. But the incident highlighted a security issue
involving how the central addresses known as domains are administered
on the Internet.

The incident began before 5 a.m. when someone impersonating an AOL
official sent e-mail to InterNIC, the Herndon organization that maintains
the domain name registry for the Internet, InterNIC spokesman
Christopher Clough said. The message requested the electronic address of
AOL's domain be changed.

Because AOL had chosen the lowest of three security levels possible for
making such a change, it was made automatically, with no review by any
person at Network Solutions Inc., the company that runs InterNIC,
Clough said.

The new address assigned was that of Autonet.net, an Internet service
provider. Mail meant for AOL automatically was diverted to Autonet,
overwhelming computers at the service.

In AOL's network monitoring center in Dulles, people monitoring traffic
volumes noticed a drop in the volume of e-mail coming in from the
Internet. They began investigating and found the change, AOL
spokeswoman Ann Brackbill said.

AOL rented a computer to lend to Autonet.net yesterday to reroute the
e-mail back to AOL while company officials simultaneously working with
InterNIC to correct AOL's address, Brackbill said.

AOL's actual Internet domain - AOL.com - was not changed, but the
directions the Internet uses in sending Web surfers there were changed
because of the fraudulent e-mail, so they couldn't get to the site. Instead,
error messages appeared on their screens.

"It's like if the phone book published the wrong address for AAA, and
you went there to get a map," Brackbill said. "You wouldn't be able to get

Clough said the e-mail came as a form message that was accepted
automatically because it appeared to come from the correct person and
address at AOL.com that was authorized to change AOL's InterNIC
records. Computer buffs call an incident of this kind "a spoof" - an
impersonation of someone by e-mail.

By 4:30 p.m., AOL's address had been corrected in the main Internet
address book, but it often takes hours for changes to travel throughout the
global network, Clough said.

AOL officials estimated that 12 percent to 15 percent of its e-mail was
affected Only about half of AOL's e-mail traffic comes from the Internet;
the other half is internal. In addition, 10 percent to 20 percent of the
people trying to access its Web site received error messages.

AOL officials asked InterNIC yesterday to change the security level for its
domain name records. The two higher levels available - and apparently
used by most commercial Internet operations - involve either a password
or encryption in the request for a change to the address.

Brackbill couldn't explain why AOL chose the lowest security level,
except to note that the record was created "a long time ago."

"We've never had a problem before with this and our goal is to make sure
we don't have it again," she said. AOL is cooperating with law
enforcement officials to identify the culprit.

  Copyright The Washington Post Company
NOTE: In accordance with Title 17 U.S.C. section 107, this material is
distributed without profit or payment to those who have expressed a prior
interest in receiving this information for non-profit research and
educational purposes only. For more information go to:

To subscribe or unsubscribe, email:
     [email protected]
with the message:
     (un)subscribe ignition-point [email protected]

or (un)subscribe ignition-point-digest [email protected]

--- end forwarded text

Robert A. Hettinga <mailto: [email protected]>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'