--- begin forwarded text Delivered-To: ignition-point@majordomo.pobox.com X-Sender: believer@telepath.com Date: Sat, 17 Oct 1998 11:06:07 -0500 To: believer@telepath.com From: believer@telepath.com Subject: IP: Fake Message Sends AOL E-Mail Astray Mime-Version: 1.0 Sender: owner-ignition-point@majordomo.pobox.com Precedence: list Reply-To: believer@telepath.com Source: Washington Post http://www.washingtonpost.com/wp-srv/washtech/wtech001.htm Fake Message Sends AOL E-Mail Astray By Leslie Walker Washington Post Staff Writer Friday, October 16, 1998 A fake e-mail sent to the keeper of the Internet's global address book yesterday erased America Online Inc.'s spot on the global computer network, causing thousands of incoming e-mails to go to the wrong place and preventing many people from visiting AOL's World Wide Web site. AOL officials said all the misdirected e-mail should show up eventually in the correct mailboxes. But the incident highlighted a security issue involving how the central addresses known as domains are administered on the Internet. The incident began before 5 a.m. when someone impersonating an AOL official sent e-mail to InterNIC, the Herndon organization that maintains the domain name registry for the Internet, InterNIC spokesman Christopher Clough said. The message requested the electronic address of AOL's domain be changed. Because AOL had chosen the lowest of three security levels possible for making such a change, it was made automatically, with no review by any person at Network Solutions Inc., the company that runs InterNIC, Clough said. The new address assigned was that of Autonet.net, an Internet service provider. Mail meant for AOL automatically was diverted to Autonet, overwhelming computers at the service. In AOL's network monitoring center in Dulles, people monitoring traffic volumes noticed a drop in the volume of e-mail coming in from the Internet. They began investigating and found the change, AOL spokeswoman Ann Brackbill said. AOL rented a computer to lend to Autonet.net yesterday to reroute the e-mail back to AOL while company officials simultaneously working with InterNIC to correct AOL's address, Brackbill said. AOL's actual Internet domain - AOL.com - was not changed, but the directions the Internet uses in sending Web surfers there were changed because of the fraudulent e-mail, so they couldn't get to the site. Instead, error messages appeared on their screens. "It's like if the phone book published the wrong address for AAA, and you went there to get a map," Brackbill said. "You wouldn't be able to get anything." Clough said the e-mail came as a form message that was accepted automatically because it appeared to come from the correct person and address at AOL.com that was authorized to change AOL's InterNIC records. Computer buffs call an incident of this kind "a spoof" - an impersonation of someone by e-mail. By 4:30 p.m., AOL's address had been corrected in the main Internet address book, but it often takes hours for changes to travel throughout the global network, Clough said. AOL officials estimated that 12 percent to 15 percent of its e-mail was affected Only about half of AOL's e-mail traffic comes from the Internet; the other half is internal. In addition, 10 percent to 20 percent of the people trying to access its Web site received error messages. AOL officials asked InterNIC yesterday to change the security level for its domain name records. The two higher levels available - and apparently used by most commercial Internet operations - involve either a password or encryption in the request for a change to the address. Brackbill couldn't explain why AOL chose the lowest security level, except to note that the record was created "a long time ago." "We've never had a problem before with this and our goal is to make sure we don't have it again," she said. AOL is cooperating with law enforcement officials to identify the culprit. © Copyright The Washington Post Company ----------------------- NOTE: In accordance with Title 17 U.S.C. section 107, this material is distributed without profit or payment to those who have expressed a prior interest in receiving this information for non-profit research and educational purposes only. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml ----------------------- **************************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: (un)subscribe ignition-point email@address or (un)subscribe ignition-point-digest email@address **************************************************** www.telepath.com/believer **************************************************** --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'