The U.S. government has long been a prime target for hackers, both in the U.S. and overseas, and apparently, hackers were busy this past weekend, with Krebs on Security reporting a massive email bomb targeted at .gov addresses.
Krebs on Security said the email bombs were designed to target .gov email inboxes with subscription requests to thousands of email lists, rendering the inboxes unable to work for a period of time. Experts told Krebs on Security that the email bombs were successful in large part because of the huge number of email newsletters that don’t validate the request of new signups. The report noted the attacks had been going on for several weeks but intensified immensely during the past weekend, with the most recent attack involving more than 100 government email addresses. Spamhaus, which keeps an ongoing list of known spamming operations, told Krebs on Security about the uptick in attacks during the past weekend. “The issue is the badly-run ‘open’ lists, which happily subscribed every address without any consent verification and which now continue as participants in the list-bombing of government addresses,” Spamhaus CEO Steve Linford said.
This isn’t the first time the government and its websites have been hacked. Earlier this year, both the Department of Justice and Homeland Security announced cybercriminals had made it into their systems and out the door with information related to thousands of employees. According to reports from internal officials, the bulk of the data seems to have been drawn from government directories, which only include employees’ email addresses, phone numbers and job titles. More disconcerting than the fact that two departments putatively tasked with controlling and preventing cybercrime were compromised is the fact that it seems the issue was discovered because the criminals alerted the world they had stolen the data.