Council's e-mail spammed

By MARCIA NELESEN ( Contact ) Friday, Oct. 24, 2008

JANESVILLE — The Janesville City Council's e-mail address got slammed with spam earlier this week, but staff is hoping it will be up and running again by Monday.

"This was a situation where somebody used the city council's e-mail address to send unknown messages throughout the world," said Jay Winzenz, acting city manager.

When messages were sent to invalid addresses, they bounced back as being undeliverable.

Winzenz got a call from Councilman Yuri Rashkin on Tuesday night. His Blackberry has a link to the city e-mail, and it was being bombarded.

The city received about 7,000 of the bounced-back messages each hour for the first five to six hours, but Gordy LaChance, the city's information technology manager, stopped the forwarding mechanism to the council in about 40 minutes.

Winzenz described the episode as a "reverse service attack." The spam filter didn't recognize the message as bad because they were legitimate, non-deliverable messages.

The city doesn't know what message was attached.

Most servers stop trying to deliver mail after 72 hours, so hopefully the link will be working by Monday.

The e-mail traffic already has decreased dramatically.

Attacks such as these on institutions are not unusual, Winzenz said.

Staff will now go through the e-mails and delete the offending messages.

Residents still can contact council members by going to the city Web site, clicking on the city council link and scrolling down to the council member directory. The individual e-mails are listed in document form.

related STORIES

City of Janesville won't ... (23)
By MARCIA NELESEN 06/24/09

Council happy with new ... (4)
By MARCIA NELESEN 06/24/09

Council to look at ... (2)
By MARCIA NELESEN 06/20/09

Janesville councilman files for ... (95)
By KATHLEEN FOODY 06/18/09

Janesville's financial belt gets ... (21)
By MARCIA NELESEN 06/17/09

Councilman: Why isn't wading ... (11)
By MARCIA NELESEN 06/09/09

Council to consider street ... (7)
By MARCIA NELESEN 06/09/09

Janesville planning to mail ...
By MARCIA NELESEN 06/09/09

confidentWIgirl
Oct 24, 2008 at 4:14 p.m.
Suggest removal

Qwerty: The article isn't overly tecnical, but this is a type of attack usually aimed at overwhelming the target server or it is used to relay spam. This doesn't have anything to do with real email or how long it is being archived. It's malicious activity.

wahoo_35
Oct 24, 2008 at 3:27 p.m.
Suggest removal

Same thing happened to Blackhawk Tech. last week.

QwertyToo
Oct 24, 2008 at 3:24 p.m.
Suggest removal

My question is who decides what is spam?
Isn't the city required by law to keep all e-mails?
Sure these undelivered messages are obviously spam, but what protections are in place to make sure that only spam is deleted.

lachanceg
Oct 24, 2008 at 2 p.m.
Suggest removal

last comment from me:
There were 31K+ individual IP addresses involved. Over 100 different subject lines.
No mail from the usual offending countries.
IPS/IDS and other protections are in place and up to date
but we don't claim to be perfect......

confidentWIgirl
Oct 24, 2008 at 12:22 p.m.
Suggest removal

It really doesn't matter if the end user sees the onslaught of the "spam." That is not the issue with this type of attack. Truth: you make a great point.

What in the world is the city passing off as a mail server and what type of intrusion detection/prevention systems are they using?

totellthetruth
Oct 24, 2008 at 12:07 p.m.
Suggest removal

If someone in IT had the mind to think about it they could have temporarily blocked headers with the offending IP range and thwarted most of the spam. Usually these ip's are from Poland or china. Not to many Janesvillians there I presume.

lachanceg
Oct 24, 2008 at 11:50 a.m.
Suggest removal

What the article doesn't mention, probably because it's simply part of the decision making, is that the controls were in place and working properly. Mail was throttled, as expected. The problem with that is these controls also tend to stop legitimate mail. Therefore, we stopped forwarding and notified the public that they shouldn't trust this email address for awhile.
The mailboxes never saw the bulk of the incoming mail, although they did see the initial onslaught
City IT Manager

confidentWIgirl
Oct 24, 2008 at 10:48 a.m.
Suggest removal

This type of attack is not anything new or uncommon. If a few simple controls were in place this type of attack would not have been possible and I speak from years of experience managing IT in the private sector. It doesn't appear that the city, similar to the school distrcit, take IT security seriously.

Before you post a comment, consider this:

Note: GazetteXtra.com does not condone or review every comment. Read more in our User Policy Agreement

Keep it clean. Comments that are obscene, vulgar or sexually oriented will be removed. Creative spelling of such terms or implied use of such language is banned, also.
Don't threaten to hurt or kill anyone.
Be nice. No racism, sexism or any other sort of -ism that degrades another person.
Harassing comments. If you are the subject of a harassing comment or personal attack by another user, do not respond in-kind. Hit the "Suggest Removal" button on offensive comments.
Share what you know. Give us your eyewitness accounts, background, observations and history.
Do not libel anyone. Libel is writing something false about someone that damages that person's reputation.
Ask questions. What more do you want to know about the story?
Stay focused. Keep on the story's topic.
Help us get it right. If you spot a factual error or misspelling, email newsroom@gazettextra.com or call 1-800-362-6712.
Remember, this is our site. We set the rules, and we reserve the right to remove any comments that we deem inappropriate.

Post Comment

Commenting requires registration.

Council's e-mail spammed

Before you post a comment, consider this:

Post Comment

Your News Today

MOST EMAILED

POPULAR DISCUSSIONS

TODAY'S SPECIAL OFFERS

News:

Opinion:

Sports:

Multimedia:

Community:

Blogs

Services: