Security hits home
Thomas R. Temin
Say 'systems security,' and most people think of hackers, firewalls and espionage.
But the ubiquity of the Internet means security breaches can occur quite innocently'and mysteriously. A weird occurrence at my house proves that security depends as much on individuals as on systems.
Let me tell you what's been going on with my e-mail at home. I was surprised a couple of weeks ago to receive a message with several attachments from a .mil
domain'an Air Force base in the United States. I thought, why would I get a letter to the editor at home? Who in the military even knows our family e-mail address?
To protect an officer who I'm certain made an honest mistake, I won't reveal the sender. I'm not an expert, but none of the material appeared to be classified. I didn't have the software necessary to read some of the attached files anyhow. From the cover message, the files appeared to be routine monthly reports concerning aircraft performance. I presume the sender would have used the Defense Department's Secret IP Router Network if the files were classified.
But how did this and a subsequent message come to my home account? I read the recipient list carefully. The e-mail went to perhaps 40 people. Because the sender didn't create a group, the message header listed each recipient. Most of the recipients were military personnel or contractors residing on the same base. Buried midway down the list, I spotted our e-mail address, but with a twist.
The regional Internet service provider we have used for several years was acquired. I don't even remember the takeover history. Our home address still carries the original @erols.com
extension, but the provider also has users with @rcn.com
addresses. So there was our user name, all right, but followed by @rcn.com
. Aha, I thought, a database snafu.
Except the parent company's support desk claims this is impossible and that, in any case, our user name is unique among all of the company's systems.
I replied to the captain, who apologized and promised he'd root out the odd name from his mailing list. But two days later I received another set of attachments from him.
And that's where the mystery stands. I'm going to get to the bottom of it. In the meantime, maybe you should take a few minutes to look over your own e-mail recipient lists.Thomas R. Temin