Permanent Links

Poll

What should be the topic for the next Impossibly Stupid poll?

A Town Square Poll Space

Tech Corner

See Also

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[TXT]README.html2017-11-23 17:23 2.6K 
[   ]info.json2014-12-09 01:41 40  
[   ]tags=meta2015-03-26 18:30 0  

America’s Army fails at “securing our homeland”

I was too busy to post this earlier, but you know how I love to point out insecure systems? This story begins back in 2005, when I registered to play America's Army. As I have noted in the past, I do such things with a unique email address that is tied to the site in question. So I played the game for a year or so, and then eventually lost interest.

Fast forward to this last Thursday, when I get a spam email that is sent to the address that only America's Army should have had! I'm sure you're itching to see message headers, so here you go:

Return-Path: 
X-Original-To: TheUniqueEmailAddress
Delivered-To: x9858965@homiemail-mx8.g.dreamhost.com
Received: from www.dehjahvew-marketing.com (unknown [188.72.243.21])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by homiemail-mx8.g.dreamhost.com (Postfix) with ESMTPS id 73C2F72C493
	for TheUniqueEmailAddress; Thu, 21 Jul 2011 14:57:35 -0700 (PDT)
Received: (qmail 13636 invoked by uid 0); 21 Jul 2011 21:42:14 -0000
Date: Thu, 21 Jul 2011 14:42:14 -0700
To: TheUniqueEmailAddress
From: Dehjahvew Online Marketing 
Reply-To: Do Not Reply 
Subject: Discover the best of Cancun with special offers from the Villa Group
Message-ID: <714bd4ff4c721c0ddc0611a28a896348@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_714bd4ff4c721c0ddc0611a28a896348"

I'm sure you'll notice the domain dehjahvew-marketing.com mixed in there. That is not a forgery; many of the links in the body (HTML, but stupidly specified as text/plain) do indeed go there. Although the server is in Germany, the domain registration is hidden behind a proxy. Also listed in the spam is villagroupresorts.com, which is clearly the party hoping to profit from all this. Doman registration places them in Mexico, with their web host being in California.

But the real question remains. How did these people get access to America's Army servers to extract the email address in the first place? Are other people who have registered with America's Army getting the same spam? What other personal information has been compromised? What other servers in their network have been compromised? Let's see if anyone else notices a pattern in the coming days/weeks.