Feeds

Email snafu gifts federal informants' names to press

Witless protection

Protecting users from Firesheep and other Sidejacking attacks with SSL

An email error inadvertently disclosed the names of more than 20 confidential informants in a federal investigation to reporters.

An official in US Attorney Patrick Fitzgerald's Chicago office mistakenly attached a sensitive document listing the names to a press release announcing criminal charges against two men - John Walsh and Charles Martin - accused of a multi-million dollar fraud. Walsh and Martin were partners in a foreign-exchange dealing firm called One World Capital Group that recently went bust, leaving behind suspicions that its executives had systematically defrauded customers out of $15m, The Chicago Tribune reports.

Instead of just including a copy of a 62-page complaint, the legal bungler also including a one page document listing the real names of 25 sources, identified only anonymously in the main document. These witnesses included a former One World Capital staffer alongside aggrieved customers, and two investment groups.

Copies of the document - with names blanked out - were posted on the Smoking Gun website here. The email error was quickly discovered, prompting a second message asking reporters to get rid of the first document, in a magnificent example of closing the virtual barn door after the horse has galloped into everyone's inbox.

This kind of electronic slip-up is rare but not unprecedented. Back in October 2007 a clerical error meant that anyone passing on information to the US House's Committee on the Judiciary received an email containing the email addresses of 150 other would-be whistle blowers. The slip-up reportedly happened after a junior staffer failed to realise the difference between to "To" and bcc fields in an email advising about changes in the website.

In the same month, a glitch on an email list maintained by the Department of Homeland Security turned it into a social networking utility, of sorts. A change of email request was broadcast to the entire list, instead of just the the administrators of the DHS's Daily Open Source Infrastructure Report.

People replied to this message, again to the whole list, which had the effect of disclosing names, telephone numbers and other personal details they had in their email signatures to all and sundry, as well as generating a message storm. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.