62

(UPDATED) PMO: Do you think it’s easy to secure a mailing list?


 

The following email turned up in my mailbox earlier today, but I didn’t actually get around to opening it until I was alerted to the contents by a clearly-far-more-vigilant-than-me-on-a-Sunday ITQ reader, who is also subscribed to the PMO media distribution list, and was somewhat distressed by the contents:

from Stephen Harper <pm@pm.gc.ca>
to ALLNEWS_E@lserv.pmo-cpm.gc.ca
date Sun, Sep 21, 2008 at 3:34 PM
subject Why you shouldn’t fear me

Hi The Average Canadian,

Stephen Harper wanted to tell you…

My name is Stephen Harper. I am an ALBERTAN, here me roar! My goal is to make Canada America’s 51st state and destroy health care that all Canadians cherish by infusing my propaganda with hard core ad hominem attacks. Please vote for me, because if you do, I promise you’ll be able to vote for McCain 2012!

We are a tar sands level party, not a grass roots party. We consider anything with the word “Green” offensive, except for the almighty American dollar, which we hope to be able to implement in the coming months! We shall first have to make sure that American and Canadian jelly beans have the same standards, and then we shall proceed.

I hope everyone has a great weekend,

Take care,

Stephen “I can lead you to Hell but not back” Harper

If you agree click here.

Now, the link may go to a site owned and operated by the Conservative Party — good ole Oily the Splot’s domain of willyoubetricked.ca — but the rest of the email makes it pretty clear that this email was not sent out by the Prime Minister’s Office — or even the party.

Instead, it appears to be the work of a politically-attuned prankster who – it seems – took advantage of a security hole that allowed a non-authorized client to send out a message on the media listserv.  But who? I’ve included the full headers under the jump for anyone who wants to play IP detective – feel free to leave your theories in the comments.

UPDATE: Well, this is — I don’t exactly know what this is, actually. “Odd” doesn’t seem to go nearly far enough these days. Anyway, a cursory googling turns up this intriguing tidbit, which may just be coincidence, but could also be a genuine clue: the same trick seems to have been used to send out (obviously fake) email from Stephane Dion earlier this year — email that also, curiously, directed recipients to the Oily the Splot site.

UPDATEDIER: Stephen Taylor, who is far less amused than ITQ, was also far swifter to determine that it was actually the willyoubetricked.ca website that was used to spoof the headers through its remailer service, which, sadly, has now been taken offline; memories of notaleader.coms past, anyone?  Anyway, what I find remarkable is the fact that the media listserv was – in fact, may still be – free for the spamming by anyone who knew the main address, which really doesn’t speak well of the mad sendmail skillz of whoever set it up in the first place. Someone taking advantage of that gaping security hole to send out a fake email from “Stephen Harper”? Not all that shocking. In fact, I’m surprised it hasn’t happened before.

Full headers below:

Delivered-To: kady.omalley@gmail.com
Received: by 10.67.98.12 with SMTP id a12cs203552ugm;
Sun, 21 Sep 2008 12:51:27 -0700 (PDT)
Received: by 10.65.112.18 with SMTP id p18mr5404936qbm.38.1222026686234;
Sun, 21 Sep 2008 12:51:26 -0700 (PDT)
Return-Path:
Received: from SNETMAILER.s.net ([198.103.112.201])
by mx.google.com with ESMTP id s35si4296924qbs.13.2008.09.21.12.49.16;
Sun, 21 Sep 2008 12:51:26 -0700 (PDT)
Received-SPF: neutral (google.com: 198.103.112.201 is neither permitted nor denied by best guess record for domain of owner-allnews_e@lserv.pmo-cpm.gc.ca) client-ip=198.103.112.201;
Authentication-Results: mx.google.com; spf=neutral (google.com: 198.103.112.201 is neither permitted nor denied by best guess record for domain of owner-allnews_e@lserv.pmo-cpm.gc.ca) smtp.mail=owner-allnews_e@lserv.pmo-cpm.gc.ca
Received: from LSERV ([172.27.252.59]) by SNETMAILER.s.net with InterScan Message Security Suite; Sun, 21 Sep 2008 15:48:47 -0400
Received: by LSERV.PMO-CPM.GC.CA (LISTSERV-TCP/IP release 15.5) with spool id
24569 for ALLNEWS_E@LSERV.PMO-CPM.GC.CA; Sun, 21 Sep 2008 15:34:58
-0400
Received: from [172.27.110.114] by LSERV.PMO-CPM.GC.CA (SMTPL release 1.0w)
with TCP; Sun, 21 Sep 2008 15:34:58 -0400
Received: from qmail-cgi-norm-0.netfirms.com (60-m.netfirms.com
[38.113.189.60])by mxtreme2.pco.gc.ca (mxtreme2.pco.gc.ca) with SMTP
id A8230DA71Afor ; Sun, 21 Sep 2008
15:49:18 -0400 (EDT)
Received: (qmail 94677 invoked from network); 21 Sep 2008 19:34:54 -0000
Received: from unknown (10.8.8.2) by 0 with QMQP; 21 Sep 2008 19:34:54 -0000
X-IP: 142.161.178.253
X-URI: /reachout.php?task=sendmail
X-ID: 3011848
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
X-BTI-AntiSpam: score:14,sta:40/028,dcc:passed,dnsbl:passed,sw:passed,bsn:22
/passed,spf:none,dk:passed,pbmf:none,ipr:0/1,trusted:no,ts:no,bs:no,ubl:passed
Received-SPF: none
X-imss-version: 2.051
X-imss-result: Passed
X-imss-approveListMatch: pm@pm.gc.ca
Message-ID: <20080921193454.77052.qmail@cgi2>
Date: Sun, 21 Sep 2008 19:34:54 -0000
From: Stephen Harper
Subject: Why you shouldn’t fear me
To: ALLNEWS_E@LSERV.PMO-CPM.GC.CA
Precedence: list
List-Help:
List-Unsubscribe:
List-Subscribe:
List-Owner:


 

Comments are closed.