Fake Emails - Not A Good Sign (update)

Take it as a compliment Keith: you have clout, unlike the rest of us sending emails - and letters; only to recieve Form letters utterly banal in their meaningless! Sent thousands myself with same results to...fill in the blank...

Keith,

Can you explain more what happened? And are you gonna pursue a court action?

No talk about getting the money back from those (now profitable-note!)companies we gifted billions to - and which would cover NASA's trivial budget kilo-times over...

These look like the same form letters getting emailed back to me. I joined a facebook group or two and signed an online petition, so I figure it got me on a mailing list. I suppose it's possible somebody would type in your email to sign a petition or form letter submission, but frankly I doubt the congressmen in question read the list of names. If you hadn't pointed it out, I wonder if anyone would have noticed your name. Rather than some grand level of clout or fraud, at worst it seems like the sort of prank where you sign up a vegetarian friend for a barbecue webzine, or your deer hunting uncles for PETA mailing lists.

And there are plenty of kind, rational folks disappointed about not going to the moon. Please don't lump everyone together in accusations.

You might want to check with a random selection of congresspersons to see if they have also received fake snail mail from you.

Fake emails and snail mail is now a standard activity of the right wing extreamist faction of American politics.

Unfortunately it is effective. As significant a figure as you are to us space cadets, to a congress person from Iowa
or some non-space place, you are an "expert" and they wont
think twice about wheather this is real email or letter. They will never have seen this site or care. They have your
oppinion in the email or letter and they will inquire no
further. If you do not make your position clear to them,
others will do it for you.

The scam was uncovered when someone realized that although the letters were typed right-handed the signatures were typed left-handed...

Interesting. Within the last couple of days I've gotten a similar pair of e-mails.

Ferris, there are two ways a message could go to a congressman online. The first is to have their email address, and spoofing the source of an email is trivial. Simply telnet to the end recipient's mail server with the right port, enter the right commands, and you can pretend you're whoever you want to be. And if you go through an anonymous proxy you can even hide the source IP address. But for this to work you have to have some decent idea of what you're doing. Simpler is to set up an email profile in outlook, or whatever email client you use, and just enter the return and identity info as the person you're pretending to be.

The second way is to go online and do it. Pretty much every congressman these days has an online contact-me form, to cut down on email spam. The one above requires you enter a ZIP+4 to get to the comment page, and presumably he'll only care if its an address from his district. If you have an address for a person, it is trivial, again, to get in and pretend to be submitting a comment as them. Again, you could go through a proxy to do this, but I doubt anyone was being that careful.

In either case, the original submitter may be treading on legal thin ice, since either of these can be construed as identity theft, especially as they were attempting to influence a public official with the alternate identity. Unfortunately, I doubt anyone will bother prosecuting such an offense.

Childish and rude, and ultimately counterproductive. If they've done this under your name, it makes you how many other people they've impersonated.

I got one from Senator Warner as well. Can't say I recall signing up for anything like that.

what I found entertaining was the responses you got...Robert

Telnet? I thought only sysadmins still used telnet on test machines. Anyone using telnet in a production environment and leaving that port available to the outside is just asking for trouble.

Gives new meaning to the term "grassroots support". Smells terrible.

I think an ordinary email delivery transaction is indistinguishable from telnetting to the right port and typing by hand.

Even if not, spammers have the technology to generate fake emails that are effectively indistinguishable from real ones. It can be essentially impossible to detect them. Your only hint of trouble would be seeing millions of transactions simultaneously coming from one IP.

Similarly, you could generate snail-mail letters in bulk, copy addresses from a phone book, and drop them in any corner mailbox.

Keith, you are not alone. I have had two emails this week from Eshoo in California thanking me for my support.

I explicitly sent my NON-SUPPORT to my local Congressmen and Senators. So if this happens with me I'd be amused.

Well that's just swell.

Hopefully it doesn't get really bad.
Not wanting a secret service visit anytime soon because of some jerk.

Keith,

If you can get ahold of the email headers from your Congressman's office, I would be happy to track down the original senders of these emails for you.

--Craig

Well, weve all read the somewhat deranged remarks from those opposed to the new policy so it's not really a surprise. I'm not saying they are all like that but the issue certainly attracts hysteria.

As Keith noted, I am with the goboldlynasa.org group. We formed back in September to send a pro-NASA funding message to Congress around the time when the Augustine Commission was making their recommendations. At that time, we created an online form letter for people to sign, including their mailing and email addresses. We formed the group and website quickly with the thought that obtaining email addresses for Congressmen and sending the letters would be easy. Unfortunately we were wrong. Sending an email to Congress is a much more involved process these days because most only allow constituents to send messages via web forms.

As a grassroots organization, we did not have the funding to hire a company (Rally Congress) to send the letters out until mid-February. From that point onward, everyone who goes to our site and agrees to our letter (with their edits if they choose) is sent immediately to their Congressional representatives.

For the past seven days we have been processing the unsent email letters from September through mid-February and sending them to Congress based on the data that people entered into our website. For most of you who are receiving letters from your representatives out of the blue, it is because of the letter on our site that you agreed to earlier.

To be clear, the content of our letter changed in February to reflect what the president proposed in his 2011 budget for NASA. Whichever of the two letters you agreed to originally is the one we sent to your Congressional representatives.

If someone falsely entered your name, address, and email address into our system, we certainly do not condone such acts and find them very regrettable.

I hope this clears things up.

Nick

In this World of "If I read it on the internet it must be true" and we are all guilty of it. IE posting a link with some sort've information or pie chart or about HSF or NASA . That tight rope dance that NASA watch and other similar online media publications have to walk is a precarious one.Its very difficult to confirm what one reads online and the examples of which are to numerous to mention here. All that being said, I think the aforementioned NASA watch does a pretty good job. But, there is always the doubt.

I think the statement by GoBoldly is the most plausible. I could see somebody trying to use Keith's identity to do something like this, because he is well known (although I do not at all condone it and think it is extremely counter productive), but the fact that others on here have said, "I got the same thing" tends to favor the opposite argument. The other people are not well known people in the industry and are posting under aliases. Now the fact that you got multiple response? I account that to the congressman's office. I went to GoBoldly, used their form, modified their letter to my liking and sent it in. I received one email from Ron Paul's office and one from Cornyn's office within 24 hours, 0 e-mails from Hutchinson. Then 2 weeks later, I received two more replies from Senator Cornyn. Does this make me think that my letter was sent to Cornyn three times? No, it makes me think Cornyn's e-mail server or admins have a glitch, since I did not get 3 responses from the other 2 congressmen. Whatever they are using to send back these form letters has a minor hiccup, nothing more.

@HLVer - I do not disagree that there have been some deranged remarks on here. But once again, this is finger pointing. The deranged remarks have come from both sides of the argument. I can point to 1 or 2 on both sides in particular. I can point to one who's post sound positively maniacal, gleeful, sadistic and shows a vast incomprehension of the English language. But I will not name names or even say which side any of these people are posting for, because I do not think they are helping either cause. They are just helping to rile people on both sides and widen the rift. Just saying, dont point fingers one way or another because it is disingenuous at best. I think the key here is for people to realize it is not black or white, day or night, left or right, blue or red, or any other permutation of opposites. There are shades of gray and every other color throughout this community. We should be striving for common ground to create the best program we can. Neither the "POR" nor the "Plan" does that successfully.

Hi Keith,

We met at a book-signing at ISDC a few years back. Sorry to hear about these message forgeries. You may want to consider adopting GPG digital signatures for your correspondence so that any message not signed is easily repudiated. http://www.gnupg.org/ It takes a little bit of effort to setup but it does make it easy to verify that messages truly come from the author and have not been altered in transit. For the average person it may be overkill, but a verifiable digital signature might be worthwhile for a public commentator such as yourself. Naturally, it's free and open source software. It's really annoying that people are misusing the Internet, causing people to have to come up with countermeasures.

Tony

Telnet is a program that connects to more than just the telnetd server, which nobody should be using in a production environment any more. It also can connect to the SMTP port of practically any email server. Once there, you can use the appropriate commands to send email to anyone on that server. (If they're not on that server then you're talking to an open proxy, also something nobody should be running intentionally these days.) In order to receive email you *must* have an SMTP server exposed to the world, either via a nonencrypted port, an encrypted port (only slightly less trivial to connect to), or both.

But that suggestion is just at the most basic level. It sounds like someone's sending these messages from more than one identity, which means there's probably a program of some sort involved. But, again, the point is there are no controls on email that require anyone to prove they're who they say they are, spoofing emails is fairly trivial.

Yeah, it seems like someone just put in your email address and name in an online petition/send a letter to your congressman form. I would be more worried if they started sending more custom/personal emails that look like they came from you.

The GoBoldy explanation makes sense. I signed up on their website back in September.

This reminds me of something that happened in the UK about five years back.

BAe Systems had horrifically botched the upgrade to the Sea Harrier carrier-borne fighter project, creating a new fighter too heavy to fly given the maximum lift from its wings and power from its engines. Now, BAe has long had the British government of all flavours in a headlock as it is the only major UK-based defence contractor left. BAe simply wouldn't redo the Sea Harrier FS2 except at a price that even a government couldn't afford, so the Royal Navy had no choice but to retire its only fighter and replace it with the RAF's battlefield support version... that had no radar or meaningful interception capability.

Naturally, several defence correspondents queried the Ministry of Defence's insistance that retiring the Sea Harrier in favour of its land-based cousin had always been the plan and no one wanted to keep the Sea Harrier (bloodied and proven in the Falklands War of 20 years previously) anyway. When the correspondents scoffed at this claim, they suddenly got bombarded with emails from alleged Fleet Air Arm officers who claimed that the Sea Harrier was obsolete and, somehow, the land attack version was all that was needed.

Oddly enough, these emails tended to be quite similar apart from details like names and service histories. A few enterprising and tech-savvy reporters checked and found that the emails, although with spoofed origin addresses, were tracable back to various government, Labour Party and BAe Systems IP addresses. They were fraudulent; an attempt to stiffle dissent and create an illusion of support for a massive SNAFU that was being covered up as a "optimisation of forces".

The lesson? When government cash is on the line, attempts fraudulently to create the appearance popular support for certain policies is not only common, it appears to be the first tactic. This seems to have become even more so with the ease of falsifying email correspondence.

"spoofing emails is fairly trivial"

True. But spoofing IP addresses is another matter. If the senders of these emails didn't hide their IP address, Keith is right: they may be traceable. In order to fool a securely and correctly configured SMTP or web server, you must do something like the following:

- send your message from a zombie computer, a network that harbors spammers, or a service that provides anonymity (in which case, you don't care that the real IP address of the message is revealed, since your actual client address is obscured),
- steal your connection from an unsecured wireless router,
- exploit a vulnerability in the receiving server (a buffer overflow, for example, that allows you to wipe out the record of your IP address),
- control some upstream router (to alter your source IP).

In our era of Big Brother, a few other techniques are anything but a sure thing. Renewing the DHCP lease with your ISP probably doesn't delete the association of your old IP to your identity. And using an internet kiosk (at least at many venues in the US) also associates the IP you're given with your identity (although investigators may have to resort to looking at cash register receipts and webcam footage).

But good luck getting any help pursuing any sort of investigation, much less getting civil or criminal charges to stick.

In any case, perhaps the goboldly explanation will end up being the right one. Or we'll never know.

Keith, any update from GoBoldly based on your March 17 comment?

Anna Eshoo has been getting about 1 email per week "from me" and when I got them to send me the text of the email, I Googled it and found it to be from GoBoldly, but it was from a Facebook page attributed to them.

Keith, I would take a deep breath and realize that you can't use IP Addresses and e-mails to assume they were sent from a specific individual or organization. I could list a hundred tools for spoofing e-mails and IP addresses. They are readily available on the internet. E-mail is not secure at all anymore when someone wants to portray themselves and someone they are not. The only way to determine if indeed the person you suspect is the culprit is to report to police and see if they will open a case to search the user’s computer to see if the e-mail was sent. My opinion is they probably get thousands of these allegations made routinely. I would just be cautious of airing allegations based on IP Addresses and any type of e-mail header information. It’s really not fair until you can for sure point a finger by finding the machine that sent the e-mail. For example, any amateur hacker could spoof an e-mail from Charlie Bolden to the President and use the NASA Watch or Space Ref IP information for a specific day in the header of the e-mail. Therefore, from initial observation it looks as if someone at NASA Watch is trying to communicate to the President on behalf of Charlie Bolden using spoofed e-mail. There are ways to track the IP addresses back to the sources, but that takes investigators with court order subpoena’s for ISP's and Telecom companies. Hopefully, they will investigate for you, but I would be cautious about making allegations, though you may be right in the end. If someone is trying discredit the people you suspect of sending the e-mails, they are doing a good job. I hope you find this group of people and confirm with hard data, because you are more than capable of making them look very foolish and possibly given them a criminal record. Good Luck

Keith,

I checked today and there was not any additional emails sent out using your information through our site since the one entry we spoke about (and you wrote about) several weeks ago. I think the latest email you received is simply a follow up from Rep. Moran to the first one he sent you on March 16th. Typically when a Congressman receives correspondence from a constituent, their office sends out a generic acknowledgement letter right away thanking you for contacting the office. Then they follow it up with another generic email (at a later date) regarding the specific topic of your message to them. I received a similar two email response from most of my Congressmen as well. So the bottom line is there have been no additional emails sent to your Congressmen through the Go Boldly site. You are merely receiving additional follow up messages.

Nick

Editor's note: You are just guessing. I am going to contact Moran's office tomorrow. You have still never explained how you got my personal email or why you contacted my Congressman and Senator in the first place.  I never gave you that information. Have you actually looked at your own website? Anyone can use it to send fake emails under anyone's name. You have done nothing to try and be certain that the person filing out that form is the person whose name is being used. You apparently did not read NASA Watch either. If you go here http://www.goboldlynasa.org/en/formLetter.cfm and enter a zip code a page appears with senators and congressmen listed, your letter, and blanks where you can fill in any name you want. One reader has sent me proof that letters from your site are still going out without the permission of the person whose name is being used.

It just demonstrates that bad people could fraudulently send emails to your congressman that makes you look like a terrorist or an unruly person that puts you on the no-fly list or puts you under further government surveillance or under arrest much like privacy piracy and identity fraud.

We now are left with having to spend our hard earned taxable income and personal time to prove our innocence because everyone with an email address is susceptible to this type of fraud. I wonder where they are going to incarcerate the innocent folks with limited resources that are incapable of protecting themselves.