[Infowarrior] - NSA Server vulnerable to SMTP Spoofing

[Richard Forno]

(c/o RD)

NSA Server vulnerable to SMTP Spoofing, can be used for Social Engineering
http://www.ehackingnews.com/2013/12/nsa-server-vulnerable-to-smtp-spoofing.html

Reported by Sabari Selvan on Tuesday, December 31, 2013 

< - >

An Indian hacker known as "Godzilla" has identified a vulnerability in the NSA website that allows an attacker to send fake emails from NSA's SMTP server.

NSA's SMTP server allows anyone to use the service without verifying the IP address and password.  The most interesting part is that it allows you to use any email address(for eg: admin at nsa.gov).

This vulnerability can be exploited by an attacker for launching a Spear phishing attack. An attacker can send email to anyone inside the organization(for eg to: admin2 at nsa.gov).  As it is using the NSA SMTP server, it is need not to worry about firewalls. 

In a screenshot provided to EHN, the hacker used the email id of the NSA Director "Gen Keith B Alexander"(KeithAlexander at nsa.gov) to send email to another email id. 

"sending a mail with a link attach to it. That can be a bot link. Everyone will receive the mail with .nsa.gov domain as the mail is shooted from the same network." The hacker said.

"The mail will be send with the name of Director as no one will dare to skip the mail and have to read it. After opening the mail the attacking vector will get active. After this the ball will be in the attackers court."

"SMTP is a dangerous protocol and if you dont know how to secure it, its better you shut it down."

"Stupid NSA you are lucky its 31st December and we are not in a mood to shoot are malwares in your server." Hacker said.

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.