Here is a letter that, in my estimation, might have easily been sent by one Brian Kemp, Georgia’s Secretary of State:
“I am writing to ask whether DHS was aware of a paper letter we just received in our mailbox requesting sensitive information. The ‘from address’ was written on the outside of the paper envelope in pencil and it said ‘Department of Homeland Security’, so we are certain it must have come from you.”
Why do I make this claim? Because here is an excerpt from an actual letter that Kemp sent to the DHS:
“I am writing you to ask whether DHS was aware of [a probe from a DHS source IP address] attempt and, if so, why DHS was attempting to breach our firewall . . . At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network.”
Apparently, Kemp is outraged that some inbound errant Internet traffic was detected at their firewall. And this traffic was apparently associated with (gulp, gulp) actual source IP addresses from the DHS network, thus proving that it must have come from the agency. He actually wrote this in a letter. And he was serious. Really.
Now, if you do not see the logical absurdity in the above, then I suggest you buy a copy of Doug Comer’s foundational textbook on TCP/IP. You will learn from his book, as any novice cyber security operations manager already knows, that source IPs are about as trustworthy as penciled scratchings on the outside of a paper envelope. So if Georgia did, in fact, receive an inbound probe, then welcome to the Internet, guys.
Let’s no longer allow government officials to get away with this sort of technically inaccurate nonsense. And let’s stop allowing reporters to repeat such incorrect claims without strong technical pushback.
We deserve better.