Twice in the last month, Arizona software developer John Bolding says, he has received email antiterrorist messages from the FBI. The memos first prompted irritation - spam is spam, even from the feds - that has grown to concern as the dimensions of the unsolicited messages and the apparent lack of FBI savvy about the mailing have become clear.
Bolding said in an interview Friday that he has learned the bureau spammed a purchased list of 100,000 system administrators and others with the terrorism messages. Recipients have included individuals both inside and outside the United States.
An FBI spokesman said Friday he had no knowledge of the email incident and added it would be unusual for the bureau to send such information by insecure means.
Bolding, of FirstBase Software Inc., a Tucson startup, said he received a message from the first batch of FBI spam on 27 February. The message carried the subject header "Ansir Email Terrorism Advisory 2."
"This communication is not an FBI terrorist threat alert or advisory; it is for your information only," beganthe email, signed by Special Agent Alice D. Days of the FBI's Phoenix ANSIR division. ANSIR is Awareness of National Security Issues and Response program, a federal information initiative.
"Although unclassified, this communication should be handled as sensitive," the email read. "This communication should not be furnished to the media or other agencies outside the corporate security/law enforcement/US Government counterterrorism community without the permission of the FBI," the message continued.
After receiving the first message, Bolding said he traced the return email domain, LEO.GOV to the FBI. He promptly sent an email complaint. He then received a email from an apologetic FBI postmaster, Douglas Maxham, who said he would remove Bolding from the mailing list.
"As you may have guessed, we are relatively new to the Internet, but we strongly desire to be good neighbors. Any other observations or constructive criticisms are welcome!" Maxham wrote.
In a later phone conversation, Bolding said, the postmaster then asked for assistance in improving the FBI mailserver's security to better cope with spam. After pointing the administrator to publicly available antispam resources, Bolding said, hung up convinced the bizarre incident was finished.
Then, on 11 March, Bolding received a second domestic terrorist advisory spam from ANSIR.
"In light of recent events, recipients are reminded that the US Government remains the target of many anti-government groups such as the Aryan Nations," read the notice, entitled "Ansir Email - Domestic Terrorism Advisory."
After complaining again, Bolding received a frostier response.
Bolding said an ANSIR system administrator, Larry Watson, told him the email had been sent to 100,000 people who were on a list provided by CorpTech,, a Massachusetts research firm with contact information on 45,000 US high-tech firms.
"The current capacity of this alert system reaches 100,000, but is intended to address only those individuals and corporations who wish to receive the information," said a 1 March email from Watson. "Apparently, this is not the case in the current instance."
Further, Bolding said, another ANSIR employee, Jock Binnie, told him that the mail had been sent under direct order of Attorney General Janet Reno. He added that Bolding was the only one who had complained.
When Bolding told Watson that he might have to block incoming email from the LEO.GOV domain, the conversation turned hostile.
"[Watson] said 'Blocking? What is that? Some kind of new subversive unamerican activity?'" said Bolding.
Bolding said Binnie referred him to CorpTech, the company that reportedly sold the FBI the list of email addresses. "'We purchased this from CorpTech,'" Bolding recalled Binnie saying. "'If you have a problem with that then get your corporate attorney to call CorpTech.'"
Another recipient of the bulletin was equally mystified.
"We looked at it and said, 'Huh, more junk mail," said Darius Sarhaddi of Zona Technology. "As far as the terrorists, we didn't think it was relevant, because we are not [connected] to the Internet."
At least one of the recipients worked outside the United States. Technologia Uno-Cero, a company in Mexico that owns the domain name spin.com, was on the recipient list.
An FBI spokesman in Sacramento, California, confirmed that the bureau sends out such alerts on occasion but that they generally go out as secure teletype transmissions. He said he had no information about the reported spamming.
"It sounds very peculiar to me," FBI spokesman Joseph Sheehan said. "My knowledge of how these things are handled, generally speaking, it's not done that way." He acknowledged, though, that "it is possible that someone at some agency and on their own decided to email this."
One spam authority was highly critical of the FBI for sending out what was intended to be a sensitive message to such a wide audience.
"Does our government have any business sending this kind of stuff out?" asked Scott Mueller, chairman of the Coalition Against Unsolicited Commercial Email. "Who is thinking it a good idea to use an unqualified mailing list for this sort of material?"
Bolding said he was "flabbergasted" by the whole episode, and said he plans to file a formal complaint with his congressional representatives.
"What does it mean to someone running a tiny software company in Arizona? Gosh, I don't know, I can pronounce 'jihad' but what it has to do with me, I can't say," Bolding said.
Representatives of CorpTech could not be reached for comment.
