The e-mails started flowing into media outlets inboxes over the weekend: First one Senator had died, then another, then another.It seemed outlandish. Sen. Robert Byrd had just died June 28. Could it be that the West Virginia Democrats colleagues followed him so quickly?Reporters called Senate offices, and press secretaries worked overtime to debunk the rumors.Senate Majority Leader Harry Reid became the fourth victim of the death hoaxes Wednesday, and Senate administrators and media professionals are discussing how to inoculate themselves in the foggy intersection of politics, technology and journalism.The unidentified Internet prankster, or group of pranksters, has been sending e-mails announcing that Democratic Sens. Reid (Nev.), Patrick Leahy (Vt.), Dianne Feinstein (Calif.) and Frank Lautenberg (N.J.) have died of cancer.Senate Sergeant-at-Arms Terrance Gainer confirmed Wednesday that Reid is the latest target. Following the death of Sen. Byrd, were all a little bit sensitive about this, he said. Its in poor taste.While the e-mails appear to come from Senate offices domain names, they were sent by a technique called spoofing, whereby a computer program cloaks the actual e-mail address with a mimic address.This happens in all kinds of attacks, said Jeffrey Carpenter, technical manager of the CERT Coordination Center at the Carnegie Mellon Software Engineering Institute. People who are involved in criminal activity ... will frequently do that to send e-mail to someone to make it seem like its coming from someone they know.The Capitol Police are investigating, but Carpenter said it is unlikely they will come up with much. Although it is illegal to send unsolicited e-mail with a false header, the police may never find the perpetrator. Its really hard to do that, Carpenter said. In some cases, theyve covered their tracks too well.Gainer said he does not know of a way to entirely ward off such e-mails, particularly because they are sent from outside the Senates technological infrastructure a point with which Carpenter agreed. But Gainer said he has asked his information technology staff to look into it. In the meantime, Gainer said he will host a meeting with Senate staffers Thursday to brush up on their IT knowledge.He will point out that each e-mail header lists an individual Internet protocol address that can be authenticated and matched to a specific domain name. Reporters or staffers can use these to make sure the e-mails actually come from where they say they do.There is software available, Gainer said. It allows our Senate.gov domain to say whether the message originated from our server or from someplace else.Carpenter said the cybersecurity community uses an encrypted certificate attached to each e-mail to verify its authenticity, a practice that he said is not out of the reach of government. But, he added, the e-mail recipient would have to know how to authenticate the message.A lot of the impediment to widespread adoption of this technology is that its not easy for non-technology users, he said. The technology producers havent done as good of a job making this technology easy for consumers to use.
Vice President Joe Biden waits to conduct a mock swearing-in ceremony with Sen. Brian Schatz, D-Hawaii, in the Capitol's Old Senate Chamber, December 2, 2014. Schatz was sworn in to serve the remainder of his term since he was appointed to the seat after Sen. Daniel Inouye, D-Hawaii, passed away.