E-Mail Crimes and Violations
This post is written to give you a brief intro about E-Mail Crimes and Violations and how the leakage could occur. i did add also some references, for you to read more if you wish.
To be able to stop/ detect e-mail leakage we first need to understand how e-mails works:
An e-mail client message is composed of two parts:
1) A header that contains information about the e-mail’s origins, such as the address it came from, how it reached its destination, and who sent it, and
2) A body, which contains the e-mail message and/or file attachments. The client connects to an e-mail server to send and receive messages. Software such as Outlook, Pine, or Eudora serve as e-mail clients.
The e-mail server is a computer which has UNIX or Windows as its Operating System, which is loaded with software to manage the transmission and holding of e-mail messages. E-mails can be received via Internet (Mail services such as Hotmail, Gmail, Yahoo Mail or ISP based mail or Microsoft office 365) and local network environments (Microsoft Exchange Server, IBM Lotus, Sendmail, GroupWise …) regardless of its location LAN or ISP based e-mail servers follow a client/server architecture, or Microsoft Exchange as a message transfer agent (MTA) and Post Office or collection system.
E-mail servers exchange e-mail with the SMTP Server via Port 25 which handles outgoing e-mails. The clients has a conversation with the SMTP server telling the SMTP server the address of the sender, the recipient and the body of the message. POP3 is used as incoming mail server over port 110. IMAP is the remote e-mail file server over Port 14
E-Mail Crime is very easy, fast and relative anonym which makes this method very popular. Based on the EC Council CHFI exam Study Guide[1] by (Chapter 8, Page 391) the e-mail crime can be divided in two categories
1.Crime committed by sending e-mail: E-mail spamming, mail bombing, phishing…
2.Crime supported by e-mails:
1-Crime committed by sending e-mail:
Below are just few examples for crime committed via sending an e-mail
1. Spamming :
Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately[2]. Spammers obtain e-mail addresses by harvesting them from Usenet, bots, postings, DNS listings, and/or Web pages.“ The From and Reply To field’s” in an Internet e-mail header allow the spammer to provide false or otherwise misleading information designed to entice the recipient into opening the e-mail.Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings
2. Mail Bombing:
It involves the intentional sending of multiple copies of an e-mail to a recipient. The objective is simply to overload the e-mail server.“After most commercial mail servers began checking mail with anti-virus software and filtering certain malicious file types, EXE, RAR, Zip, 7-Zip, mail server software was then configured to unpack archives and check their contents as well.
A new idea to combat this solution was composing a “bomb” consisting of an enormous text file, containing, for example, only the letter z repeating millions of times. Such a file compresses into a relatively small archive, but its unpacking (especially by early versions of mail servers) would use a greater amount of processing, which could result in a DoS (Denial of Service).” [3]
3. Mail Storm[4]:
Wikipedia defines an email storm as a sudden spike of Reply All messages on an email distribution list, usually caused by a controversial or misdirected message. Such storms start when multiple members of the distribution list reply to the entire list at the same time in response to the instigating message. Other members soon respond, usually adding vitriol to the discussion, asking to be removed from the list, or pleading for the cessation of messages. If enough members reply to these unwanted messages this triggers a chain reaction of email messages. The sheer load of traffic generated by these storms can render the email servers inoperative, similar to a DDoS attack.
A very good example of Mail storm, did happen at Microsoft[5] few years ago. Based on the Microsoft TechNet article, 15.5 Million e-mail was send within one hour. Which consumed 195 gigabytes of bandwidth bouncing around between the emails servers. Which cost them 2 days of downtime. And the reason was a bug in the MTA. And the fix this issue they added a message recipient limit to Exchange – the server now has the ability to enforce a site-wide limit on the number of recipients in a single email message.
4.Phishing[6] :
(Based on Microsoft) Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.A very recent Phishing attack [7](16 August 2013) effected a company called Outbrain[8], and a result the hackers could access Washington Post web site, as Outbrain was their content partner. The hackers (Syrian Electronic Army) sent an email that looked like it came from the company’s chief executive.
The email contained a “link from a prominent news source, which redirected to a page asking Outbrain employees to input their credentials.” One employee fell for the trick. This is a very classic Phishing attack
5.E-Mail Spoofing[9]:
CERT.org describes e-mail spoofing as: Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords)
6.Sniffing[10]:
Based on Wikipedia sniffing is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords) is using clear text to deliver packets, any information which is stored on those protocol packets can be intercepted with tools such as Cain and Able, Wire Shark etc. and the CIA can be broken.
7.Social Engineering[11]:
Based on Wikipedia Social engineering, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or gaining computer system access.
Crime supported by e-mails
I will not go in depth about this topic for this assignment. Harassment, cyber blackmailing, identity fraud is just few examples on how crime can be supported via e-mails.
Identify controls to prevent or detect e-mail leakage
E-Mails are widely used and as a result there are serious privacy concerns in terms of preventing e-mail information leakage including the ones which happens, accidently. As we discussed above this can cause E-Mail users regardless of the reason of the e-mail usage (Business, Education, and Non –Profit or individual) loss of money, law suits, and brand reputation damages to prevent that:
General E-Mail Server Prevention Mechanism’s
•Use E-Mail message classifications,
•Moderate sensible mailboxes
•Use SSL with your SMTP protocol.
•If possible use Secure mail protocols such as SMTPv3
•Use Digital Right Management System[12] to protect confidential data
•Keep your Operating System and Mail Server software as well as the hardware firmware up to date (patching)
•Use ISO 27005 Risk Management Best Practises[13]
•Develop an Incident Response team with action plans
•Disable e-mail relaying from untrusted recourses
•Consider a single point of entry for email to your site
•Use cryptography if possible
•Implement company e-mail usage policy’s.
To prevent Spam & Mail Bombing
•Be part of Spam Haus [14]project, which maintains a number of security intelligence databases and real-time spam-blocking databases (‘DNSBLs’) responsible for keeping back the vast majority of spam and malware sent out on the Internet.
•Use email software with built-in spam filtering.
•Educate End Users for:
•Never make a purchase from an unsolicited email.
•To delete the e-mail from the senders they don’t know
•To do not respond to spam messages , including “unsubscribe” links, as this will be an indication of the e-mails existence
•To use Blind Carbon Copy (BCC) if they send e-mail to a large group
•To be careful about giving out their email address on websites and newsgroups.
To Detect Spam
•Use Anti-Spam software with DNSBLs list from Spam Haus
•Use Hardware e-mail filters (such as Barracuda[15])
•Use White / Black listing
•Have a baseline and monitor your Hardware and Software resources
To Prevent Mail Strom
•Implement message recipients limits
•Implement maximum mail size limits
•Use Anti-Virus to prevent Virus Mail Bombs
To prevent phishing
•Use Anti Phishing best practises [16]
•Use modern browsers with in build Phishing prevention
•Use a client software Firewall to monitor your network activities
•Always check the URL
To Prevent E-Mail Spoofing
· Use cryptographic signatures
· Configure your mail delivery daemon to prevent someone from directly connecting to your SMTP port to send spoofed email to other sites
· Ensure that your mail delivery daemon allows logging and is configured to provide sufficient logging to assist you in tracking the origin of spoofed email.
· Consider a single point of entry for email to your site
· Educate your users about your site’s policies and procedures
To Prevent Social Engineering
This is one of the most difficult challenge, as it’s really very hard to implement controls on to Humans. As there is no patch for human stupidity. The most important thing here is educating end users and making sure that they are regularly updated with the latest theatres
[2] http://en.wikipedia.org/wiki/Spamming
[3] http://en.wikipedia.org/wiki/Email_bomb
[4] http://en.wikipedia.org/wiki/Email_storm
[5] http://blogs.technet.com/b/exchange/archive/2004/04/08/109626.aspx
[6] http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
[7] http://venturebeat.com/2013/08/16/outbrain-phishing/
[9] http://www.cert.org/tech_tips/email_spoofing.html
[10] http://en.wikipedia.org/wiki/Packet_analyzer
[11] http://en.wikipedia.org/wiki/Social_engineering_(security)
[12] http://en.wikipedia.org/wiki/Digital_rights_management
[13] http://www.iso27001security.com/html/27005.html
[15] https://www.barracuda.com/products/spamandvirusfirewall
