Email hacking

OPSEC warning military personnel not to use email accounts with weak security.

Email hacking is the illegal access to or manipulation of an email account or email correspondence.[1][2]

Overview

Email is a widely used communication mechanism that can be categorized into two basic types of web-based service: open and closed. Open web-based services provide email accounts to anyone, either for free or for a fee. Closed web-based services are managed by organizations who provide email accounts only to their members.[3] Email is used by commercial and social websites because of its security. Email is an increasingly common tool used to communicate. The main reason email accounts are hacked is to access the personal, sensitive, or confidential information that they might contain.

Attacks

There are a number of ways in which a hacker can illegally gain access to an email account, and the majority of them rely on the behaviour of the account's user.

Spam

Main article: Email spam

Spam is created by attackers who send unsolicited commercial or bulk email. Spammers continuously attempt to find new ways around the increased legislation and policies governing unsolicited emails. Attackers often send massive email broadcasts with a hidden or misleading incoming IP address and a hidden or misleading email address.[4] If the spammers were to gain access to a company’s email and IP address, the impact on the company's business could be devastating. The company’s Internet connection would be terminated by its Internet Service Provider (ISP) if its email and IP address are added to the black list of known spamming addresses. Effectively, this would shut down the company’s online business because none of the emails would reach their destination.

Virus

Main article: Computer virus

A virus incorporates email as a means of transportation. This type of virus is often called a worm - the Sobig virus is an example. This virus creates a spamming framework by taking over unwilling participants’ PCs.[4] This is a major threat to email security because the spam will continue to spread, triggering dangerous viruses with malicious intent.

Phishing

Main article: Phishing

Phishing is a type of attack that involves emails that appear to be from legitimate businesses that the user may be associated with. Phishing messages look authentic, with all the corporate logos and formats similar to that of official emails. These messages ask for verification of personal information, such as: an account number, a password, or a date of birth. Twenty percent of unsuspecting victims respond, which may result in stolen accounts, financial loss, or even identity theft.[4]

Preventing email hacking

Email on the internet is commonly sent by the Simple Mail Transfer Protocol (SMTP). SMTP does not encrypt the text of emails, so intercepted mail can be read easily unless encryption is used. The identity of the sender or addressee of an email is not authenticated, and this allows opportunities for abuse, such as spoofing.[5] It is important to guard all gateways of a network. Having a firewall and anti-virus software are adequate for personal use; however, this is often not enough for a corporate business. Security measures such as a sniffer and an intrusion detection system (IDS) determine if someone is accessing the network without permission, detecting any network intrusion attempts. In order to spot any weaknesses in a company's network, security specialists will perform an audit on the company. They may also hire a Certified Ethical Hacker to perform a simulated attack in order to find any gaps in existing network security.[6]

Although companies may secure its internal networks, vulnerabilities can also occur through home networking.[6] Email may be protected by methods, such as, creating a strong password, encrypting its contents, or using a digital signature. An email disclaimer may be used to warn unauthorized readers, but these are thought to be ineffective.

Cases of email hacking

Email is increasingly replacing letter mail for important correspondence. The increase of email usage has led to several notable cases in which emails were intercepted by other people for illegal purposes. For example, email archives from the Climatic Research Unit were leaked to create the scandal popularly known as Climategate.[7] Journalists employed by News International hacks email accounts of celebrities in search of gossip and scandal for their stories.[8] Individuals, such as, Rowenna Davis have had their accounts taken over and held ransom by criminals who tried to extort payment for their returned use.[9] The email accounts of politicians, such as Sarah Palin have been hacked in order to find embarrassing or incriminating correspondence.[10] On February 8, 2013, the media reported another incident of compromised email. This time from former United States president, George H.W. Bush. It was reported that the hacker stole photographs and personal emails, including addresses and personal details of several members of the Bush family.[11]

References

  1. Joel Scambray, Stuart McClure, George Kurtz (2001), "Email Hacking", Hacking Exposed, McGraw-Hill, p. 626, ISBN 9780072127485
  2. R. Thilagaraj, G Deepak Raj Rao (2011), "Email hacking", Cyber Crime and Digital Disorder, Manonmaniam Sundaranar University, p. 3, ISBN 9789381402191
  3. Feng Zhang, Rasika Dayarathn (2010). "Is Your Email Box Safe?". Journal of Information Privacy & Security 6 (1): 29.
  4. 1 2 3 Alex Kosachev, Hamid R. Nemati (2009). "Chronicle of a journey: an e-mail bounce back system". International Journal of Information Security and Privacy 3 (2): 10.
  5. Nitesh Dhanjani, Billy Rios, Brett Hardin (2009), "Abusing SMTP", Hacking, O'Reilly Media, pp. 77–79, ISBN 9780596154578
  6. 1 2 "Online security: Hacking". New Media Age: 8–9. 24 March 2005.
  7. Maxwell T. Boykoff (2011), "The UEA CRU email hacking scandal (a.k.a. 'Climategate')", Who Speaks for the Climate?, Cambridge University Press, pp. 34–40, ISBN 9780521133050
  8. James Cusick, Ian Burrell (20 January 2012), "We hacked emails too – News International", The Independent (London)
  9. Tony Dyhouse (25 October 2011), Email hacking victim Rowenna Davis tells her story, BBC
  10. Charles P. Pfleeger, Shari Lawrence Pfleeger (2011), Analyzing Computer Security, Prentice Hall, pp. 39–43, ISBN 9780132789462
  11. "Hacker exposes ex-US President George H W Bush emails". BBC News. 8 February 2013. Retrieved 10 February 2013.
This article is issued from Wikipedia - version of the Thursday, May 05, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.