Wednesday, October 3, 2007

Ur e mail can be intercepted ! check how!!

Top 10 Places Your Email Can Be Intercepted

The Internet has radically changed the way we communicate with each other. Email is obviously
an extremely valuable and ubiquitous form of communication, but with this technology comes
certain pitfalls that should be understood. The path that an email message takes to reach its
recipient is a complex and varying one, and while in transit that message may come under the
potential scrutiny of numerous different people and organizations.

We will attempt to outline the varying paths that an email message may travel, and who some of
those different people and organizations might be under whose scrutiny the message may pass.
The intention of the document is not to provide a how-to guide; the only specific technique that
will be discussed, packet sniffing, is one that anybody with any technical networking knowledge
whatsoever is already familiar with – which brings us to an important point. At a round number,
there are probably at least a million people in the world with the requisite technical knowledge
necessary to intercept Internet-based email. Yes, I said a million. (There are actually probably a
lot more than that - maybe several million by now, and more everyday as the populace becomes
more networking-literate.) Fortunately, the number of those people who actually have the
physical access necessary to intercept email is much smaller, but it is still a very large number.

The Internet
The Internet is composed of numerous different interconnected networks and systems that
collectively provide a backbone for the transmission of network traffic. It is a highly dynamic
physical environment: a system or network device that is here today may be gone or reconfigured tomorrow, and the underlying protocols of the Internet will automatically detect and accommodate for this change. This dynamic nature is one of the things that make the Internet so powerful. However, given the dynamic nature of the Internet, it is impossible to absolutely predict exactly what path network traffic will follow. One email message that you send could take an entirely different path to reach the recipient than another that you send to the same person. In fact, it is even worse than that: for the sake of efficiency, email messages and other network traffic are typically broken down into smaller little chunks, or packets, before they are sent across the network, and automatically re-assembled on the other side. Each of these individual packets may in fact follow a different path to get to the recipient! (In actual practice, a given path tends to get reused until the operational parameters of that or other related paths have significantly changed.) The net result of all this is that your message, or at least little chunks of your message, travels through an indeterminate set of systems and network devices, each of which offers a point of interception. These systems may be owned or operated by corporations and non-profit organizations, by colleges, by governments and government agencies, or by telecom and other connectivity providers. Given such a widely divergent group, it is easy to see how either an unethical organization or a renegade employee may easily gain access to the messages and traffic crossing their systems. All of these factors combine to make the Internet itself the primary source of message interception points.

Internet Service Provider (ISP) All Internet traffic to and from your machine flows, by definition, through the systems of your
Internet Service Provider (ISP) – the ISP is your connection to the cloud. Your ISP, a renegade
employee of your ISP, or someone working in cooperation with your ISP can intercept and read
your email with ease. (This is why the fed targets ISPs for Carnivore implementations.)

Interception by Internet Service Provider

Most ISPs are highly ethical and have the best interests of their customers at heart; however,
there have been instances of less scrupulous ISPs taking advantage of the trust their users place
in them. There was a case in San Francisco where an ISP was charged with multiple counts of
intercepting email traffic between January and June 1998 from one of their business customers,
namely, and forwarding the insider information contained therein to a competitor.
They settled the case with prosecutors in November 1999. There have been other instances of
this type of behavior, but these cases are frequently settled with relatively little press. This is not just limited to small ISPs however; in the case of a large ISP it is much more likely that it is a
renegade employee intercepting messages than the ISP itself, but the ease of interception is just
the same.

Yet another more recent development in ISP-based message interception that has seen a lot of
press lately is the federal government’s desire to utilize mechanisms such as the Carnivore
system to intercept email messages and other Internet traffic. The primary complaint about a
system such as this is that it intercepts all Internet traffic from all users of the ISP – it in essence intercepts and surveys everybody to find the one it is looking for. Concerns have been raised regarding what will happen with the balance of supposedly superfluous information.

Email Provider
All email messages sent to and from your email account obviously have to travel through the
systems of your email provider. In many cases, your email provider is the same entity as your
ISP, but with the prevalence of free email providers and other email hosting services, many more people are using email accounts provided by someone other than their ISP. An email provider has very easy access (as easy as that of the ISP) to the content of your messages when those messages pass through their server.

Interception by Email Provider

Email sent from an office computer must typically travel extensively across corporate networks
and backbones prior to reaching the cloud itself (to reach which it may possibly also have to go
through a commercial ISP.) While traveling across the corporate network, messages are
effectively open to interception by many different people such as coworkers (in addition to people who may legitimately have an interest in auditing messages such as system administrators or security officers.) Corporations also typically act as email providers for their employees.

Interception Points in a Corporate Environment

Some companies have relatively good control over their internal networks and have implemented controls and procedures to eliminate this sort of thing, but in many more companies (most companies, actually) it is as simple as running a packet sniffer on your machine and you are able to intercept all the traffic traveling across the corporate network or at least the local subnet. There are countless well-documented incidents of this type, covering the entire range from corporate spying to renegade employees acting alone.

Hotel/Conference Center/Internet Café
Many luxury and business-class hotels and conference centers provide Internet connectivity as
part of their standard service offering. This is an extremely convenient service, but it is also a
significant security risk if not structured correctly. The hotel or conference center’s internal
network has close parallels to a corporate network, and typically either hotel employees or other
guests may intercept traffic on this type of network with great ease. In a hotel or conference
center access to the internal network is effectively open to anybody willing to book a room.

Hotel/Conference Center Interception Points

Try this – the next time you book a hotel or conference center that offers Internet connectivity,
inquire as to the measures that have been taken to protect traffic on the internal network, not just from external attacks but from internal attacks as well. See what the response is…
Internet cafés take this security risk to an entirely new level. When you sit down at an Internet
café and start sending messages, the person sitting immediately next to you could be intercepting and reading everything you say!

Housing Provided Connectivity
Many condominium and apartment complexes are starting to offer built-in high speed Internet
connectivity as an incentive to prospective tenants. This is very similar to the hotel/conference
center model and has the same risks and concerns – if anything, however, an internal network
owned and administered by a property management company is probably likely to be less well
administered and protected than an internal network owned by a large hotel chain – at least the
hotel chain probably has corporate IT standards that they ostensibly must follow.

College/Trade School
Colleges and trade schools are another hotbed of interception activities. College networks are
typically reasonably similar to corporate networks, and pose the same risks and opportunities for traffic interception. However, in a collegiate culture there is typically more ‘hacking’ type activity going on, and thusly the risk of interception is probably greater than in a corporate environment (though the value of the transmitted information is typically much lower.) Colleges typically provide students with their own email addresses, and also typically have a somewhat distributed physical environment.

Interception in a College Environment

Local Loop
Connectivity provision solutions such as cable modems and other broadband technologies use a
‘shared local loop’ network model. This means that all cable modem traffic in your local
neighborhood is traveling across a shared physical wire or set of wires, albeit modulated to
unique frequency ranges. This is typically the same physical wire that also carries other services
such as cable television to your house.

Local Loop Interception

While intercepting your next door neighbor’s email messages isn’t quite as easy as just running a
packet sniffer on your machine (there is some little bit of hardware that you need as well), it is not at all that difficult to achieve - the technique is reasonably well documented in certain circles. The same technique applies to tapping into the loop itself.
Metropolitan Area Networks and Wireless Networks
Metropolitan Area Networks (MANs) and wireless networks are just starting to be implemented
in the US – other countries, however, have already expended significant effort in attempts
to provide Internet connectivity to their major metropolitan areas. In some models, this
effectively makes local government the ISP, while in other models the local government provides the network connectivity while a commercial ISP provides the actual Internet connectivity.

Regardless, this introduces yet another entity who has access to intercept and scrutinize your

Interception in a MAN environment

Wireless network connectivity intuitively seems to provide yet another illicit network access point by allowing interception of the transmitted signals; however, most wireless networking protocols have privacy-enabling technologies built in to their design, and thusly interception of the transmitted signals is not effective. However, traffic may typically be intercepted at the wireless access point (the base station for the antenna) when it is converted to wired networked signals, though this is protocol dependent and the protocol designers are busily at work trying to find a solution for this problem.

Interception at Wireless Network Access Point

There are many places where email messages can be intercepted in transit. This document has
attempted to outline only the most pervasive of access points into the overall network, but the
Internet is a highly dynamic and rapidly changing physical environment and thusly Internet traffic will, for the foreseeable future, be subject to multiple points of attack in transit. The points of attack have all been illustrated from the standpoint of the message sender, but it is important to note that they all exist on the recipient’s side as well.
There is no way to stop people from intercepting your email messages. The only thing you can
do to protect the privacy of your messages is to encrypt those messages so that, if intercepted,
they cannot be read and will be of no use. This is the nature of the Internet.

No comments: