Email hacking

From Wikipedia, the free encyclopedia
Jump to: navigation, search
OPSEC warning military personnel not to use email accounts with weak security.

Email hacking is the unauthorized access to, or manipulation of, an email account or email correspondence.[1][2]

Overview[edit]

Email is a widely used communication mechanism that can be categorized into two basic types of web-based service: open and closed. Open web-based services provide email accounts to anyone, either for free or for a fee. Closed web-based services are managed by organizations who provide email accounts only to their members.[3] Email is used by commercial and social websites because of its security. Email is an increasingly common tool used to communicate. The main reason email accounts are hacked is to access the personal, sensitive, or confidential information that they might contain. This is very harmful for the user and could cause damage to profiles on certain websites, bank accounts, and personal life.

Attacks[edit]

There are a number of ways in which a hacker can illegally gain access to an email account, and the majority of them rely on the behavior of the account's user.

Spam[edit]

Main article: Email spam

Spam is created by attackers who send unsolicited commercial or bulk email. Spammers continuously attempt to find new ways around the increased legislation and policies governing unsolicited emails. Attackers often send massive email broadcasts with a hidden or misleading incoming IP address and a hidden or misleading email address.[4] If the spammers were to gain access to a company’s email and IP address, the impact on the company's business could be devastating. The company’s Internet connection would be terminated by its Internet Service Provider (ISP) if its email and IP address are added to the blacklist of known spamming addresses. Effectively, this would shut down the company’s online business because none of the emails would reach their destination.

Virus[edit]

Main article: Computer virus

A virus incorporates email as a means of transportation. This type of virus is often called a worm - the Sobig virus is an example. This virus creates a spamming framework by taking over unwilling participants’ PCs.[4] This is a major threat to email security because the spam will continue to spread, triggering dangerous viruses with malicious intent.

See ransomware.

Phishing[edit]

Main article: Phishing

Phishing is a type of cyber attack that involves emails that appear to be from legitimate businesses that the user may be associated with. As these phishing emails are scams they are designed to look as though they come from the claimed entity. These messages ask for verification of personal information, such as an account number, a password, or a date of birth. Twenty percent of unsuspecting victims respond, which may result in stolen accounts, financial loss, or even identity theft.[4] It is best not to respond to unsolicited emails as they may be attacks of this kind. If one deems it necessary to respond to an unsolicited email, they should be sure to check it for misspellings or odd phrasings as these can be a giveaway of illicit activity. It is also not a good idea to open email attachments from senders one does not trust.

Preventing email hacking[edit]

Email on the internet is commonly sent by the Simple Mail Transfer Protocol (SMTP). SMTP does not encrypt the text of emails, so intercepted mail can be read easily unless encryption is used. The identity of the sender or addressee of an email is not authenticated, and this allows opportunities for abuse, such as spoofing.[5] It is important to guard all gateways of a network. Having a firewall and anti-virus software are adequate for personal use; however, this is often not enough for a corporate business. Security measures such as a sniffer and an intrusion detection system (IDS) determine if someone is accessing the network without permission, detecting any network intrusion attempts. In order to spot any weaknesses in a company's network, security specialists will perform an audit on the company. They may also hire a Certified Ethical Hacker to perform a simulated attack in order to find any gaps in existing network security.[6]

Although companies may secure its internal networks, vulnerabilities can also occur through home networking.[6] Email may be protected by methods, such as, creating a strong password, encrypting its contents,[7] or using a digital signature. An email disclaimer may be used to warn unauthorized readers, but these are thought to be ineffective.[by whom?] Other ways that one can secure personal email accounts include enabling 2-factor authentication in settings and use of an encrypted email service such as Protonmail.

Cases of email hacking[edit]

Email is increasingly replacing letter mail for important correspondence, and the increase of email usage has led to several notable cases in which emails were intercepted by other people for illegal purposes. For example, email archives from the Climatic Research Unit were leaked to create the scandal popularly known as Climategate.[8] News of the World journalists employed by News International have in the past hacked email accounts for their stories.[9] Individuals, such as, Rowenna Davis have had their accounts taken over and held ransom by criminals who tried to extort payment for their returned use.[10] The email accounts of politicians, such as Sarah Palin have been hacked in order to find embarrassing or incriminating correspondence.[11] On February 8, 2013, the media reported another incident of compromised email. This time from the former United States president, George H.W. Bush. It was reported that the hacker stole photographs and personal emails, including addresses and personal details of several members of the Bush family.[12] Hillary Clinton has also had recent[when?] controversy regarding her use of a private unsecured email server. There are even some who speculate that the email server could have been breached by the Russian or Chinese governments. All of this has resulted in an as of yet unresolved FBI investigation.

References[edit]

  1. ^ Joel Scambray; Stuart McClure; George Kurtz (2001), "Email Hacking", Hacking Exposed, McGraw-Hill, p. 626, ISBN 9780072127485 
  2. ^ R. Thilagaraj; G Deepak Raj Rao (2011), "Email hacking", Cyber Crime and Digital Disorder, Manonmaniam Sundaranar University, p. 3, ISBN 9789381402191 
  3. ^ Feng Zhang; Rasika Dayarathn (2010). "Is Your Email Box Safe?". Journal of Information Privacy & Security. 6 (1): 29. 
  4. ^ a b c Alex Kosachev; Hamid R. Nemati (2009). "Chronicle of a journey: an e-mail bounce back system". International Journal of Information Security and Privacy. 3 (2): 10. 
  5. ^ Nitesh Dhanjani; Billy Rios; Brett Hardin (2009), "Abusing SMTP", Hacking, O'Reilly Media, pp. 77–79, ISBN 9780596154578 
  6. ^ a b "Online security: Hacking". New Media Age: 8–9. 24 March 2005. 
  7. ^ https://prism-break.org/en/all/#email-encryption
  8. ^ Maxwell T. Boykoff (2011), "The UEA CRU email hacking scandal (a.k.a. 'Climategate')", Who Speaks for the Climate?, Cambridge University Press, pp. 34–40, ISBN 9780521133050 
  9. ^ James Cusick; Ian Burrell (20 January 2012), "We hacked emails too – News International", The Independent, London 
  10. ^ Tony Dyhouse (25 October 2011), Email hacking victim Rowenna Davis tells her story, BBC 
  11. ^ Charles P. Pfleeger; Shari Lawrence Pfleeger (2011), Analyzing Computer Security, Prentice Hall, pp. 39–43, ISBN 9780132789462 
  12. ^ "Hacker exposes ex-US President George H W Bush emails". BBC News. 8 February 2013. Retrieved 10 February 2013.