Electronic Mail

Security
The E-mail Risk
• E-mail is widely used and has a well-defined and universally implemented protocol,
which is SMTP (simple mail transfer protocol). Therefore, it is a prime target for hacke
rs developing attacks. Attacks on e-mail focus on two areas: the delivery and executio
n of malicious code (malcode) and the disclosure of sensitive information.
•The two main attack vectors that are used are:
■ Auto-processing — Many mail clients automatically open and preview content whe
n it is received, even if the user is not at the system. Therefore, a carefully crafted atta
ck could automatically run on a system with no action required from the user.
■ Social engineering — Many e-mail attacks are meant to manipulate a person into cl
icking on a link or opening an attachment that looks legitimate (phishing attacks), all
owing an attacker to run malicious content on a system.
Data vulnerabilities
E-mail can reveal a huge amount of company and personally sensitive dat
a. For example, consider only a few common items in e-mail traffic:
■ Whom you correspond with — Can be used in expanded attacks.
■ What you think about other people — Few people would want their per
sonal opinions made public.
■ Business strategies — How to win a contact
■ Informal policies — Many a whistle-blower has used e-mail to establish t
he existence of a company policy that was not written down or recorded i
n any place other than e-mail.
■ Who are allies or enemies — People tend to be brutally honest in e-mail
s, more so than in a memo or other written policy.
■ Who is being deceived and misled — Persons tend to set the record strai
ght in e-mail. Explanations of ambiguous policies are clearly explained.
 Data integrity
Data integrity, the text put into an e-mail message is easily seen and read at the
IP packet level. The packet can be read with readily available network administr
ator tools.
It is only slightly more difficult to modify the text in the e-mail by modifying the
packets. Some typical information contained in an e-mail message that may be
altered is as follows: ■ Addressees — The attacker can change or resend the e-
mail to a different addressee. E-mail is often confidential and only intended for
those listed on the To: line. It is easy to see that changing addressees can create
havoc.
■ Financial amounts — If the e-mail directs the handling of funds, the dollar a
mounts could easily be altered. For example, the unsuspecting sender of the e-
mail may be authorizing a stockbroker to purchase stock at $10 per share, but t
he altered e-mail may read $50 per share.
■ Object of financial transactions — Not only could attackers change the dollar
amount of a transaction, but they could also make themselves the object of the
money transfer. Consider an e-mail that instructs an agent to transfer $100 to
E-mail man in the middle attack
E-mail man-in-the-middle attacks, the attacker must have control of one of
the many firewalls, routers, or gateways through which the e-mail traverse
s. Other man-in-the-middle attacks do not require control of the gateway; r
ather, the attacker merely needs to reside on the same local area network
(LAN) segment as the user sending or receiving the e-mail or compromise a
host on a network. In this case, the attacker can use an Address Resolution
Protocol (ARP) spoofing tool, to modify all e-mail packets going to and fro
m the mail server or gateway. In an ARP spoof attack, the attacker gets bet
ween any two hosts in the e-mail transmission path. There are four possibl
e locations to attack: ■ Between the e-mail client and server — This situatio
n assumes that the client and server are on the same LAN segment. ■ Bet
ween the e-mail client and the gateway — The gateway must be in the pat
h to the mail server. ■ Between two gateways — The gateways must be in
the path between the client and the server. ■ Between the gateway and th
e mail server — This option assumes the client and the server are not on the
same LAN segment and therefore the e-mail traffic must reach the server vi
a a gateway.
E-mail replay attack
An e-mail replay attack occurs when an e-mail packet (or set of packets) is c
aptured, the e-mail message extracted, and the message put back on the ne
twork at a later time (replayed). This causes a second, identical e-mail to be
received. The danger or damage occurs when the second e-mail is accepted
as legitimate and causes unforeseen consequences
Spam
Spam is the unwanted receiving of e-mail. It is a major irritant and consumer of reso
urces.
It has been estimated that for some of the large e-mail providers, over half of the e-
mail they service is spam. In gross terms, this means that these providers could get
by with half of the resources needed to handle their customers’ e-mail.
From a security perspective, spam is a potential denial-of-services (DoS) problem.
Spammers make money by getting their advertising message out to thousands or mi
llions of people.
Very few will respond positively to the message, but even a very small percentage of
responses will produce enough activity to make the spamming profitable.
Spamming is profitable because it is very cheap to send an e-mail, so it requires onl
y one positive response to cover the cost.