Analysing s Michael Jones
Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s
How Works uses Simple Mail Transport Protocol (SMTP) – Normally linked to port 25 Text-based protocol – All commands are written in plaintext No verification or encryption – Of sender’s credentials – Of the integrity of the message For more information – Search for “smtp tutorial” Michael Jones3Analsysing s
Mail Forwarding A mail server might not have direct access to the server that owns the recipient’s account The mail is then forwarded to another server that might have that information The details of each server are added to the START of the message The originating location is thus the last one (in the header) – Providing no spoofing has gone on Michael JonesAnalsysing s4
-related Crime spoofing Sending malicious codes through bombing Sending threatening s Defamatory s frauds For more information: – Search for “ -related crime” or “ crime” Michael Jones5Analsysing s
Spoofing Techniques – Suggesting the comes from someone other than the actual sender – Typing incorrect sender details Example crime: spamming – Most on the Internet is spam – Spamming is not a criminal offence – Compromised or rogue servers used to mask the original location from which the s were sent – Most spam is motivated by money E.g., getting people to buy drugs – Almost all companies now employ spam filtering software Michael JonesAnalsysing s6
Sending Malicious Code via Code included in an attachment User opening attachment is interpreted by the software as implying that the user trusts the contents of the attachment Example: I Love You More sophisticated s might suggest that the attachment is a security patch that must be applied – E.g., sender spoofs the as being from a trusted security company Michael Jones7Analsysing s
Bombing Swamping someone’s account Direct technique – Sending lots of s – often with attachments – Fairly easily detected Indirect technique – Subscribe the user to many mailing lists – Difficult to prevent, and time-consuming to counteract Michael JonesAnalsysing s8
Sending Threatening s Example of cyber bullying – Prevalent in many schools (but methods are often linked to chat and SMS) Intentions: – Blackmail (e.g., by attaching or including apparently incriminating images or facts) E.g., for money or information – Social exclusion – by children Michael JonesAnalsysing s9
Defamatory s Defamatory = words intended to harm another Sent either to the person or to someone else Example: – Bill sends an to Emma suggesting it comes from John. The contains malicious information about Julie. Julie is being defamed, and the implication is that John is the perpetrator Michael JonesAnalsysing s10
Frauds Phishing – User is tricked into not only revealing their bank details, but into allowing the attacker to take money from their account How it works – Depends on the delays in the banking clearing system – Attacker appears to deposit a large amount of money in the victim’s account – Victim allows the attacker to take ‘commission’ for the transaction – A few days later, the bank clearing system catches up and finds that the deposit was fraudulent – The only valid transaction is the one FROM the victim’s account Michael JonesAnalsysing s11
Mitigations Mitigation – counteracting something that has already occurred mitigation is difficult – Direct bombing can be detected and countered – Attachments can be quarrantined Michael JonesAnalsysing s12
Countermeasures Techniques Spam detection and filtering – User education E.g., do not open attachments you do not trust – Hiding addresses E.g., not placing them directly on a web page – Hiding them using JavaScript – JavaScript puts the together from various fragments Spam software ‘harvests’ addresses by scanning web pages Michael JonesAnalsysing s13
Summary Most malicious activity is relatively harmless at the company or country level But not at the individual level Users need to see as indicative, not definitive Michael JonesAnalsysing s14