Thursday, December 4, 2008

Free Internet Email Accounts – A False Sense of Security

Lots of people have free email accounts from Yahoo, Hotmail, Google, and other vendors. And of course, the obvious reason is that they are free.

However, some people use these free email accounts for more nefarious reasons: Sending hate mail to someone, exchanging love letters with their paramour, extortion, scams, creating false alibis, etc. You name it and there is probably someone using one of these free email accounts do it.

What many of these people don't understand. And when I say these people, I am not talking about the sophisticated spammers and spoofers to use these to make a living. I am talking about your everyday computer user who decides that using one of these free accounts will guarantee their privacy or anonymity.

What can I say to those folks? Wrong!

First of all, it is relatively easy to backtrack an email from one of these accounts to the IP address. (the IP address is a unique string of numbers used by a computer accessing the Internet), of the originating computer or computer network. Now that may not get you to the actual sender's IP address if they are in a big network like a university or company, or if they are using a wireless hot-spot somewhere. Of course, if the wireless hot-spot requires an account, like many do, your information will be stored there somewhere as well. Most likely by whatever company records your usage for billing to your credit card.

But in general, if the header can be gotten, tracking the email back to its source is simple and usually only takes a few minutes.

And very few people go to the amount of effort to never access the account from some place where they can be identified if the email is tracked to that location.

But backtracking an email is only the barest of techniques for finding out who sent an email to someone using one of these free accounts.

The next step is to subpoena the email service, i.e. Yahoo or Microsoft and get the access history for the account. This will provide the investigator with the IP address, date and time for every instance the account was accessed.

From there it is a simple matter of contacting the ISP, (Internet Service Provider), such as Time Warner or Bell South and obtaining the subscriber information for each of the IP address. That will yield the name, address and payment information for each of the IP addresses.

If the email came from a university, they tend to keep access logs for all the computers on their networks as well. Even the public computers in the library. And since most universities require a user name and password to access their networks, guess what? Yep, they can track the access back to a student or faculty account.

Now I know that you techie folks will say that the IP can be spoofed and so can the MAC address of the network card on the computer. But those are techniques that the general public is not aware of and would not know how to do anyway.

Beyond backtracking emails, many people use these accounts because they are Internet based and do not require an email program like Microsoft Outlook or Outlook Express to use. The thinking here is that if there is no program to store emails, they cannot be recovered from their computer.

Wrong again.

Any time someone is using the Internet to view or compose email, those pages are being stored on the hard drive just like all other web site pages. And even if the person is diligent about erasing their Internet history, those pages can probably be recovered if the computer gets into the hands of a computer forensics expert.

No comments:

Post a Comment

I have moderated my comments due to spam.