PORT OF SPAIN, Trinidad—The controversy which has arisen out of the contribution of the Leader of the Opposition in the House of Representatives in Trinidad and Tobago on May 20 has given rise to a great deal of public discussion.
At least two important questions arise. First, are these real e-mails or are they printed fabrications designed to look like e-mails? Second, even if the e-mails were shown to exist, can it be assumed that they were written by the people whose e-mail addresses were used?
Based on the public representations alone, it is not possible at this stage to determine the validity of the documents as authentic emails. This question will be put to rest only if electronic copies of the e-mails are recorded as having existed on the servers of the relevant e-mail providers.
Fake E-mails: Easy To Create, Possible To Spot
So, exactly how easy is it to falsify an e-mail address? And how hard is it to detect a fake?
The fact is that fake e-mails are a part of everyday life on the Internet. Perpetrators often employ sophisticated social engineering techniques to trick people into revealing personal data, banking details and passwords. These tricks are regularly used by scammers to deceive victims into thinking e-mails are coming from trusted relatives, friends, or financial institutions, in order to get them to send money or exchange sensitive information.
Fraudsters can create e-mails that appear to come from any address they want in a few minutes, using common e-mail software applications, said Bevil Wooding, an Internet Strategist with U.S.-based Packet Clearing House, a non-profit research organisation that routinely helps governments deal with cybersecurity breaches. Incidents of e-mail fraud often have an international dimension because e-mail servers can be located in various parts of the world and are therefore beyond the jurisdiction of local law enforcement.
“Fake e-mails are surprisingly easy to create, if you know the tricks. Fortunately, they are also possible to spot, if you know what to look for,” Wooding said.
The way to expose whether an e-mail message is fake or real, he said, is to obtain an electronic copy of the e-mail and examine the “headers” associated with it. E-mail message headers outline the technical details about the message, such as where it originated, who sent it, the software programme used to compose it, and the e-mail servers on the Internet that it passed through on its way to the recipient. The header information will also reveal the real e-mail account and IP addresses used to send the message.
Wooding explained that every device connected to the Internet is identified by a unique numeric address known as an IP address.
Wooding explained that Internet Protocol, commonly referred to in technical circles as IP, is the set of rules used by computers to communicate with each other over the Internet. The Internet’s Domain Name System, commonly referred to as DNS, is like a phone book for the Internet. It translates domain names such as tstt.co.tt or gmail.com into a machine-understood Internet Protocol (IP) addresses like 184.108.40.206 or 220.127.116.11. These addresses can be used as a sort of digital footprint to track where messages originate, transit and terminate.
“Finding the trail for tracing the true source of an email message has to begin with an analysis of the Internet header for the email. However, tracing the source can be challenging if multiple jurisdictions are involved and if the owners of the e-mail servers involved are unco-operative. This is why e-mail traces typically involve court orders, police investigations and professional forensic audits of the electronic trail.”
Ronald Hinds, CEO of Teleios Systems, a Trinidad-based technology company, agreed.
“To fake an email is not hard,” he said, “but to fake it properly so that it’s not going to get caught is hard. I can easily make an account that says ‘email@example.com‘, for example, on the ‘From’ field, but it doesn’t mean when you reply that it’s going to go back to that address, and it doesn’t mean it’s from that address. I can send you an e-mail now that basically says I’m your boss, your banker or your uncle. Unless you look at the email header information to see it’s actually coming from a different account and an unusual IP address, you wouldn’t know.”
“For example, if an e-mail was sent to or from a gmail (Google) account, it would likely still continue to exist on Google’s servers, even if that e-mail was subsequently deleted from the machine and/or email account of the sender or recipient. The question might therefore be reframed to ask, if the documents were emails, can their existence be verified or disproved. Briefly, the answer is yes. The next question becomes how.
In that regard, a libel case involving Jamaican businessman Gordon “Butch” Stewart and Google is instructive. In 2009, U.S. and Jamaican agents searched the offices of Jamaica Tours Limited, owned by the family of Opposition Senator Noel Sloley, to trace the origin of an e-mail that Stewart claimed was libellous.
Tracking e-mail fraud is not easy, particularly when jurisdictions overlap. The complex nature of twenty-first century misdeeds requires a response from experts across several disciplines. New levels of co-operation and diligence must be applied. With the incidence of electronic crime is on the rise, the makers and enforcers of our laws have no choice but to face this threat head on.
4 Ways To Fake E-mails
The Caribbean Network Operators Group (CaribNOG), a volunteer community of regional technology professionals and ethical computer hackers, lists several methods fraudsters use to send fake e-mails:
1. Spoof the content of an email to claim that it came from someone else. This is relatively trivial since the sender can use any standard email client to set the headers and body of any email which is sent.
2. Hack into an online email account service or access an unlocked or compromised computer, or a hacked online account, and send an email as another user. In this case, the scammer must get the details and the tone of the message right so that it doesn’t appear out of character. This sort of forgery can be hard to detect.
3. Hack into a mail server and add an unauthorised message into the mail queue. This approach can be done to either inbound or outbound queue, allowing an intruder to cause mail to leave your Outbox, or enter your Inbox. This sort of forgery can also be tough to spot.
4. Create and print a document that looks like an e-mail, though it never was, and leave that document as misinformation to be found and acted upon. Of course, e-mails constructed this way will not match up to any legitimate e-mails found on servers or computer logs. If a proper forensic audit is done, this type of fraud is generally easily exposed.