(P.S: This is a hypothetical story to highlight a learning
point)
Knock, Knock, Knock, there is some body at your main door.
You open the door to find a few policemen push their way in.
They are from the Cyber Crime Police squad and
charge you of having sent an e-mail to a known terrorist in Pakistan which
contains some objectionable messages about Gujarat.. They would like to arrest
you under POTA. They also want to seize your computer and use Electronic
documents as evidence as provided in ITA-2000.
You are at a loss to understand why you have been charged
for the offense when you know nothing about the alleged e-mail.
Your friendly Policeman is good enough to reveal that they
had traced an e-mail sent to a Pakistani e-mail ID and when they checked the
originating IP address, it lead to your local ISP who after checking his records
has certified that the IP address was allocated to your dial up account during
the time the mail seems to have been sent.
You are aghast and have no answer.
Tail piece: The policeman beams happily for having cracked the
"First
e-mail terror case in India" and is thinking of the press conference that he
should call in the evening. Star TV crew gets the scent and rushes to your house
to capture the breading news of "Arrest of a Terrorist Accomplice".
This is a typical consequence of E-Mail Spoofing and could
very well be your plight one day. Hopefully, Indian Cyber Crime Police squad are
well trained to understand the possibility of E-Mail Spoofing to understand that
in Cyber Crime scenario, many times "What You See Is Not What Is Real
(WYSINWIR). Even otherwise, You will also perhaps have the assistance of the
experts who can prove in the Court of Law that you are innocent and the
offending e-mail is perhaps a spoofed e-mail.
The reason why this hypothetical possibility has been
highlighted is that , a virus named W32klez.eml is now prowl in India and uses
E-Mail spoofing as a part of its spreading strategy. This worm which manifests
in various forms has the ability to send out e-mails ostensibly from a e-mail
address of some innocent e-mail ID, which could very well be yours.
The undersigned has been alerted of such a possibility since
I have been receiving "Undelivered Mail Notices" for mails which have not been
sent by me and to addresses not in my address book.
To avoid complications, please check your computers today for
the existence of the worm using the removal tool from Symantec given below.
Please note however that the spoofed e-mail may actually
emanate from some body else's system and not yours. Hence even if your Computer
is clean, you may not avoid your e-mail ID being spoofed. But by keeping your
system clean, you will prevent your computer from releasing such spoofed e-mails
in the names of your friends in your address book.
Naavi
April 29, 2002
Related Articles:
Removal Tool from Symantec
No Joke-EMail Spoofing on the Rise-Article from Symantec
Your Views
can be sent here