Researchers harvest e-mails from fortune 500 firms.
By misspelling words, two security researchers were able to harvest a treasure trove of confidential e-mails, including trade secrets, names, and passwords, from Fortune 500 companies.
According to Security News, Peter Kim and Garrett Gee from the information security think tank Godai Group intercepted 20 gigabytes of sensitive data by setting up "doppelganger domains"--web domain names that look the same as those of legitimate organizations except they are misspelled.
This method of spoofing a real website to harness and intercept traffic is called "typosquatting."
Kim and Gee spent six months on the project, and the results were shocking: They intercepted more than 120,000 individual e-mails from 30 Fortune 500 companies and found that 151 companies are vulnerable to such attacks, Wired reported.
Fake domain names could include a preface, such as "e-mail," before the actual website name, or involve the change of only a period separating a subdomain name from a primary domain name. An example is se.ibm.com instead of the actual se.ibm.com domain that IBM uses for its division in Sweden, according to Wired.
Within the 120,000 e-mails drawn to their fake domain names were details, including user names and passwords, for an international organization that manages roadway toll systems, and the "full configuration details for the external Cisco routers for a large IT consulting firm, along with passwords for accessing the devices," Wired reported. Kim and Gee also accessed invoices, contracts, and credit card information from other organizations.
The variety of Fortune 500 companies found to be open to such attacks was surprising--gas and electric companies, pharmaceutical firms, chemical and computer software companies, and financial firms.
The Godai Group researchers included a chart that shows 15 current doppelganger domains already in use, including "Kscisco.com" for Cisco and "e-mailkohls.com" for Kohls. Some of the spoofed domain names, the researchers discovered, are already registered to IP addresses in China "and to domains associated with malware and phishing."
Out of the 30 doppelganger domains they set up, Wired said only one organization noticed when the researchers registered the fake domain name, and only two senders out of the entire 120,000 e-mails said they had noticed the mistake.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||WEB SECURITY|
|Publication:||Information Management Journal|
|Date:||Jan 1, 2012|
|Previous Article:||PACER fees to increase by 25%.|
|Next Article:||White House appeals ruling on visitor logs.|