Printer Friendly

Researchers harvest e-mails from fortune 500 firms.

By misspelling words, two security researchers were able to harvest a treasure trove of confidential e-mails, including trade secrets, names, and passwords, from Fortune 500 companies.

According to Security News, Peter Kim and Garrett Gee from the information security think tank Godai Group intercepted 20 gigabytes of sensitive data by setting up "doppelganger domains"--web domain names that look the same as those of legitimate organizations except they are misspelled.

[ILLUSTRATION OMITTED]

This method of spoofing a real website to harness and intercept traffic is called "typosquatting."

Kim and Gee spent six months on the project, and the results were shocking: They intercepted more than 120,000 individual e-mails from 30 Fortune 500 companies and found that 151 companies are vulnerable to such attacks, Wired reported.

Fake domain names could include a preface, such as "e-mail," before the actual website name, or involve the change of only a period separating a subdomain name from a primary domain name. An example is se.ibm.com instead of the actual se.ibm.com domain that IBM uses for its division in Sweden, according to Wired.

Within the 120,000 e-mails drawn to their fake domain names were details, including user names and passwords, for an international organization that manages roadway toll systems, and the "full configuration details for the external Cisco routers for a large IT consulting firm, along with passwords for accessing the devices," Wired reported. Kim and Gee also accessed invoices, contracts, and credit card information from other organizations.

The variety of Fortune 500 companies found to be open to such attacks was surprising--gas and electric companies, pharmaceutical firms, chemical and computer software companies, and financial firms.

The Godai Group researchers included a chart that shows 15 current doppelganger domains already in use, including "Kscisco.com" for Cisco and "e-mailkohls.com" for Kohls. Some of the spoofed domain names, the researchers discovered, are already registered to IP addresses in China "and to domains associated with malware and phishing."

Out of the 30 doppelganger domains they set up, Wired said only one organization noticed when the researchers registered the fake domain name, and only two senders out of the entire 120,000 e-mails said they had noticed the mistake.

COPYRIGHT 2012 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2012 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:WEB SECURITY
Publication:Information Management Journal
Geographic Code:1USA
Date:Jan 1, 2012
Words:368
Previous Article:PACER fees to increase by 25%.
Next Article:White House appeals ruling on visitor logs.
Topics:

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters