Watch Out...

Submitted by Olivia Isaacs on Mon, 12/09/2011 - 12:40

Watch Out....

Researchers have found that a dot missing in an email address could mean that messages end up in the hands of cyber thieves.

How is this done?

The cyber thieves create web domains that contain commonly mistyped names and then they receive emails that would otherwise not be delivered. It was found that over a six month period they received 20GB of data made up of 120,000 wrongly sent messages.

 

Why is this a security risk?

This is because the intercepted correspondence contained user names, passwords, and details of corporate networks. So meaning that these cyber thieves could easily hack your accounts. Approximately 30% of the top 500 companies in the US were vulnerable to this security shortcoming according to researchers Peter Kim and Garret Gee of the Godai Group.

 

Why does this happen?

The problem occurs because of the way organisations structure their email systems. Most have a single domain for their website, however, many use sub-domains for individual business units, regional offices or foreign subsidiaries. Dots or full stops are used to separate the words in that sub domain. For example a large American car manufacture group may take carname.com as its corporate home but internally use us.carname.com for staff email. Usually, if an address is typed with one of the dots missing, i.e. uscarname.com, then the message is returned to its sender. Although, by setting up similar doppelganger domains, the researchers were able to receive messages that would otherwise be bounced back.

 

Further risk?

A smart attacker could disguise what they were doing by passing on the message to its correct recipient and relaying back any reply. By the cyber thieves acting as a middleman the likelihood of more messages being mis-sent using the "reply" function increases. Further research by the investigators demonstrated that some cyber criminals may already be exploiting keyboard errors. A search uncovered many addresses resembling corporate sub-domains which were owned by individuals in China or linked to sites associated with malware or phishing.

Comments

Andy Langton's picture

Download the PDF

Submitted by Andy Langton on Tue, 13/09/2011 - 12:32

Just a note that you can view the research paper here:

http://files.godaigroup.net/doppelganger/Doppelganger.Domains.pdf

This has been published by the Godai Group - http://godaigroup.net/

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

  • Google Adwords Certified Partner
  • Yahoo Web Analytics Consultant Network Member
  • Microsoft Advertising Accredited Professional
  • Majestic SEO Marketing Partner
  • Econsultancy Buyer's Guide Featured Supplier

Connect with us

  • Connect on Facebook
  • Connect on LinkedIn
  • Follow us on Twitter
  • Find us on Google+
  • Keep up to date via RSS