E-mail Spoofing Submitted to Mrs. Debmita Mondal (Faculty: Cyber Law)
Submitted by Anant ekka Section A Roll No: 26 Semester VII B.A.LL.B(Hons.) Submitted on: 26 /09/2016
HIDAYATULLAH NATIONAL LAW UNIVERSITY, RAIPUR (C.G.)
1
Acknowledgement The successful completion of any task would be, but incomplete, without the mention of people who made it possible and whose constant guidance and encouragement crowned my effort with success. I would like to thank my course teacher Mrs. Debmita Mondal for providing me the topic of my interest. Secondly, I would like to thank our Vice Chancellor for providing the best possible facilities of I.T and library in the university. I would also like to extend my warm and sincere thanks to all my colleagues, who contributed in numerable ways in the accomplishment of this project.
Thanking you, Anant Ekka Semester VII
2
Contents Acknowledgments…………………………………………………………………… 2 Research Methodology……………………………………………………………......4 Objectives...…………………………………………………………………………...4 Introduction...................................................................................................................5 Spoofing........................................................................................................................6 E-mail spoofing.............................................................................................................6 Cases on e-mail spoofing...............................................................................................9 Conclusion…………………………………………………………………………... 11 Webliography………………………………………………………………………....12
3
Research Methodology This research project is Non-Doctrinal in nature since it is largely based on secondary & electronic sources of data and also since there is no field work involved while producing this research and it largely involves study of various cases and comparison from different books, journal and other online sources. It is not empirical in nature.
Objective
To study about e-mail spoofing.
4
Introduction In the era of cyber world as the usage of computers became more popular, there was expansion in the growth of technology as well, and the term ‘Cyber’ became more familiar to the people. The evolution of Information Technology (IT) gave birth to the cyber space wherein internet provides equal opportunities to all the people to access any information, data storage, analyse etc. with the use of high technology. Due to increase in the number of netizens, misuse of technology in the cyberspace was clutching up which gave birth to cyber crimes at the domestic and international level as well. Though the word Crime carries its general meaning as “a legal wrong that can be followed by criminal proceedi ngs which may result into punishment” whereas Cyber Crime may be “unlawful acts wherein the computer is either a tool or target or both”. The world 1st computer specific law was enacted in the year 1970 by the German State of Hesse in the form of ‘Data Protection Act, 1970’ with the advancement of cyber technology. With the emergence of technology the misuse of technology has also expanded to its optimum level and then there arises a need of strict statutory laws to regulate the criminal activities in the cyber world and to protect technological advancement system. It is under these circumstances Indian parliament passed its “INFORMATION TECHNOLOGY ACT, 2000” on 17th October to have its exhaustive law to deal with the technology in the field of e commerce, e-governance, e-banking as well as penalties and punishments in the field of cyber crimes. Cyber crimes actually means it could be hackers vandalizing your site, viewing confidential information, stealing trade secrets or intellectual property with the use of internet. It can also include ‘denial of services’ and viruses attacks preventing regular traffic from reaching your site. Cyber crimes are not limited to outsiders except in case of viruses and with respect to security related cyber crimes that usually done by the employees of particular company who can easily access the password and data storage of the company for their benefits. Cyber crimes also includes criminal activities done with the use of computers which further perpetuates crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to Computer system, theft of information contained in the electronic form, e-mail bombing, physically damaging the computer system etc.
5
Spoofing
Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.
The word "spoof" means to hoax, trick, or deceive. Therefore, in the IT world, spoofing refers tricking or deceiving computer systems or other computer users. This is typically done by hiding one's identity or faking the identity of another user on the Internet.
Spoofing can take place on the Internet in several different ways. One common method is through e-mail. E-mail spoofing involves sending messages from a bogus e-mail address or faking the e-mail address of another user. Fortunately, most e-mail servers have security features that prevent unauthorized users from sending messages. However, spammers often send spam messages from their own SMTP, which allows them to use fake e-mail addresses. Therefore, it is possible to receive e-mail from an address that is not the actual address of the person sending the message.
Finally, spoofing can be done by simply faking an identity, such as an online username. For example, when posting on a Web discussion board, a user may pretend he is the representative for a certain company, when he actually has no association with the organization. In online chat rooms, users may fake their a ge, gender, and location .1
E-mail Spoofing In today’s growing world it is difficult to imagine life without e-mails. These are very quick and simple to use. Thus people choose to interact through emails. You can use emails for individual or business purposes, but these days, using emails also are not very secure. Email viruses and email spoofing are different form of threats to all the email users. Email has fast emerged as the world's most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals.
1
http://techterms.com/definition/spoofing
6
Email spoofing is one of the best known spoofs. Since core SMTP fails to offer authentication, it is simple to forge and impersonate emails. Spoofed emails may request personal information and may appear to be from a known sender. Such emails request the recipient to reply with an account number for verification. The email spoofer then uses this account number for identity theft purposes, such as accessing the victim's bank account, changing contact details and so on.
The attacker (or spoofer) knows that if the recipient receives a spoofed email that appears to be from a known source, it is likely to be opened and acted upon. So a spoofed email may also contain additional threats like Trojans or other viruses. These programs can cause significant computer damage by triggering unexpected activities, remote access, deletion of files and more Email spoofing is a fraudulent email activity hiding email origins. The act of e-mail spoofing occurs when imposters are able to deliver emails by altering emails' sender information. Although this is usually done by spammers and through phishing emails for advertising purposes, email spoofing can have malicious motives such as virus spreading or attempts to gain personal banking information. Simple Mail Transfer Protocol (SMTP) does not provide any type of authentication process for persons sending emails. Yet, it is the primary email system for most people, facilitating email spoofing. Now a days, most email servers can provide further security. Also many digital software vendors have created products remedying this problem. 2 A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing. Usually to send an email the sender has to enter the following information:
email address of the receiver of the email
email address of the person who will receive a copy of the email (referred to as CC for carbon copy)
2
https://www.techopedia.com/definition/1664/email-spoofing
7
email address of the person who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the e-mail (known as BCC for blind carbon copy)
Subject of the message (a short title / description of the message)
Message
Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email. Consider Mr. Siddharth whose email address is
[email protected]. His friend Golu's email address is
[email protected]. Using SendFakeMail, Siddharth can send emails purporting to be sent from Golu's email account. All he has to do is enter
[email protected] in the space provided for sender's email address. Golu's friends would trust such emails, as they would presume that they have come from Golu (whom they trust). Siddharth can use this misplaced trust to send viruses, Trojans, worms etc. to Golu's friends, who would unwittingly download them. 3 One of the cyber crimes phishing is associated with Email spoofing. Phishing is the practice of attempting to obtain users' credit card or online banking information, often incorporates email spoofing. For example, a "phisher" may send e-mail that looks as if it comes from the banks or credit cards administrative department, asking the user to log onto a Web page and enter passwords, account numbers, and other personal information. Thereby obtaining the users confidential information.4
Phishing is associated with Email spoofing. Phishing is the practice of attempting to obtain users' credit card or online banking information, often incorporates e-mail spoofing. For example, a "phisher" may send e-mail that looks as if it comes from the banks or credit cards administrative department, asking the user to log onto a Web page and enter passwords, account numbers, and other personal information. Thereby obtaining the users confidential information.
3 4
http://cybercrime.planetindia.net/email_crimes.htm https://www.ukessays.com/essays/computer-science/the-process-of-spoofing-computer-science-essay.php
8
Cases on E-mail Spoofing
1. Gujarat Ambuja Executive’s case:
51-year-old cyber criminal Pranab Mitra has stunned even the cyber crime investigation cell of Mumbai police with his bizarre fraud on the Net. Mitra, a former executive of Gujarat Ambuja Cement, was arrested on Monday for posing as a woman and seducing online an Abu Dhabi-based man. Investigating officer, Assistant Commissioner of Police, J.S. Sodi, said Mitra has been remanded to police custody till June 24, and has been booked for cheating, impersonation, blackmail and extortion under sections 420, 465, 467, 471, 474 of the IPC, read with the newly formed Information Technology Act. Mitra posed as a woman, Rita Basu, and created a fake e-mail ID through which he contacted one V.R. Ninawe. According to the FIR, Mitra trapped Ninawe in a ‘‘cyber -relationship’’ sending emotional messages and indulging in online sex since June 2002.Later, Mitra sent an e-mail that ‘‘she would commit suicide’’ if Ninawe ended the relationship. He also gave him ‘‘another friend Ruchira Sengupta’s’’ e-mail ID which was in fact his second bogus address. When Ninawe mailed at the other ID he was shocked to learn that Mitra had died. Then Mitra began the emotional blackmail by calling up Abu Dhabi to say that police here were searching for Ninawe. Ninawe panicked on hearing the news and asked Mitra to arrange for a good advocate for his defence. Ninawe even deposited a few lakh in the bank as advocate fees. Mitra even sent e-mails as high court and police officials to extort more money. Ninawe finally came down to Mumbai to lodge a police case. 2. Citi Bank Spoofing case:
Many E-mails are in circulation asking the receivers to update their CITI Bank account information.
The mails are purported to be from Customer Service Department of the Bank.
The mails also contain a link to CITI Bank website.
The
fact
is
that
the
link
is
fake
it
comes
with
an
extension
e.g.
www.citibank.com/5%ac8%/login.asp
The link actually takes the person to a mirror of actual site.
9
The information punched in there never goes to the bank but to another computer and gets stored.
This was used by the person for operating accounts.
10
Conclusion Nowadays, almost everyone is moving into electronic settings. The commercial, social and governmental activity depends on this new 'Electronic' way of life. Spoofing is a real threat to the Community as we all are dependent on this electronic way of life. Although in some places its use can be justified, not always does it occur with a 'good' intention. Since many years it has been seen that spoofing attacks are becoming more and more extensive with the difficulty of nailing the spoof attackers increasing as well. As research in the field of computer science carries on steadily, ways of using and misusing this field carry on as well. Today, nearly everything runs around these few real-world applications. And with the rapid growth of spoofing attacks, it has become even more important to protect ourselves from the attacks or even prevent them from taking place at all. Since users of computer system and internet are increasing worldwide, where it is easy to access any information easily within a few seconds by using internet which is the medium for huge information and a large base of communications around the world. Certain precautionary measures should be taken by netizens while using the internet which will assist in challenging this major threat Cyber Crime.
11
Webliography
www.ukessays.com
www.cybercrime.planetindia.net
www.techopedia.com
www.techterms.com
www.knowcybercrime121.blogspot.in
12