E-mail has the following vulnerabilities, each of which is discussed in greater detail below:
Lack of Privacy
Sending e-mail is like sending a postcard through the mail. Just as the mailman and others have an opportunity to read a postcard, network eavesdroppers can read your e-mail as it passes through the Internet from computer to computer. E-mail is transmitted over a public network where you have no right to expect privacy. It is not like a telephone call, where privacy rights are protected by law.
The courts have repeatedly sided with employers who monitor their employees' e-mail or Internet use. In an American Management Association poll, 47% of major companies reported that they store and review their employees' e-mail. Organizations do this to protect themselves against lawsuits, because the organization can be held liable for abusive, harassing, or otherwise inappropriate messages sent over its computer network. In the same poll, 25% of companies reported that they have fired employees for misuse of the Internet or office e-mail. 5
In the past couple years, The New York Times fired 23 employees for exchanging off-color e-mail. Xerox fired 40 people for inappropriate Internet use. Dow Chemical fired 24 employees and disciplined another 230 for sending or storing pornographic or violent material by e-mail. 1
Several years ago, Chevron Corp. had to pay $2.2 million to plaintiffs who successfully brought a suit of sexual harassment, in part because an employee sent an e-mail to coworkers listing the reasons why beer is better than women. 2
Ease of Accidental Compromise
E-mail is so easy to use that it is also easy to thoughtlessly or accidentally send others information they shouldnt have. E-mail is a frequent source of security compromise. Here are two examples. In the first case, the e-mail writer put classified information into what he mistakenly thought was a private message to a few colleagues with security clearances. The second is a situation that often arises in offices that have both classified and unclassified networks.
A few hours after participating in the successful rescue of a F-16 fighter pilot downed in Bosnia, an excited U.S. Air Force pilot sat down at his computer and banged out a first hand account of the mission. He hooked up to the Internet and sent the account by e-mail to Air Force friends at other bases, scooping the media coverage of the rescue. Friends passed it on to their friends until it was seen by thousands of people and posted on an America Online bulletin board accessible to millions. The account contained classified radio frequencies, pilot code names, exact times and weapons loads for the mission, etc. The pilot explained that he had intended the account to be a personal communication to other cleared officers and not for public review. But he was badly wrong on two counts. First, you don't put classified information in an unclassified e-mail message under any circumstances. Second, nothing that goes on the Internet is personal or private. 4
Two problems arise when individuals want to download an unclassified file from a classified system and then transmit it to a colleague by e-mail on an unclassified system.
One organization had so many violations dealing with downloading and retransmitting unclassified files from its classified system that it found it necessary to lock its computer drives. This means that only the system administrator can download from the classified system. The system administrator processes the material and authorizes transmittal by e-mail as appropriate.
Transmission of Viruses
Mail programs generally allow files to be included as attachments to mail messages. The files that come by mail are files like any other. Any way in which a file can find its way onto a computer is potentially dangerous. If the attached file is only a text message, the risk is limited. If the attached file is a program, an executable script, or a data file which contains a macro, extreme caution should be applied before running it, as this is the means by which many viruses and other types of malicious logic are spread.
One of the more dangerous types of malicious logic spread in this manner is a "Trojan Horse" that allows a remote user to access and control your computer via the Internet without your knowledge. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's computer by burying it in a game program or other executable script sent by e-mail.
Happily, all known versions of this Trojan Horse are caught by any good virus checker. However, about 200 to 300 new viruses are being created each month, so your virus checker is rarely capable of detecting all malicious logic..
Inability to Fully Erase
The seemingly informal and temporary aspect of e-mail encourages people to use it to say things they would never commit to paper. But e-mail is like a cat with nine lives. It keeps coming back. It is almost impossible to eliminate all traces of an e-mail message.
In short, e-mail messages sent years ago may live on in taped storage or on a hard drive beyond the reach of your delete key. You never know when an impulsive or ill-advised e-mail message will come back to haunt you. Three and four-year-old e-mail messages have played key roles as evidence in several high profile court cases.
If you can gain access to your e-mail from afar via the Internet, while traveling, others may be able to do the same thing without your knowledge. An eavesdropper would only have to know the modem phone number and then also know, guess, or be able to crack your password. The vulnerability is similar to that discussed under Voice Mail. See Weak Passwords to learn how easy it is to guess or crack weak passwords.
It is easy to forge an e-mail message so that it appears to come from someone else or from some other location. Incoming e-mail from someone you do not know is always questionable, as the sender may not be who he or she claims to be. For example, a marketing survey that purports to come from a U.S. company may actually originate overseas and be part of a foreign intelligence collection operation. See Obtaining Information under False Pretenses.
|<-- Prev||Next -->|
|SECURITY BRIEFING TABLE OF CONTENTS|