Thursday, February 2, 2006

How to punk the NSA and figure out if they are reading your email

Here's a quick and easy method security expert, Richard Smith, came up with to see if one's email messages are being read by someone else (like the NSA):

The steps are:

1. Set up a Hotmail account.
2. Set up a second email account with a non-U.S. provider. (eg. Rediffmail.com)
3. Send messages between the two accounts which might be interesting to the NSA.
4. In each message, include a unique URL to a Web server that you have access to its server logs. This URL should only be known by you and not linked to from any other Web page. The text of the message should encourage an NSA monitor to visit the URL.
5. If the server log file ever shows this URL being accessed, then you know that you are being snooped on. The IP address of the access can also provide clues about who is doing the snooping.

The punk'd part requires one more step. Telling them you caught them spying. Therefore on the webpage of the unique URL you would write or better yet have an image file requiring human viewing. It could say something polite like: "Dear NSA - You've been Punk'd." Of course, you can insert your own text and graphics to personalize your punk'd page.

The trick is to make your fake "terrorist" email a sweet enough honeypot for the NSA to investigate and then check the link. Mr. Smith offered these practical suggestions:

  • Include other links in a message to known AQ message boards

  • Include a fake CC: to Mohamed Atta's old email address (el-amir@tu-harburg.de)

  • Send the message from an SMTP server in Iraq, Afghanistan, etc.

  • Use a fake return address from a known terrorist organization

  • Use a ziplip or hushmail account.

Here are a few more suggestions:

  • Mine the List of Terrorists, Terrorist Organizations, & Narcotics Traffickers for keywords. It is kept by The Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury which administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries, terrorists, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction.

  • Included the handle of the infamous al-Qaeda hacker: "Irhabi 007" or some of his old websites: www.irhabi007.ca & www.irhabi007.tv

  • Send email between two free foreign email providers that might route their mail through the US or over a US network. For example, from Canada to S. America.

  • Include a link(s) from an RSS feed of a Chechen guerrilla fighter website.

The NSA, of course, is not the only national intelligence agency interested in reading private email. This technique could be used to catch other eavesdroppers depending on how the email is baited and sent.

links:
Who is snooping on my email? [ComputerBytesMan.com, Richard Smith, Dec. 23, 2005]
Eavesdropping 101: What Can The NSA Do? [ACLU, Jan. 31, 2006]

related:
List of Terrorists, Terrorist Organizatons, & Narcotics Traffickers [TJN, May 28, 2004]
Chechen Guerrilla Fighter Website [TJN, Nov. 23, 2005]
Serving No Good - Anti-Semitic Website Hides in Singapore [TJN, Jan. 27, 2004]

Twitter | Ukraine World

Twitter | Volodymyr Zelenskyy (Ukraine President)

Twitter | Euromaidan Press

Twitter | The Kyiv Independent

Twitter | Ukraine Weapons Tracker

Daily Reckoning

Safehaven