Help for novel - email interception
Results 1 to 9 of 9

Thread: Help for novel - email interception

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Location
    Yorkshire, UK
    Posts
    5

    Help for novel - email interception

    I'm writing a thriller, set in 2007, and have the scenario that one person in a government building wants to access (undetected) the email of another person in that building. They are both of a senior level, and the one who wants to read the email has access to some very clever hackers/IT specialists (but can't use the CIA/FBI because it's all very illegal). I don't want enough detail to do it, just whether it is feasible and, if so, with enough hints to make it sound plausible, e.g. would the hacker have to visit the building.

    Sorry of I've chosen the wrong site or thread, but it is security and I am a newbie here...

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi and welcome to AO

    Yes you have a security question, and I have seen several similar requests over the years where someone has seen something in a film or read it in a novel and wondered if it was feasible.

    You say that they are both senior (presumably civil servants) and are in the same building. I would guess that means that they are on the same network and use the same mail server?

    e.g. would the hacker have to visit the building.
    Well, they are both in it already, so what I guess you are asking is would it take physical access to the mail server and/or client computer? Or could it be done remotely?

    The answer is almost certainly "yes". How would depend on the setup, and security (not noted in government establishments) in place.

    can we have a bit more background?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Junior Member
    Join Date
    Jan 2012
    Location
    Yorkshire, UK
    Posts
    5
    Thank you for the quick and helpful reply, and for the welcome.

    "and security (not noted in government establishments)" LOL

    Yes, they are civil servants based in Washington. Essentially the story is about trying to find out if an ex-general (now a civil servant) can be trusted in the investigation of a corrupt army officer in Afghanistan, or whether he is actually involved. Because the other civil servant can't trust the CIA etc. in the circumstances (out-ranked) he is using a less-than-legal bunch of people to help him out. These are world-class criminals with a lot of resources to hand.

    Is that enough background? I just need to be able to sketch out him asking for help and the bunch of criminals (he's worked with them before) delivering the solution.

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    You should really REALLY check out "The Cuckoo's Egg" by Cliff Stoll. It's a true story he wrote about that happened to him, and part of this, is in his book.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  5. #5
    Junior Member
    Join Date
    Jan 2012
    Location
    Yorkshire, UK
    Posts
    5
    Thanks for the tip, Gore. I've downloaded a copy of the book

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    I will assume that this is a typical government or institutional scenario where all data (including e-mails) are held on shared, central servers, as opposed to locally on users' desktops. This is so that data are backed up properly, as users cannot be trusted.

    There are three potential attack vectors IMO:

    1. The mailserver itself.
    2. The mailserver backups (frequently stored under far less security than the server room )
    3. The e-mail account that is the target.

    1 & 2 are where the FEDs would go, or criminals after ALL e-mails.

    3. Is the Sara Palin (and dozens of others) scenario.

    To access someone's live e-mail account you need:

    1. Their UserID.
    2. Their password.
    3. Access to the mailserver their account is on.

    In the scenario that you describe #1 is a nobrainer because his ID will be on the internal e-mail directory.

    Similarly #3 should not be a problem as your protagonist should have the same access rights as the target.

    That just leaves obtaining their password..............AND (presumably?) avoiding detection.

    A lot would depend on the type of government department we are talking about here, and what their security policies happen to be.

    A few more background questions:

    1. Is this e-mail on a "secure" network or one you can surf the net with?
    2. Are we talking about desktops or laptops?
    3. Can authorised employees access their e-mail accounts remotely or must they be on site?

    Last edited by nihil; January 5th, 2012 at 07:27 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  8. #8
    Junior Member
    Join Date
    Jan 2012
    Location
    Yorkshire, UK
    Posts
    5
    Thanks, Cider. An excellent example of what NOT to do on both sides of the subject

Similar Threads

  1. how to finger a user via telnet
    By ai0070 in forum Miscellaneous Security Discussions
    Replies: 6
    Last Post: October 19th, 2004, 12:21 AM
  2. HowTo Interpret Email Headers
    By ShagDevil in forum Other Tutorials Forum
    Replies: 0
    Last Post: June 13th, 2004, 06:46 PM
  3. Chapter 2 - Newbie Questions Answered
    By uraloony in forum The Security Tutorials Forum
    Replies: 6
    Last Post: December 24th, 2003, 02:41 AM
  4. An Intro to ProcMail
    By roswell1329 in forum The Security Tutorials Forum
    Replies: 4
    Last Post: December 11th, 2002, 12:35 AM
  5. How to read email header
    By rajat in forum Roll Call
    Replies: 0
    Last Post: February 20th, 2002, 05:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •