Write a Forensics report on the spoofed email case of XYZ Corporation’s, a software firm providing web services and solutions.
The report is a Forensics report on the spoofed e-mail case of XYZ Corporations, a software firm providing web services and solutions. XYZ Corporations were a victim of E-mail spoofing and had to pay a huge toll on its reputation in the market and the reliability in the eyes of its customers. The company has its primary domain as Finance and also deals in commercial and healthcare domains. With the name of XYZ Corporations, hoax e-mails were sent to hundreds of its clients demanding for money in the name of shares and profits. Some of the clients were trapped in trick of the attackers and sent their hard earned money in fraudulent hands.
Digital Forensics is the branch of science that works in the area of electronic crimes by keeping the base as the digital evidences such as PCs, laptops, mobile devices, tablets and likewise (“Digital Evidence and Forensics | National Institute of Justice”, 2016). With the increase in the electronic crimes, the law enforcement agencies are incorporating the use of digital forensics and evidences in their infrastructure to minimize such happenings.
Questions Asked Relevant to the Case
As the Digital Forensics Examiner, the following sets of questions were asked from the team of XYZ Corporations to understand the case in a better way.
Why was the e-mail address spoofed?
The email address was spoofed from the internal network of the company that is XYZ Corporations. Hence, the reason behind the same was malicious insider attack. An employee from the company gained unauthenticated privileges and impersonated using a false e-mail ID to trick the clients and acquire money from them. A handsome amount was demanded from each and every client by tempting them to invest an initial sum and gain a good share of the company’s assets and profits (The Huffington Post, 2015).
How was the e-mail address spoofed?
Spoofing of email address is not a complicated task. The basic requirements of spoofing an e-mail address are an SMTP (Simple Mail Transfer Protocol) server and applicable e-mail software. The website hosting service of XYZ Corporations provides an SMTP server in the hosting package itself. The port that is utilized by SMTP is 25 and most of the ISPs block the same.
An attacker made use of an SMTP server to show a different “from” address than the actual registered address of the company. However, to the clients, it looked like it actually came from the specified address. When an SMTP email is sent, the initial connection provides two pieces of address information:
MAIL FROM: It is usually present as the return path to the receiver. It is the header which is normally visible to the end user. By default, there are no validations or checks that are installed to verify that the sending system is authorized and authenticated to send across such information.
RCPT TO: This is the recipient address that is the address of the designated delivery. It may or may not be visible to the end user and is present in the header section.
Every time an attacker sent an email message, the receiving server of the clients compared the IP of the origin for the message and the one that was listed in the SPF record for the host that is the @xyz.com part (Lifehacker.com, 2016).
The attacker made sure that the two IP addresses match each other and could pass through as a success for the recipient. However, if the IP addresses would not have matched, the same mail would have been sent to the spam or would have been rejected. It was the receiving server that did not have the mechanism to protect it from the e-mail spoofing.
Original Address v/s Spoofed Address
A comparison was made between the original e-mail address of XYZ Corporations and the e-mail address that was used for spoofing. The attacker made sure that the IP addresses of the two matched at the site of the recipient and made very minor changes in the address name which would normally go unnoticed (“Example of An Expert Witness Digital forensics Report”, 2016).
Search and Seizer and Transport of Evidence
A warrant was issued for the search and seizer of the devices and the network that was utilized for sending and receiving the mails. The devices under suspicion were to be analyzed to have stronger evidences. The materials that were acquired from XYZ Corporations were carefully packages and a chain of custody was efficiently established; so to ensure the integrity of the evidence.
List of Criminal Offence
Cyber crimes refer to the crimes that make use of computer system as a primary means of commission (“What is cybercrime? – Definition from WhatIs.com”, 2016). There has been a serious loss to the information of XYZ Corporations along with tarnishing of the image of the company in the eyes of customer. The information that has been exposed in an unauthenticated and unauthorized manner is as listed below.
It is necessary to set the span filters in a little stronger manner to protect and prevent from such attacks. It would help in landing of the spam email in the spam box rather than the inbox on the basis of the SPF checks. Priority inbox sets the priority for the frequent senders and thus allows them an edge above the others. If any of these contacts is spoofed, then it would be easier to detect the attack.
It is a good skill to possess if the user knows the details of how to track the source of a spam. In case of an attack, the user would be able to open up the header and match the one from the original sender and the one that has been spoofed. The comparison between the two would provide clear results and no scope would be left for an attack to take place.
It is commonly seen that the users click on the links that just by a glance look fishy and unreliable. The attachments and links from unfamiliar sources should be completely avoided looking at the increased occurrence of events such as spoofing and phishing.
It is advisable to check the junk e-mail folders and request the web hosts on the change in the configuration of SMTP server.
DMARC records should be filed for every single domain name to prevent the attackers from attacking it with spoofed e-mails and unwanted attachments to trick people.
Conclusions
XYZ Corporations is software firm that deals with proving finance related services and solutions. It had become a victim of e-mail spoofing and the same was done with the use of an internal network by a malicious insider. The report has analyzed all the aspects of the case and the process begun with questioning from the employees and performing a root cause analysis as to how and why the attack was done. The findings include the device details and the network details that were used during the attack and the list of offences have also been reported.
E-mail spoofing is not rocket science and can easily be done and executed. All it required is a SMTP server and appropriate software. It is recommended to make use of measures such as stronger SPF and DMARC records, frequent checks and not relying on the unfamiliar links to prevent such attacks from taking place.
References
(2016). Forensic Focus. Retrieved 20 May 2016.
adfmedia.org,. (2016). Retrieved 20 May 2016.
arxiv.org,. (2016). Retrieved 20 May 2016.
Cybercrime / Cybercrime / Crime areas / Internet / Home – INTERPOL. (2016). Interpol.int. Retrieved 20 May 2016.
Digital Evidence and Forensics | National Institute of Justice. (2016). National Institute of Justice. R.
Example of An Expert Witness Digital forensics Report. (2016). Academia.edu. Retrieved 20 May 2016.
Information Security – Province of British Columbia. (2016). Cio.gov.bc.ca. Retrieved 20 May 2016.
Lifehacker.com,. (2016). Lifehacker.com. Retrieved 20 May 2016.
Shinder, D. (2004). Understanding E-mail Spoofing. WindowSecurity.com. Retrieved 20 May 2016.
The Huffington Post,. (2015). The Huffington Post. Retrieved 20 May 2016.
University, C. (2016). Guidelines for Data Classification-Computing Services ISO – Carnegie Mellon University. Cmu.edu. Retrieved 20 May 2016.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download