HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance

HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope

More commonly used by spammers than corporate investigators, use of e-mail tracers, commonly known as Web bugs, is serious enough for federal investigators to seek court approval before employing one.

To gain intelligence about the media leak on its board of directors, Hewlett-Packard used a technology normally employed mainly by spammers and hackers--an e-mail tracer. It's actually such an illicit tool that government investigators get court approval to use one.

"We see it a lot from spammers," says Alex Shipp of MessageLabs, an e-mail security company based in New York. "Especially from the bad guys, yes, we see it. You don't generally see the good guys using it."

What HP executives have referred to as an e-mail tracer is generally known as a Web bug. It's a way to find out if someone has opened his or her e-mail or if that person has forwarded the message on to someone else who has opened it. It works several different ways. One way is to hide a link in the body of the e-mail message or in an attachment. The user doesn't need to click on the link. It will fire up and connect to a Web page, for instance, all on its own. If the link is hidden in an attachment, the user needs to open the attachment, but doesn't need to go the extra step of clicking on the link.

Few people have access to the Web page that the link goes to. When it gets a hit, it's easy to see when the hit came in and what IP address it came from. "If Fred Smith [logs a] hit, you know there's only one e-mail in the entire world to cause that action, so Fred Smith must have seen that e-mail and read it," explains Shipp. "You know how many people read it, and you know the IP address that touched the Web server."

It's "pretty trivial" to create the e-mail tracer or Web bug by adding active scripting or an attachment to the e-mail, according to Ken Dunham, director of the rapid response team at VeriSign iDefense Intelligence based in Mountain View, Calif. "You get it to phone home essentially," he adds.

And that's exactly what HP investigators were hoping their e-mail tracer would do.

On Friday, Sept. 22, both HP CEO Mark Hurd and attorney Mike Holston admitted that the company's investigators created the fictitious persona of a disgruntled HP senior manager, along with an e-mail address for this nonexistent person, all in an attempt to con a reporter into revealing the identity of her secret source. As part of their sting, they sent the reporter an e-mail with a tracer in an attachment. Investigators hoped the reporter would forward the message on to her contact on the board, and that the tracer would send that person's IP address back to HP, pinning down the identity of the leak.

The ruse might not have even worked, though. Holston, who is an attorney with Morgan Lewis, a law firm retained by HP to look into the media leak investigation, says there was no confirmation that the tracer was ever activated.

Ken van Wyk, principal consultant for KRvW Associates, says there are a lot of reasons the tracer might have failed. First off, it's possible the reporter never opened the attachment. It's also possible that if she forwarded the message on, she left off the attachment. And the reporter and her source might have been using a browser that disables script from connecting to the Internet without the user's permission.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
News
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Commentary
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
Slideshows
Top 10 Programming Languages in Demand Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  4/28/2020
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll