Email: A pawn in the porn business

One business's complacent attitude toward a security policy led to its email server being hijacked and used to distribute...

One business's complacent attitude toward a security policy led to its email server being hijacked and used to distribute pornography

Like most proprietors of a small business, Gerry Absalom dismissed the idea that IT security was the biggest threat to his survival. As anyone who runs their own business will testify, the threat that some teenage hacker in Norway might get access to his server and change the name of one of his spreadsheets to 'bottom' or something, was the least of his worries.

In his capacity as managing director of the company, he reasoned he would much rather devote his time and energy to getting new business in. This view was reinforced by the company finance director, which he also happened to be. Even in one of his other roles, as the IT director, Absalom couldn't see the dire warnings issued by software vendors and firewall manufacturers as anything but thinly veiled marketing spin.

Everyone knows that hacking is over played and that 80% of the threat to any company is internal. As he could see all his staff from his desk, that was the majority of the problem sorted. And since no cracker (be they a white or black hatter) could ever make headlines by hacking into the server of a Berkshire-based marketing agency, that pretty much eliminated the hacking threat.

Not that Absalom was oblivious to the role of information technology. In order to 'empower' himself with information about his existing business and potential new clients, he had ISDN access to his local Internet service provider. It was his local telco that first gave him a hint that security might be an issue in his company, when it presented him with a quarterly bill of £2,500. "I remember thinking, there's only six of us, we don't send that many emails," says Absalom. "And I know nobody was spending hours on Web searches."

Slowing down
As so often happens, Absalom's telecoms provider was convinced that the answer to his problem, whatever it was, lay in spending more money with them. So he ordered ADSL. Web searches would now become a fixed cost, as would the downloading of emails. The only variable cost would be ISDN bills, because this would be the means of sending email.

Ironically, this only seemed to slow down the email service even more. Clients began to complain that emails weren't arriving for hours.

Fearful that asking his ISP for help might result in him being persuaded to lease a global fibre optic gigapipe, Absalom turned to a local techie for help. The first thing they noticed was that he had 8,000 emails queued up to be sent out on his server. There was no way his own company could be sending this volume of communications out. To test this theory, he opened up a few emails, using the Admin Consul utility that came with Groupwise, his server management software.

One email opened at random seemed to be about a service for men who want to buy nappies. A little odd maybe, but Absalom dismissed this as another variation on that old data mining/customer relationship management chestnut about the sales of nappies and beer. The next email he opened turned out to be an invitation to take part in a poker session, in which the recipient may already have run up $1m in credit. There was a link that took the reader to a gambling website. This definitely wasn't one of his company's key competencies. And neither was the stock advertised in the third email he opened at random; tubes of Arousal Cream.

After further investigation, a pattern emerged. Most of the emails were from just two email addresses. And they all involved some sort of titillation. After studying the material at length (as you do in these circumstances) Absalom concluded that he had become some sort of UK porn distribution hub on behalf of some cost-conscious entrepreneur.

These two users were using his server as some sort of forwarding service. Why would they do that? Since they never responded to his email queries, Absalom could only conclude that these porn merchants were unwilling to fall foul of their own ISPs, who might object to the sheer volume of emails they were being asked to forward. This sort of thing eats into an ISP's profits and will be cracked down upon post haste. Porn, on the other hand (which incidentally does contribute to an ISP's revenue streams) takes a little longer to stamp out.

The porn merchants chose Absalom's server because he had been kind enough to leave the mail forwarding option in his Novell Groupwise software open. A common failing among those who combine IT, finance, personnel and managing directorships. They usually can't devote too much time to fully configuring their mail systems. A resourceful online porn vendor can find these free email forwarding merchants by using 'sniffer' software, which scours the Internet looking for holes in other people's security. Having detected a server, such as Absalom's, turning this into an outlet for their own email is short work for a script wizard.

Switching off
Which is how Gerry Absalom became a free distributor for one or possibly more American porn vendors. Unlike most security fixes that you buy from vendors, his solution didn't involve buying any software or hardware and spending hours configuring it. He closed this avenue of pleasure for the porn merchants by simply switching off the mail forwarding option in Groupwise.

As a precaution, since ADSL means your server is 'always on' and sniffers can detect those whose IP address is permanently up for grabs, he had a Farallon Netline firewall installed. He also took the opportunity to upgrade his server software from Novell's Groupwise to Microsoft NT.

So he's safe now. Apart from one minor glitch. There was already a Melissa virus resident on his company's server, which doesn't thrive in a Groupwise environment. But under the NT regime, it was re-awakened, which caused another wave of emails to be sent out to clients. Still, "I love you" doesn't cut the mustard as a business-to-business communication, but it's an improvement on doing something unmentionable to a beaver.

Read more on Operating systems software

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close