[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Remailers Pose Risk
Computerworld, February 12, 1996, Front page:
Stealth E-mail poses corporate security risk
By Gary H. Anthes
Anonymous remailers on the Internet are emerging as a
threat to national and corporate security, some experts
warn.
These remailers are Internet sites that strip the names and
addresses from electronic-mail messages before passing them
along anonymously to prople or newsgroups.
For corporate information systems managers, stealth E-mail
is especially troubling because it allows hackers to attack
systems, steal trade secrets and broadcast them worldwide
without leaving an audit trail for authorities to follow.
"Anonymous remailers have a lot of nasty potential," said
Stephen T. Kent, chief scientist for security technology at
BBN Corp. in Cambridge, Mass. "They have the broadcast
potential of the news media but without the possibility of
recourse if something is unsubstantiated or defaming is
published."
Critics are calling for strict limits or an outright ban on
remailer sites, but others insist they are a safeguard
against electronic snooping by abusive governments and
should be considered a political freedom.
Anonymous remailers have been used in a variety of criminal
acts, including distributing pornography and computer
viruses, violating copyright laws and harassing people with
nasty messages.
One snowy day last month, for example, about 25% of the
workforce at a defense contractor in Rockville, Md., went
home after they received a bogus E-mail message dismissing
them for the day. The message originated from an anonymous
remailer that allowed the user to impersonate a senior
company official.
But there are more scary, less publicized uses of
remailers, said Paul Strassmann, former director of defense
information at the Pentagon. Stealth E-mail also is used
extensively by Russian criminals, often former KGB agents.
"This method of communication is a favorite for engaging
the services of cyber-criminals and for authorizing payment
for their acts through a third party." Strassmann said.
Its Reputation Precedes It
Perhaps the best-known remailer site is in Finland at
anon.penet.fi.
The Finnish server was used last year to publish
confidential and copyrighted scriptures from the Church of
Scientology. It also was used to reveal the secret source
code used by RSA Data Security, Inc. in some of its
encryption products.
Last year, police raided the Finnish site and seized
records and computer gear as part of an investigation of
alleged copyright infringement.
The administrator of anon.penet.fi offers this warning to
new users: "I believe very firmly that it's not for me to
dictate how other people ought to behave. But remember,
anonymous postings are a privilege, and use them
accordingly. Remember, this is a service that some people
who use newsgroups such as alt.sexual.abuse.recovery need.
Please don't do anything stupid that would force me to
close down the service."
One remailer advertises itself as a way to thwart attempts
by intelligence agencies to trace illegal traffic,
Strassmann said. It holds all incoming messages until five
minutes after the hour, then remails them in random order.
The messages are sent through five to 20 other remailers,
with a stop in at least one of the several countries noted
for lax law enforcement, he said.
Yet other experts say the threat from remailers is greatly
exaggerated. "We've had remailers around for a while, and
society hasn't fallen," said Mike Godwin, staff counsel at
the Electronic Frontier Foundation in San Francisco. "We've
had anonymous communication in the U.S. for years, you can
use a public telephone, send a letter without a return
address or engage in a cash transaction."
Last year, the U.S. Supreme Court struck down an Ohio law
that required the authors of political posters and
pamphlets to identify themselves. "In the case of political
speach, you can't make people tell you who they are," said
Patrick Sullivan, executive director of the Computer Ethics
Institute in Washington.
But Sullivan said the police raid on the Finnish remailer
was prompted by the Church of Scientology's legitimate
complaint about violations of copyright law.
"I haven't heard many uses of remailers that haven't
involved, at the very least, being disrespective and, at
the most, trying to cause harm of some sort." he said.
_________________________________________________________
Battle against remailers an unfair fight
Think of anonymous remailers as enemies you can't fight
face to face, says Paul Strassmann, former director of
defense information at the Pentagon and now a lecturer at
the U.S. Military Academy at West Point.
"Anonymous remailers are here to stay," he said. "That
means the old military paradigm of retaliation falls apart.
The whole theory of warfare has been if someone attacks
you, you can attack them. But when you are anonymous, there
is no one to shoot at."
Strassmann said society myst look for defenses in the
health sciences, not among electronic technologies.
"The history of public health teaches us that suppression
of any disease must be preceded by a thorough understanding
of its behavior, its method of transmission and how it
creates its own ecology," he said.
"As in the case of smallpox, yellow fever, flu epidemics,
AIDS or malaria, it will take disasters before the public
may accept that some forms of restrictions on the
electronic freedom of speech and that privacy may be
worthwhile."
- Gary H. Anthes
_________________________________________________________
Do's and don'ts
Unethical or illegal uses of anonymous remailers:
- To spread viruses or other malicious software
- To harass or commit libel
- To violate copyright laws
- To encourage others to commit unethical or illegal
behavior
Legitimate uses of anonymous remailers:
- For "whistle blowing"
- For political speech
- For encouraging frank but constructive exchanges of
opinions
_________________________________________________________
Article also contained chart on how to use anon.penet.fi,
not included here.
[Thanks to BC for transcribing]