[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remailers Pose Risk



   Computerworld, February 12, 1996, Front page:

   Stealth E-mail poses corporate security risk

   By Gary H. Anthes


   Anonymous remailers on the Internet are emerging as a
   threat to national and corporate security, some experts
   warn.

   These remailers are Internet sites that strip the names and
   addresses from electronic-mail messages before passing them
   along anonymously to prople or newsgroups.

   For corporate information systems managers, stealth E-mail
   is especially troubling because it allows hackers to attack
   systems, steal trade secrets and broadcast them worldwide
   without leaving an audit trail for authorities to follow.

   "Anonymous remailers have a lot of nasty potential," said
   Stephen T. Kent, chief scientist for security technology at
   BBN Corp. in Cambridge, Mass. "They have the broadcast
   potential of the news media but without the possibility of
   recourse if something is unsubstantiated or defaming is
   published."

   Critics are calling for strict limits or an outright ban on
   remailer sites, but others insist they are a safeguard
   against electronic snooping by abusive governments and
   should be considered a political freedom.

   Anonymous remailers have been used in a variety of criminal
   acts, including distributing pornography and computer
   viruses, violating copyright laws and harassing people with
   nasty messages.

   One snowy day last month, for example, about 25% of the
   workforce at a defense contractor in Rockville, Md., went
   home after they received a bogus E-mail message dismissing
   them for the day. The message originated from an anonymous
   remailer that allowed the user to impersonate a senior
   company official.

   But there are more scary, less publicized uses of
   remailers, said Paul Strassmann, former director of defense
   information at the Pentagon. Stealth E-mail also is used
   extensively by Russian criminals, often former KGB agents.

   "This method of communication is a favorite for engaging
   the services of cyber-criminals and for authorizing payment
   for their acts through a third party." Strassmann said.

   Its Reputation Precedes It

   Perhaps the best-known remailer site is in Finland at
   anon.penet.fi.

   The Finnish server was used last year to publish
   confidential and copyrighted scriptures from the Church of
   Scientology. It also was used to reveal the secret source
   code used by RSA Data Security, Inc. in some of its
   encryption products.

   Last year, police raided the Finnish site and seized
   records and computer gear as part of an investigation of
   alleged copyright infringement.

   The administrator of anon.penet.fi offers this warning to
   new users: "I believe very firmly that it's not for me to
   dictate how other people ought to behave. But remember,
   anonymous postings are a privilege, and use them
   accordingly. Remember, this is a service that some people 
   who use newsgroups such as alt.sexual.abuse.recovery need.
   Please don't do anything stupid that would force me to
   close down the service."

   One remailer advertises itself as a way to thwart attempts
   by intelligence agencies to trace illegal traffic,
   Strassmann said. It holds all incoming messages until five
   minutes after the hour, then remails them in random order.
   The messages are sent through five to 20 other remailers,
   with a stop in at least one of the several countries noted
   for lax law enforcement, he said.

   Yet other experts say the threat from remailers is greatly
   exaggerated. "We've had remailers around for a while, and
   society hasn't fallen," said Mike Godwin, staff counsel at
   the Electronic Frontier Foundation in San Francisco. "We've
   had anonymous communication in the U.S. for years, you can
   use a public telephone, send a letter without a return
   address or engage in a cash transaction."

   Last year, the U.S. Supreme Court struck down an Ohio law
   that required the authors of political posters and
   pamphlets to identify themselves. "In the case of political
   speach, you can't make people tell you who they are," said
   Patrick Sullivan, executive director of the Computer Ethics
   Institute in Washington.

   But Sullivan said the police raid on the Finnish remailer
   was prompted by the Church of Scientology's legitimate
   complaint about violations of copyright law.

   "I haven't heard many uses of remailers that haven't
   involved, at the very least, being disrespective and, at
   the most, trying to cause harm of some sort." he said.

   _________________________________________________________

   Battle against remailers an unfair fight

   Think of anonymous remailers as enemies you can't fight
   face to face, says Paul Strassmann, former director of
   defense information at the Pentagon and now a lecturer at
   the U.S. Military Academy at West Point.

   "Anonymous remailers are here to stay," he said. "That
   means the old military paradigm of retaliation falls apart.
   The whole theory of warfare has been if someone attacks
   you, you can attack them. But when you are anonymous, there
   is no one to shoot at."

   Strassmann said society myst look for defenses in the
   health sciences, not among electronic technologies.

   "The history of public health teaches us that suppression
   of any disease must be preceded by a thorough understanding
   of its behavior, its method of transmission and how it
   creates its own ecology," he said.

   "As in the case of smallpox, yellow fever, flu epidemics,
   AIDS or malaria, it will take disasters before the public
   may accept that some forms of restrictions on the
   electronic freedom of speech and  that  privacy may be
   worthwhile."

   - Gary H. Anthes

   _________________________________________________________

   Do's and don'ts

   Unethical or illegal uses of anonymous remailers:

   -  To spread viruses or other malicious software
   -  To harass or commit libel
   -  To violate copyright laws
   -  To encourage others to commit unethical or illegal
      behavior

   Legitimate uses of anonymous remailers:

   -  For "whistle blowing"
   -  For political speech
   -  For encouraging frank but constructive exchanges of
      opinions

   _________________________________________________________

   Article also contained chart on how to use anon.penet.fi,
   not included here.

   [Thanks to BC for transcribing]