Journal of Digital Forensics, Security and Law, Vol. 7(1)
30
legal practitioner during investigations and legal proceedings. Regrettably, the
exploit complements the existing arsenal of tools for email forgery. More
ominously, it provides opportunity for traceless injection of illicit
material/malware onto any machine synchronised with the Hotmail
®
account.
Keywords Digital evidence, evidence validation, Windows Live Mail
®
, email
tampering, web-based email exploitation.
1. INTRODUCTION
Covert attacks to gain control over other users’ web-based email accounts for a
range of illegal and unethical purposes is not a new or uncommon phenomenon
(Florencio & Herley, 2007). Use of email systems to promulgate the spread of
malicious software capable of breaching privacy, disabling individuals’
computers and networks, and a myriad of scams, are unwelcome but well-
entrenched phenomena (Sunner, 2005). Bogus email messages created with little
technical skill can override email identity checking process, providing anonymity
for the miscreants and when delivered can have disastrous outcomes for victims
of such ploys (Levi & Koc, 2011). A significant vulnerability is poor password
security measures used by email providers, aggravated by weak user passwords,
which in turn facilitates, if not actually encourages exploitation of this essential
communications medium (Craddock, 2011; Preibusch & Bonneau, 2010).
The ability to access others’ email accounts allows intruders to create, delete,
transmit, move and copy messages but little else. An intruder, or account holder
wishing to modify an existing email message for some improper purpose may be
able to export messages, modify them but then find it impossible to reinsert the
emails into web-based accounts. It was considered difficult, if not impossible, to
modify web-based email messages stored on vendors’ servers without direct
access to the server by means other than the web page (Ardley, 2011).
We became aware of a current criminal case
during which the defendant
suggested the possibility of the complainant tampering with messages received by
the complainant from the defendant in a Hotmail
®
web-based email account. The
suggestion was this was done as a means to implicate the defendant in a criminal
activity. Initially, the proposition seemed improbable because of perceived
technical difficulties in editing message content and was dismissed by the
prosecution team of cyber forensics experts as being technically beyond the
ability of the average home computer user without advanced programming skills.
Nevertheless, the defence, forensics team considered it was possible with an
unknown but probably low level of difficulty, and further research would help to
identify and test simple processes allowing authorised and unauthorised
tampering of Hotmail
®
messages to succeed.
While the case is sub judice we are not permitted to identify the court or parties
involved.