Researchers’ typosquatting Fortune 500 companies emails


List of some of the 151 Fortune 500 companies (in red) that have subdomains that are potentially vulnerable to a doppelganger attack

Two researchers set up doppelganger domains to intercept email’s with mistyped company domains and collected 20GB of emails over a 6 month period.

Email’s included a lot of sensitive company data, including employee info, legal documents pertinent to the company and network configuration data. “Twenty gigs of data is a lot of data in six months of really doing nothing,” said researcher Peter Kim from the Godai Group. “And nobody knows this is happening.”

Doppelganger domains are domains that are spelled almost exactly like legitimate domains, usually missing a period or letter such as uscisco.com instead of us.cisco.com.

The researchers found that 30% of Fortune 500 companies were potentially vulnerable from such attacks. They also found many of these doppelganger domains had already been registered, many of them in China.

Attackers could also set up man-in-the-middle attacks so they get emails then forward them to the real recipient. A victim could send emails back and forth without ever noticing something is wrong.

Of the 120,000 emails their doppleganger domains got, only 2 senders noticed something was wrong. Of the 30 domains they set up only 1 company noticed they had registered the domain and threatened a lawsuit if the researchers didn’t turn over ownership, which they did.

Companies can always buy up these domains to protect themselves, or block DNS and any internal emails to these domains as Kim seggests. Though this will not protect from email sent from outside the company to the doppleganger in the first place.

This is a somewhat hard problem to fix since most people will mistype some of the email they send, however we should be trying to educate users to watch out for this type of attack and/or validate that you are talking with the right person before sending sensitive information.

Source: http://arstechnica.com/business/news/2011/09/researchers-typosquatting-snarfed-20gb-worth-of-fortune-500-e-mails.ars

Advertisements

2 thoughts on “Researchers’ typosquatting Fortune 500 companies emails

  1. The post said that companies try to take all of the commonly misspelled names but its almost impossible to cover everything. The only really safe thing to do is to be more careful as the sender to make sure you’re sending to the correct place instead of a clever middleman.

Comments are closed.