Sophos researchers capture 120,000 emails intended for Fortune 500 companies by exploiting a basic typo such as missing dot
Basic typo errors in email addresses could be exploited by hackers to gather sensitive information such as trade secrets of corporates, according to computer security company Sophos.
Security researchers found in a probe that cyber thieves could exploit typo errors such as a missing dot in an email address to grab as much as 20GB of data made up of 120,000 wrongly sent messages over a period of six months.
Companies use dots to separate the words in a sub domain. And usually a message bounces to the sender if an address is typed with one of the dots missing. However, researchers managed to net such emails by setting up similar doppelganger domains.
Web consultant Mark Stockley wrote on the blog of Sophos that it is striking that the researchers managed to capture so much information by focusing on just one common mistake.
"A determined attacker with a modest budget could easily afford to buy domains covering a vast range of organisations and typos," he said.
The company revealed that researchers have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo. The emails included trade secrets, business invoices, personal information about employees, network diagrams and passwords.
Researchers Peter Kim and Garrett Gee did this by buying 30 Internet domains they thought people would send emails to by accident. The practice is known as typosquatting said Stockley.
The domain names they chose were all identical to subdomains used by Fortune 500 companies – including Dell, Microsoft, Halliburton, PepsiCo and Nike — save for a missing dot. Users mistakenly sent them over 120,000 emails in six months.
Stockley revealed that emails thus collected included "some worryingly sensitive corporate information, including: passwords for an IT firm’s external Cisco routers; precise details of the contents of a large oil company’s oil tankers; and VPN details and passwords for a system managing road tollways."
The researchers warn that such typosquatting could be easily turned into an even more dangerous man-in-the-middle attack. Such an attack would have allowed them to capture entire email conversations rather than just individual stray emails, said Stockley.
He said, "To perform a man-in-the-middle attack an attacker would simply forward copies of any emails they receive to the addresses they were supposed to go to in the first place. The forwarded emails would be modified to contain a bogus return addresses owned by the attacker."
"By forwarding and modifying emails in this way the attacker establishes themselves as a silent rely between all the individuals in the conversation."
Last month, security firm F-Secure revealed that hackers used a targeted ‘job offer’ email to EMC employees to breach the security of RSA to steal military secrets from US arms supplier Lockheed-Martin earlier this year.
The hack attack on EMC-owned RSA in March is considered to be one of the biggest hacks in history.