Case Report of Email Spying

This case report is about Brazilian researchers that did have their e-mail invaded by Uk Ministry of Defence with cooperation from Microsoft Corp. The work show details of the invasion and steps that permitted this discovery.


INTRODUCTION
In times where the opponent was a state, as, during the Second World War, all e orts were made to ensure secure communication. During the war itself, the Allies deciphered the German encryption machine, beginning a real obsession with how to decode cyphers of the opponents and, at the same time, create powerful cyphers for their own use. The pigeons have been replaced by emails. Today, instant messages are the most common form of communication between companies, individuals and governments. In that fraction of a second between sending and receiving messages via email, who else will have access to them? In response, service operators include guarantees within their contracts about user privacy, along with the use of SSL [1] to protect communications. James Bond 007, is also associated with real-life versions of the National Security Agency (NSA) of United States of America [2], the CIA [3] and the extinct KGB (FSB) [4]. Meanwhile, the Edward Snowden case [5] has resulted in geopolitical consequences for, as well as caused discomfort and nancial damages among, former allies as evidence of espionage on a large scale are no longer limited to the declared enemy. After 9/11, the game of espionage changed again. Fear changed the way of life around the world. Privacy and con dentiality are characteristics, which, when lost, result in nancial losses and demand a considerable e ort to regain them, although recovery is virtually impossible. This issue is well characterized by Scheneier [6]. Society has opened up its privacy in exchange for the promise of more security. Who decides which particular individual should be the focus of monitoring focus, and in what form? In January 2015, the magazine Science published a special issue titled "The End of Privacy" [7]. Large companies are often blamed for providing data on people and institutions indiscriminately to governments without appropriate legal actions. As there are no e ective means of control, businesses and individuals essentially depend on the trust that people have in these large companies that hold records on us. On 11 July 2013, the British newspaper The Guardian [8] published the contents of top-secret documents, showing that Microsoft works in conjunction with the NSA and the FBI, helping these agencies to circumvent new encryption procedures in its products, including Outlook. Microsoft was given the right to reply by the newspaper: "We have clear principles which guide the response across our th   https://www.heraldopenaccess.us/openaccess/case-report-of-email-spying 3/10 entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes."

THE GAME'S AFOOT
Despite our indignation towards this breach in our email security, rather than scare the hacker, we decided to exploit the situation and expand our knowledge of email privacy. During the rst months of 2015, email communications were made using controlled messages in order to protect the integrity of our research, while our curiosity about the hacker continued to increase. By monitoring the situation, we obtained Outlook access reports (see Figure 1). As can be seen in Table 1, IP address properties were established through consultations with ARIN [9] and RIPE.net Figure 1 [10]. The password used to protect the account assigned at the time of the incidents was regarded as "strong," that is, it contained a great number of numbers, upper and lower case letters, and special characters, which is a format typically used in IT (e.g., "f5Gr$ekslanhjo"). It would be unthinkable that a corporation, which is one of the symbols of America, would be institutionally involved with an unfriendly foreign government. During recent years, the entire world's media has regularly referred to the NSA in the context of any espionage action, control and invasion of privacy against people, businesses and governments around the world.
  https://www.heraldopenaccess.us/openaccess/case-report-of-email-spying 4/10 These reports have also shown that there is at least another player in the game, the UK, as seen in Figures 2   and 3,    Microsoft server-to-server call, we might ask the following:   https://www.heraldopenaccess.us/openaccess/case-report-of-email-spying 6/10 2. In Figure 6, we present an example of human interaction in Washington DC in which a user typed in a wrong password a few days before London received access to the email account. Why would Microsoft imagine that an automated server system would type in wrong passwords? "When you tell us that you don't recognize an activity, it's possible that a hacker or a malicious user has gotten access to your account. To help protect your account, we'll walk you through several steps, including changing your password and reviewing and updating your security info."   Figure 5: Microsoft describes on the user's page [12] the di erent activities relating to an Outlook access report.

Figure 6:
A wrong password was typed in by a human in Washington DC a few days before London got access to the email account. "Senha incorreta inserida" is Portuguese for "Wrong password typed".   1.

MORE QUESTIONS THAN ANSWERS
What are the conditions that might have led to the UK becoming involved in this incident? Or was the UK Government also a victim, ashamed to admit that it had been hacked? And did Microsoft fall prey to one of its employees? What is the impact of this type of espionage in the world on researchers and the general public?
Are thousands of researchers vulnerable to the shady methods and almost unlimited resources of organized hackers? How many patents are at risk? Is the crime no longer about stealing, but simply getting caught? The Los Angeles Times reported in 2001 that the relationship between scienti c research and intelligence agencies did not cool o after the Cold War as previously thought. But, while these researchers continue to fully cooperate with their intelligence masters [13], they should not forget that the same person who pays the wages of these scientists may also be reading their emails on a daily basis.

ABOUT HERALD
Herald Scholarly Open Access is a leading, international publishing house in the elds of Sciences. Our mission is to provide an access to knowledge globally.