Q

Home » Work » HACKING 101 – Spoofing (Faking) EMAILS – a practical exercise using the Russian (and other) Embassies!

HACKING 101 – Spoofing (Faking) EMAILS – a practical exercise using the Russian (and other) Embassies!

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 46 other followers

Ok. Last time. I announced the Sony thing AFTER I had done it.

Apparently I have no hacker credibility.

No respect, man, no respect.

This time, I will let ya’all know what I did TO PREVENT A public shitstorm!

People have a tendency to place a little too much faith in the reliability of digital communications and WHO they are actually communicating with.

Let alone WHAT IS BEGIN COMMUNICATED

So last night. I sent an email from Japan’s Embassy to Japan which said this:

(Official communique intercepted from Russia)
The sad part about Japan is they THINK they own their own country and their development. I think America must have bombed them back to the stone age in World War 2, because they still act like neanderthals who are all financial slaves to both China and Russia.

Then I sent an email to Russia from the Russia Embassy which said this:

(Official communication intercepted from Downing Street and British Consolate in America)

“Those assholes couldn’t fight their way out of a hat. They intimidate. They steal. They use their own country’s blood (in oil) to pay for others to do their dirty work. but they’re pussies. Every single one of them, deep down inside, would duck under the nearest table if it mean their ass was in a brawl. Pussies, I tell you. The lot of them. Bloody pussies.

Then I sent an email to the British Embassy from the British Embassy in DC.

(Official communication intercepted from a drug cartel and political leader of Costa Rica)
“Those idiots from London and the whole of the UK would never be able to figure out that we’re behind their drug trade, They’ve been trained like puppies to believe that stronger military might actually means something, when we’re using their military to distribute our drugs and bypass customs. So they come to our peace-loving country. Spend their money like sheep and keep on coming, just like the gringos from the states, and we get them coming and keep them addicted when they get back home as well. Germany must have put them all to sleep in World War 2, because they all act like they are brain dead, zombies.

… (a muffled voice) jaja. I can see their love for zombie movies has a basis in reality.”


Now how was this done?

Warning: Technical Stuff Ensues

So to start, i looked for email address ‘recipients’ – Russia seemed like a good start – so I did a simple Google search for ‘contact email russian embassy’

The second link in the search results below looked most promising:

SearchResults

Clicking on that link, This brought me immediately to the primary contact email page.

RussianEmbassy

This provides one pertinent piece of information:

The origin email. Now I wash, rinse and repeat this same process for each source and destination, and then simply write down my sender and recipient list.

From there, I went to Windows Start Menu -> Run (In windows XP), and “cmd”

StartMenuRun

Now a quick note – many companies, and (especially) embassies still use older unsecure POP and SMTP email relay systems for their email and in many cases quite literally house that email on the same host they have their web site on.

This is generally speaking – BAD NEWS!

So I knew I had to strip out the embassy portion of the email, and I arrive at the @ sign which points to russianembassy.org.

So once I was at the Windows XP command line, I logged into that email servers using a simple TELNET command at the command line:

C:> telnet russianembassy.org 25

This establishes a connection to the Russian Embassy’s SMTP server.

Now SMTP stands for Simple Mail Transfer Protocol, which is what constitutes I’d say about 40% of email traffic. Maybe more. Corporations generally have learned to avoid it. But government institutions, non profits, and those companies leveraging open source tend not to.

Once I logged on, I saw this message:

Connected to russianembassy.org
Escape character is '^]'.
220 mail.domain.ext ESMTP Sendmail ?version-number?; ?date+time+gmtoffset?

The next step is crucial. Declaring the domain I am sending mail FROM.

What this does is ‘spoof’ the perceived origin of the email and guarantees our host.

HELO russianembassy.org

This ‘tells’ the SMTP SERVER that the email I am sending originates from this location.

It SHOULD be obvious. But these servers do NOT recognize what I typed in at my command line. They merely receive a connection and respond to commands issued and nothing more.

Also keep in mind that a single SMTP and POP (Post Office Protocol) Servers can manage numerous domains.

Godaddy, for instance, hosts numerous web sites and is an example of this.

NEXT I received this message after issuing my HELO command:

250 mail.domain.ext Hello local.domain.name [russianembassy.org], pleased to meet you

From there, I issue this command – where the ‘spoof’ of this email being sent through ‘official’ channels should become clear:

MAIL FROM: embassy@russianembassy.org

With this command, I received this as my response:

250 2.1.0 embassy@russianembassy.org... Sender ok

Now I had done a little groundwork to find the current premier / Prime Minister of the Russian Federation, the man under Putin: Dmitry Medvedev. I also found Russia’s press agency.

RCPT TO: <Dmitry.Medvedev@government.ru>
RCPT TO: <duty_press@aprf.gov.ru>

For both of these, I received this:

250 2.1.0 embassy@russianembassy.org... Recipient ok

Now this allowed me to send the message:

DATA

Subject: (Official communication intercepted from Downing Street and British Official in America)

"Those assholes couldn't fight their way out of a hat. They intimidate. They steal. They use their own country's blood (in oil) to pay for others to do their dirty work. but they're pussies. Every single one of them, deep down inside, would duck under the nearest table if it mean their ass was in a brawl. Pussies, I tell you. The lot of them. Bloody pussies."

.

And from there, I received the message:

250 2.0.0 ???????? Message accepted for delivery

And to exit, I typed in “QUIT”

QUIT

221 2.0.0 mail.domain.ext closing connection

Connection closed by foreign host.

That’s it.

I washed, rinse repeat with the other embassies and their ‘mother homelands’.


Now ONE KEY to understand about translations between languages is ON THE INTERNET – it is NOT precise.

And most countries are not truly multilingual.

I won’t get into detail about how this works.

But study the game “Mass Effect”.

Playing the main character Shepherd, he NEVER responds with the speech that you selected.

But he DOES respond with the general context and tone of what you’re saying.

There’s ample evidence out there that translation between country languages works the SAME exact way. Since their perception of the world is quite likely remarkably different than ours, what is IMPORTANT in the email I sent is not the grammatical correctness of the message.

The recent television show Person of Interest – Season 4, Episode 11, highlighted this observation magnificently.

There’s a sequence where the intelligent system ‘simplifies’ interactions and every character’s dialog is reduced to terms of general emotion + contextual reference.

While I do suspect this same thing happens with America and foreign born nationals. I suspect it is a MUCH more common occurrence with language translations – and what is MORE important is HOW WE would feel about this if we were them promoting this.

AND ESPECIALLY – it’s this TONE, context, and believability of the message that I suspect are what’s relayed in language translations on the internet, and NOT PRECISION of language.

That’s why I put down in the messages what I did. There’s a LOT of truth to each. That WILL get relayed. And there’s certainly a little perceptual resentment between these cultures.

So I provided a spark.

That’s it.

Enter your email address to follow this blog and receive notifications of new posts by email.