HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope

More commonly used by spammers than corporate investigators, use of e-mail tracers, commonly known as Web bugs, is serious enough for federal investigators to seek court approval before employing one.

To gain intelligence about the media leak on its board of directors, Hewlett-Packard used a technology normally employed mainly by spammers and hackers--an e-mail tracer. It's actually such an illicit tool that government investigators get court approval to use one.

"We see it a lot from spammers," says Alex Shipp of MessageLabs, an e-mail security company based in New York. "Especially from the bad guys, yes, we see it. You don't generally see the good guys using it."

What HP executives have referred to as an e-mail tracer is generally known as a Web bug. It's a way to find out if someone has opened his or her e-mail or if that person has forwarded the message on to someone else who has opened it. It works several different ways. One way is to hide a link in the body of the e-mail message or in an attachment. The user doesn't need to click on the link. It will fire up and connect to a Web page, for instance, all on its own. If the link is hidden in an attachment, the user needs to open the attachment, but doesn't need to go the extra step of clicking on the link.

Few people have access to the Web page that the link goes to. When it gets a hit, it's easy to see when the hit came in and what IP address it came from. "If Fred Smith [logs a] hit, you know there's only one e-mail in the entire world to cause that action, so Fred Smith must have seen that e-mail and read it," explains Shipp. "You know how many people read it, and you know the IP address that touched the Web server."

It's "pretty trivial" to create the e-mail tracer or Web bug by adding active scripting or an attachment to the e-mail, according to Ken Dunham, director of the rapid response team at VeriSign iDefense Intelligence based in Mountain View, Calif. "You get it to phone home essentially," he adds.

And that's exactly what HP investigators were hoping their e-mail tracer would do.

On Friday, Sept. 22, both HP CEO Mark Hurd and attorney Mike Holston admitted that the company's investigators created the fictitious persona of a disgruntled HP senior manager, along with an e-mail address for this nonexistent person, all in an attempt to con a reporter into revealing the identity of her secret source. As part of their sting, they sent the reporter an e-mail with a tracer in an attachment. Investigators hoped the reporter would forward the message on to her contact on the board, and that the tracer would send that person's IP address back to HP, pinning down the identity of the leak.

The ruse might not have even worked, though. Holston, who is an attorney with Morgan Lewis, a law firm retained by HP to look into the media leak investigation, says there was no confirmation that the tracer was ever activated.

Ken van Wyk, principal consultant for KRvW Associates, says there are a lot of reasons the tracer might have failed. First off, it's possible the reporter never opened the attachment. It's also possible that if she forwarded the message on, she left off the attachment. And the reporter and her source might have been using a browser that disables script from connecting to the Internet without the user's permission.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll