HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

HP's E-Mail Tracer Plan Pushes Ethical, Legal Envelope

More commonly used by spammers than corporate investigators, use of e-mail tracers, commonly known as Web bugs, is serious enough for federal investigators to seek court approval before employing one.

To gain intelligence about the media leak on its board of directors, Hewlett-Packard used a technology normally employed mainly by spammers and hackers--an e-mail tracer. It's actually such an illicit tool that government investigators get court approval to use one.

"We see it a lot from spammers," says Alex Shipp of MessageLabs, an e-mail security company based in New York. "Especially from the bad guys, yes, we see it. You don't generally see the good guys using it."

What HP executives have referred to as an e-mail tracer is generally known as a Web bug. It's a way to find out if someone has opened his or her e-mail or if that person has forwarded the message on to someone else who has opened it. It works several different ways. One way is to hide a link in the body of the e-mail message or in an attachment. The user doesn't need to click on the link. It will fire up and connect to a Web page, for instance, all on its own. If the link is hidden in an attachment, the user needs to open the attachment, but doesn't need to go the extra step of clicking on the link.

Few people have access to the Web page that the link goes to. When it gets a hit, it's easy to see when the hit came in and what IP address it came from. "If Fred Smith [logs a] hit, you know there's only one e-mail in the entire world to cause that action, so Fred Smith must have seen that e-mail and read it," explains Shipp. "You know how many people read it, and you know the IP address that touched the Web server."

It's "pretty trivial" to create the e-mail tracer or Web bug by adding active scripting or an attachment to the e-mail, according to Ken Dunham, director of the rapid response team at VeriSign iDefense Intelligence based in Mountain View, Calif. "You get it to phone home essentially," he adds.

And that's exactly what HP investigators were hoping their e-mail tracer would do.

On Friday, Sept. 22, both HP CEO Mark Hurd and attorney Mike Holston admitted that the company's investigators created the fictitious persona of a disgruntled HP senior manager, along with an e-mail address for this nonexistent person, all in an attempt to con a reporter into revealing the identity of her secret source. As part of their sting, they sent the reporter an e-mail with a tracer in an attachment. Investigators hoped the reporter would forward the message on to her contact on the board, and that the tracer would send that person's IP address back to HP, pinning down the identity of the leak.

The ruse might not have even worked, though. Holston, who is an attorney with Morgan Lewis, a law firm retained by HP to look into the media leak investigation, says there was no confirmation that the tracer was ever activated.

Ken van Wyk, principal consultant for KRvW Associates, says there are a lot of reasons the tracer might have failed. First off, it's possible the reporter never opened the attachment. It's also possible that if she forwarded the message on, she left off the attachment. And the reporter and her source might have been using a browser that disables script from connecting to the Internet without the user's permission.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll