Response from Earthlink

Earthlink was our first web hosting company and ISP.  We switched providers to see if the problems would follow us, they did. 

We wrote the President of Earthlink asking for help with our email hacking issues.  Here are their responses:

Hello Conceal Target Name,

I thought this might help you out…

Where would this interception most likely occur?   

This should help understand how this interception could happen. Someone would intercept a message on the server. This could happen at various points along the way…

    
1. Email privacy – how can it be compromised? 

Before we continue with topics on how to protect email privacy, we should understand how the email system works and what are the issues related to email privacy.

How the email system works.     

Most common way of sending email is using the ISP (Internet Service Provider) or company mail server. When you click on “send” button, your email software will establish an SMTP (SMTP stands for Simple Mail Transfer Protocol) connection to your email server.

Server will attempt to deliver a message directly to your recipient ISP mail server, but in case this server is not accessible at the moment it will deliver the message to the intermediate email server known as MX relay host.

After traveling through the MX hosts, message will be delivered to recipient mailbox on his/her ISP mail server. It will be stored there until your recipient retrieves the message using POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) protocol.

This is how your email message travels through the Internet from the sender’s computer to the recipient’s computer. The same way web mail service work, but instead of email software you would need to use web interface to compose or read emails.

How can an email message be intercepted?
Where it can be intercepted?
  
It can be intercepted at each step along the way. Email message is stored on two servers on its way at least: on sender ISP mail server and on recipient ISP mail server. When traveling through the MX hosts, message is stored on each of MX hosts. 

When your mail is addressed to the bank, investment company, business partners, it can attract attention of IT staff that perform mail server monitoring. And there is nothing that can prevent unscrupulous IT staff with access to the mail server to open and read that message.

Other problem is that unauthorized personnel or hackers can have access to the mail server where physical access security and network security are weak.

There is another way to intercept email messages: Network Traffic Interception.

In most cases Network Traffic Monitoring is performed by government agencies at ISP level.

Email traffic can be rated according to keywords to “suspicious” and stored for later review by government agencies staff – this is how US Carnivore system works. You can read more on network traffic monitoring and how it can be prevented on our “Data interception” page.

Email headers anonymity.     

When analyzing email message we can get lot of information about its sender. Computer IP address, geographic location, time zone, language preferences, computer LAN name, email software used etc., – all this information can be found in email message. And an important point is that all this info is being passed without sender’s knowing about it.

Well, what is bad about it, you can ask. This will depend on the way this information can be used. For example, you may not wish your recipient to know that your operating system uses Dutch language as default (e.g. your native language is Dutch), or that you are in Australia now and use one of the local ISPs services.

All this information can be easily extracted from the email message headers.

Every email message consists of two parts: message header and message body.

Header part can be compared to a letter envelope. It contains message subject, sender’s and recipient’s email addresses, date and time message was sent and arrived, lists the points your message went through on its way to recipient. Message headers also contain service information about sender’s email software. This information is used to deliver message, and allow tech staff to debug email problems when they occur.

Homeland Security / FBI has hooks directly into your system, correct?
Homeland security/FBI has access to every single ISPs email.

After 9/11, they went around and installed software at every ISP (common public knowledge). This software searches for key words and phrases that homeland security deems to be suspect. The original software was called “Carnivore”. I am not sure if the software still goes by this name, but I am sure there are variations of it.

It is illegal to block email correct?  

There are privacy acts out there that protect email reading/interception.

My 2 cents on someone blocking your email to a specific individual from a specific email addy. If someone was blocking those emails completely then it will be known. Eventually, the party who sent the email is going to know the other party didn’t receive it and vice versa. I don’t know why someone would let it be known that an email was intercepted when they could just read the information and tamper with it in some other way. However, its not out of the realm of possibility…

It is also illegal to block email requesting help with a crime, correct?    

 There are privacy acts that protect email in general.

- Conceal Earthlink Rep Name

 

—– Original Message —–

From: “Conceal Name” ConcealName@Name.com
To: “Conceal Rep Name” ConcealName@Name.com
Sent: Monday, March 05, 2007 4:21 PM

Subject: Re: Lundsford Letter Follow Up

> Hi Conceal Rep Name,>

> Where would this interception most likely occur? The
> emails involved complaints about Zone 2, perhaps the
> problem is actually higher in the system.
>
> HomeLand Security / FBI has hooks directly into
> your system, correct? It is illegal to interfere with
> email messages, especially when they involve complaints
> about a crime!
>
> My other email to atlantaga.gov addresses seems to
> get through just fine, this is selective filtering to
> prevent information about the crime from being shared.>
>
> Conceal Target Name>

  
> > From Earthlink Conceal Rep Name

>> Hello Conceal Target Name,>>

>> I received your voicemail messages and the emails. My sincere apologies
>> for not getting back to you until now. I was only in the office for a short
>> while on Friday. Unfortunately, I really am not sure if I will be able to
>> provide you with any assistance . I really wish that I could. It sounds
>> like this is a police matter. If the detectives involved want to subpoena any
>> of our records to better help them with their case they can certainly go
>> through our legal department. I don’t know if any of our records would
>> reveal this interception. If an individual/group is intercepting your email
>> messages it can be very difficult if not impossible to track.
>>
>> The emails you sent me only show the actual text of the email, but don’t
>> indicate anything about who intercepted the messages.
>>
>> I am very sorry that this is happening to you. Have a wonderful Day!
>>
>> - Conceal Earthlink Rep Name>>
>>
>>
>> —– Original Message —–

>> From: “Conceal Name” ConcealName@Name.com
>> To: ConcealName@Name.com
>> Sent: Monday, March 05, 2007 2:45 PM

>> Subject: Lundsford Letter Follow Up
>>
>>
>>> Hi Conceal Earthlink Rep Name,
>>>
>>> I left you several voice mail messages and sent
>>> a few email messages but did not hear back from
>>> you regarding the Lundsford letter. We think an
>>> organized crime ring is using hooks built into
>>> the system for HomeLand Security to intercept
>>> and selectively block our email.
>>>
>>> I really hope you can help us with this. Would
>>> you please confirm receipt of this email so I
>>> know it reached you? Thanks so much!
>>>
>>> Very best wishes,
>>>
>>> Conceal Target Name & Target Company Name>>>
>>>
>>

Leave a Reply