http://www.cnn.com/2003/TECH/internet/04/21/hate.email.ap/index.html
Fake
hate emails mar activists' reputations
NEW YORK (AP)
--Arab-American activist Nawar Shora checked his e-mail one
day and found scores of angry messages asking why he hated
Americans and Jews. The messages were responding to e-mails
marked as coming from him. Only one big problem: Shora never
sent the hate mail.
Shora, a legal adviser to the
American-Arab Anti-Discrimination Committee, was the victim of
a new form of harassment in which fake e-mail is sent using
real addresses.
By exploiting the simplicity and
openness of the Internet's mail protocols, unidentified
provocateurs have been sending incendiary messages posing as
Shora and other Arab-Americans.
The tactic, known as
e-mail spoofing, requires little technical know-how and no
illegal computer break-ins. Yet it has caused a lot of trouble
-- wasting time, damaging reputations and even leading to the
suspension of e-mail accounts.
"One was a long,
detailed essay about how evil Jewish people are and how we
have to kill them all. (Another said) America deserved what it
got as if we were a branch of al-Qaida," Shora said. "In the
times we live in, those are all dangerous. There's already a
negative sentiment against Arab-Americans."
E-mail can
easily be spoofed by tweaking settings on standard e-mail
software. Several Web sites even automate the process by
creating Web-based forms for sending fake e-mail.
It's
analogous to putting someone else down as the return address
on letters dropped in the corner mailbox.
Fake emails
mostly legal
Spoofing generally isn't illegal because
no hacking is required, FBI officials say, leaving prosecutors
with little recourse unless there's a threat of death or
violence involved. And finding culprits is tough -- after all,
they are using someone else's identity.
Though messages
carry an electronic version of the postmark, which can
sometimes betray a spoof, few bother or know how to check.
Instead, they assume the message is genuine.
The
purported senders then get angry replies -- along with e-mails
returned as undeliverable because they went to bad addresses
or full mailboxes. These returns are how individuals and
groups learn they've been spoofed.
As if that weren't
bad enough, someone who used Francis Boyle's address requested
return receipts for each message, leaving the University of
Illinois law professor with 55,000 items when he returned from
a three-week vacation last August.
Boyle, whose
pro-Palestinian viewpoints are controversial, tries to respond
to each message but laments that much of the damage can't be
undone.
The messages harassing Arab-American activists
began about a year ago and intensified as the conflict in Iraq
dominated headlines. Some groups reported another increase
after the United States' invasion last month.
The
Anti-Defamation League, a Jewish civil rights organization,
says it has not been the victim of spoofing. But it stepped in
to help clear a private company, International Information
Systems Security Certification Consortium Inc., which found
anti-Semitic remarks circulating under its name in
September.
The practice isn't limited to the Mideast
and the Iraq war.
Last month, Scottish bankruptcy lawyer
Gregor Murray learned someone had sent out a fake pitch
declaring, "I'm a ruthless bastard and I will screw the
opposition to the wall even if it means bending a few rules."
The firm suspects a losing party sent the e-mail, though
police could not trace it.
Some individuals also found
their names used in junk e-mail. Mike Masnick, president of
Techdirt Inc., got angry replies "using all sorts of language
I wouldn't repeat in normal company."
Spoofing will
only get worse as kids, pranksters and fired employees
discover its ease, said David Ferris, president of a messaging
research firm in San Francisco.
Laura Gurak, director
of the Internet Studies Center at the University of Minnesota,
said spoofing underscores the need for greater cyberliteracy
so Internet users can better sort fact from
fiction.
'You kind of get worn out'
Little can
be done to prevent it without completely reworking mail
protocols, which were developed when the Internet was far
smaller and more genteel. And even changes to require
authentication of senders can threaten whistle-blowing and
other needs for anonymity.
Digital signatures, using
systems like Pretty Good Privacy, can help. Jon Callas, chief
technology officer for PGP Corp., notes that many security
bulletins now carry such signatures so recipients know a
recommendation is for real.
But until more people install
the proper tools and come to expect signatures, PGP won't help
Clark Kissinger, who found anti-Israeli messages sent under
his anti-war petition drive, Not in Our
Name.
Palestinian-American activist and attorney Sami
Mashney also got slammed. His Yahoo Groups accounts were
suspended after the company got complaints. Mashney has spent
countless hours dealing with the fallout and has significantly
reduced his Internet activism as a result.
"You reach a
point where you kind of get worn out," he said.
But others
vow to stay online.
"The Internet is a pretty
rough-and-tumble place," said Ibrahim Hooper, spokesman for
the Council on American-Islamic Relations. "If you're going to
take advantage of the things that it can do for you in terms
of advocacy and outreach, you have to be prepared to deal with
these situations and work around them."
|
(More info,
options.) 
