Work emails being intercepted & edited !?!!

[medhead]

Umm so apparently a close family member has evidence that his work emails have been intercepted, edited to give the opposite meaning (eg approved becomes not approved) and then released to the recipient.

 

[penegal]

Re: The totally off-topic thread

Umm so apparently a close family member has evidence that his work emails have been intercepted, edited to give the opposite meaning (eg approved becomes not approved) and then released to the recipient.

That is a very serious accusation... and extremely concerning if true...

 

[medhead]

The totally off-topic thread

That is a very serious accusation... and extremely concerning if true...

Yes very serious. The evidence apparently has been passed on to the global head office and they are investigating.

He has been having hassles with some people for a while.

I've only heard this third hand via another family member.

 

[robd]

Re: The totally off-topic thread

Yes very serious. The evidence apparently has been passed on to the global head office and they are investigating.

He has been having hassles with some people for a while.

I've only heard this third hand via another family member.

Sounds very sinister.

 

[Pushka]

The totally off-topic thread

That involves not just accessing another person's email account which happens, but changing the intent of those emails is pretty dire.

But wouldn't the original (correct) emails have already been sent? Otherwise there isn't an email to change?

 

[medhead]

The totally off-topic thread

Sounds very sinister.

There just seems to have been an ongoing campaign against this person for 3 or more years. Hassles at work. I've read some of the stuff in the passed 6 months that is used against him and it's pretty weak. I guess someone may have decided creating problems is a good way to further their case.

That involves not just accessing another person's email account which happens, but changing the intent of those emails is pretty dire.

But wouldn't the original (correct) emails have already been sent? Otherwise there isn't an email to change?

I have no idea how it could be done. But this would be by someone who has access to control how the sent email is handled by the servers and such.

 

[Pushka]

Re: The totally off-topic thread

There just seems to have been an ongoing campaign against this person for 3 or more years. Hassles at work. I've read some of the stuff in the passed 6 months that is used against him and it's pretty weak. I guess someone may have decided creating problems is a good way to further their case.



I have no idea how it could be done. But this would be by someone who has access to control how the sent email is handled by the servers and such.

That would mean some good involvement from IT also. I'm just thinking about our server and how it could be done. The way I'm thinking is that emails have been saved in a draft folder and then that was accessed by the third party, altered and then sent.

Usually once the "send" is clicked it goes through the server and is sent to the recipient within seconds.

 

[anat0l]

Re: The totally off-topic thread

Umm so apparently a close family member has evidence that his work emails have been intercepted, edited to give the opposite meaning (eg approved becomes not approved) and then released to the recipient.

That's pretty serious - as mentioned it's likely some sort of hack/intercept and misrepresentation. They were probably sinister enough to cook up the audit logs too, so it would be more difficult to track them.

Looks like he'll have to rely mostly on the telephone for a bit.

 

[OATEK]

Re: The totally off-topic thread

That would mean some good involvement from IT also. I'm just thinking about our server and how it could be done. The way I'm thinking is that emails have been saved in a draft folder and then that was accessed by the third party, altered and then sent.

Usually once the "send" is clicked it goes through the server and is sent to the recipient within seconds.

It is possible to manage the mail flow for an individual through the exchange interface (assuming a Windows Server is used). But even so, there would be some log file entries when someone was making the changes to hold the email for editing, and it is hard to hack the log files as they are generally backed up. So it should be possible to to track who is doing things if it is in the server. And locking the PC when leaving the desk is a good way to prevent someone accessing the drafts folder when the user is away.

 

[Pushka]

The totally off-topic thread

It is possible to manage the mail flow for an individual through the exchange interface (assuming a Windows Server is used). But even so, there would be some log file entries when someone was making the changes to hold the email for editing, and it is hard to hack the log files as they are generally backed up. So it should be possible to to track who is doing things if it is in the server. And locking the PC when leaving the desk is a good way to prevent someone accessing the drafts folder when the user is away.

The first explanation involves quite significant IT manipulation into the server from someone who has those rights to do that. It requires a high level of password control. And time. And would mean that all emails from that address would be hijacked.

The draft folder was kind of a throwaway as I couldn't think of how else it could happen without the emails being sent correctly in the first place.

 

[medhead]

Re: The totally off-topic thread

<moved to other thread>

That would mean some good involvement from IT also. I'm just thinking about our server and how it could be done. The way I'm thinking is that emails have been saved in a draft folder and then that was accessed by the third party, altered and then sent.

Usually once the "send" is clicked it goes through the server and is sent to the recipient within seconds.

Yes, IT involvement. Part and parcel of the job. Not email client related, no drafts folder. But email server related. Something like the email is intercepted at the server level and edited before being delivered to the recipient. But as I said I have no idea how this would be done.

Apparently the evidence has been gathered. Will be interested to see what ends up happening.

 

[Pushka]

Re: The totally off-topic thread

Umm, yes IT involvement. Part and parcel of the job. Not email client related, no drafts folder. But email server related. Something like the email is intercepted at the server level and edited before being delivered to the recipient. But as I said I have no idea how this would be done.

That's pretty significant then.

 

[anat0l]

Re: The totally off-topic thread

Yes, IT involvement. Part and parcel of the job. Not email client related, no drafts folder. But email server related. Something like the email is intercepted at the server level and edited before being delivered to the recipient. But as I said I have no idea how this would be done.

Apparently the evidence has been gathered. Will be interested to see what ends up happening.

Although I can't comment on the exact mechanics, it would not be too hard to intercept email at the server level and edit it before forwarding on. Spam filters csn operate at this level, as do other services like bleeping out words or the like. Of course, such actions are scripted rather than a manual process.

Just hoping that when they investigate accounts, the perpetrator has not as well hacked the victim account to plant the false emails in place of the sent items. Or, perhaps the discrepancies will be hidden during the investigation but restored after the heat dies off. AFAIK the "Sent Items" is a direct copy rather than a 'send to self' instruction so it doesn't need to go through a mail server. Sending an email to someone and comparing the time they receive the message with the time sent from the sender's system would be interesting.

I guess there are subtle hints when people don't want you. To be honest, I don't hold a lot of faith in the investigation let alone disciplinary process (if there is one). Good luck to him.....

 

[medhead]

Re: The totally off-topic thread

Although I can't comment on the exact mechanics, it would not be too hard to intercept email at the server level and edit it before forwarding on. Spam filters csn operate at this level, as do other services like bleeping out words or the like. Of course, such actions are scripted rather than a manual process.

Just hoping that when they investigate accounts, the perpetrator has not as well hacked the victim account to plant the false emails in place of the sent items. Or, perhaps the discrepancies will be hidden during the investigation but restored after the heat dies off. AFAIK the "Sent Items" is a direct copy rather than a 'send to self' instruction so it doesn't need to go through a mail server. Sending an email to someone and comparing the time they receive the message with the time sent from the sender's system would be interesting.

I guess there are subtle hints when people don't want you. To be honest, I don't hold a lot of faith in the investigation let alone disciplinary process (if there is one). Good luck to him.....

I'm really interested to know what the evidence happens to be; he has the same level of access to the computer system as whoever would have done this, if not greater access.

 

[serfty]

Re: The totally off-topic thread

...

Apparently the evidence has been gathered. Will be interested to see what ends up happening.

What document versions remain in the "outbox" ?

 

[medhead]

What document versions remain in the "outbox" ?

I really don't know. Just got this third hand via another family member. Not sure when I'll have a chance to discuss with them directly. I guess one assumption might be the evidence is that 'outbox' version is different to the other persons inbox version. But then that would be incredibly stupid for someone to leave something so basic if they were doctoring emails.