E-Mail snooping
Bruce Schneider berichtet über eine Idee von Richard M. Smith wie man vielleicht herausbekommen kann ob die NSA - oder eine andere Behörde - E-Mails mit ließt.
Zugegeben die Methode ist nicht wirklich zuverlässig, es könnte auch der Admin des ISP sein, aber trotzdem ein interessanter Versuch.
- Set up a Hotmail account.
Set up a second email account with a non-U.S. provider. (eg. Rediffmail.com)
- Send messages between the two accounts which might be interesting to the NSA.
- In each message, include a unique URL to a Web server that you have access to its server logs. This URL should only be known by you and not linked to from any other Web page. The text of the message should encourage an NSA monitor to visit the URL.
If the server log file ever shows this URL being accessed, then you know that you are being snooped on. The IP address of the access can also provide clues about who is doing the snooping.
The trick is to make the link enticing enough for someone or something to want to click on it. As part of a large-scale research project, I would suggest sending out a few hundred thousand messages using various tricks to find one that might work. Here are some possible ideas:
Include a variety of terrorist related trigger words
- Include other links in a message to known AQ message boards
- Include a fake CC: to Mohamed Atta’s old email address (el-amir@tu-harburg.de)
Send the message from an SMTP server in Iraq, Afghanistan, etc.
Use a fake return address from a known terrorist organization
Use a ziplip or hushmail account.