Recalling an email (given access to the server)

wendymarlowe · Apr 8, 2015

Here's the setup:

Heroine works at a university. EvilEx is a former IT employee who left himself some backdoors and has been mucking around in the university servers for nefarious reasons. Hero is a computer guru hired by the university to figure out what's going on and catch whoever's behind it (EvilEx).

At the big black moment, EvilEx sends a damning email, seemingly from Heroine's account, to everyone in her address book. Hero has full access to the university mail server and happens to see the email immediately.

So my question: realistically, is there anything Hero can do to keep some or all of the emails from reaching their destinations? I assume people who read their email instantly will still probably see it anyway, but can he recall or delete it for people (from a variety of providers, some with the university and some not) who haven't seen it yet? What about if there's a picture attached - can he do anything about that?

Plot-wise I'd like at least some people to see the email, but it would be nice if there were something the Hero could do to save the day (or at least mitigate the damage).

Drachen Jager · Apr 8, 2015

It's basically impossible for anyone short of the NSA to go in and delete e-mails from a variety of servers unless they have administrative rights on those servers.

The hero could delete the e-mails from the servers he controls (university accounts), but if he was caught he'd probably lose his job and maybe end up in jail.

wendymarlowe · Apr 8, 2015

The hero does have administrative rights to pretty much everything at the university (as does EvilEx). Why do you say he'd end up in jail? Is there some aspect of what I'm trying to have him do that would be illegal?

Bing Z · Apr 8, 2015

No idea about the university's email server.

In Gmail, one can recall messages already sent within up to 30 seconds. So you can have your EvilEx use a certain "webmail" and the hero is lightning fast. Or, since it is possible with Gmail, it should be possible or plausible with the university's email server, no?

Drachen Jager · Apr 8, 2015

wendymarlowe said:
The hero does have administrative rights to pretty much everything at the university (as does EvilEx). Why do you say he'd end up in jail? Is there some aspect of what I'm trying to have him do that would be illegal?

Yes, those emails are the property of the recipients. Under the circumstances he probably wouldn't go to jail, but depending on jurisdiction and such he might.

http://communications-media.lawyers.com/privacy-law/email-hacking-is-a-serious-crime.html

(not quite the same, but a good start point)

TessB · Apr 9, 2015

There's a message recall function in Microsoft Outlook (server version): https://support.microsoft.com/en-us/kb/197094/ That would do pretty much exactly what you need. Various IT setups would have this enabled or disabled, and university policies may, of course, be different depending on whether you need him in trouble for it or not. Hero would have to have access to heroine's account, but only her login would be needed.

A useful note that may help with the 'some people see it' issue:

" If you received an email message and a message recall while you were offline, when you connect, Outlook tries to processes the recall message before the original message is synchronized. In this scenario, the message recall fails."

(I wrote documentation for my campus' install of Office Exchange years ago, and our recall feature was blocked.)

MythMonger · Apr 9, 2015

I'm a network admin, and having an email recalled is like the Holy Grail. Everybody wants it, but nobody quite gets what they want.

My experience with Outlook is that a recall simply sends a second email saying the first email was recalled. The first email could still be opened, though. Things may be different with a server version, I don't know.

A system admin could potentially reset the passwords of everyone so they couldn't get into their emails until the heroine has deleted the undesired email, one at a time.

You might have the university system email as a custom program instead of an Outlook or something. One where the email recall function works flawlessly within the network.

Anything sent outside of the network would have the same recall problem, but it sounds like you want some of this to happen anyway.

Another option might be to have the attached photo racy enough that a kind of porno spam filter intercepts it before anyone can receive it. Have it in place for incoming email only and the people using other servers can still get it.

King Neptune · Apr 9, 2015

wendymarlowe said:
At the big black moment, EvilEx sends a damning email, seemingly from Heroine's account, to everyone in her address book. Hero has full access to the university mail server and happens to see the email immediately.

So my question: realistically, is there anything Hero can do to keep some or all of the emails from reaching their destinations? I assume people who read their email instantly will still probably see it anyway, but can he recall or delete it for people (from a variety of providers, some with the university and some not) who haven't seen it yet? What about if there's a picture attached - can he do anything about that?

Plot-wise I'd like at least some people to see the email, but it would be nice if there were something the Hero could do to save the day (or at least mitigate the damage).

There is no practical way to find each copy of the email within a reasonable amount of time; not ever the NSA can do that.

I assumed that the Heroine's address was spoofed, so it will be easy to demonstrate that she didn't send it, and the real senders address may be there in the full headers.

TessB · Apr 9, 2015

Office Exchange does work a bit differently, because it does have that central server to work from. It tries to delete the email, but can't get to anyone who has already downloaded the email and then gone offline.

Recall and replace a message

You send an e-mail message, asking your co-workers to review the sales figures for this year, but you forget to attach the sales figures. After you send the message, your Inbox is flooded with messages that ask "What attachment?", "I didn't get the attachment!", or "Can you resend the attachment?"

How can you undo your error? You can recall the original message and then resend it with the missing attachment. For all of your co-workers who haven't opened the message yet, you can perform an e-mail sleight of hand and replace the original message with another one that contains the attachment.

More explanation

Bolero · Apr 9, 2015

Not quite the same as recall, but I have had the experience of batches of emails being deleted in a company network. I was admin on a automated tracking system, which sent out emails when things changed state. One morning no emails at all from the system. Do some test things sent to my own email address - no emails.
After a morning with company IT doing tracking it turned out that the server of the system I ran was in office building 1, and it had a complex routing of internal mails that basically for reasons best known to IT, went through several other servers in several other locations before it was distributed. There had been a hack attack on one of the servers in the chain, including lots of spam hitting the system, so the server had responded by dumping everything into a spam folder and then some helpful soul had deleted the lot.

Other than that, recall is not that clean. If you are using something other than Microsoft Outlook then any recall from Microsoft Outlook doesn't work at all.

Alternative thought for you - can you get the email buried in spam? Rather than doing a recall, how about sending out tons of really stupid emails from the same account so the worst one is a needle in a haystack of tons of trash?

Casey Karp · Apr 10, 2015

Let us not forget that on any system where the e-mails remain on the server (i.e. any using IMAP and/or webmail), it's quite possible to delete the messages even if the recipient has already read it. The downside is that a number of companies and universities use GMail for their e-mail; Hero's going to have a harder time hacking Google than a system at the university that he has legitimate or semi-legitimate access to.

One additional point to keep in mind: for legal reasons, many e-mail systems are configured to keep an archive of all messages. Even if Hero manages to keep some or all of the recipients from seeing the e-mail, there may still be a secured archive on a separate system that would make the meddling clear.

wendymarlowe · Apr 10, 2015

Thinking out loud . . . what if he were to flag it in the server as spam? Obviously the people who used non-university email accounts would still receive the whole thing normally, but would it be possible for the hero to trick the university email program into delivering that specific email to people's spam folders instead of their inboxes?

Thewitt · Apr 10, 2015

Once you send me an email, it's mine. You can do nothing to it and have no access to my email server. You can request a recall, but I will ignore you. You cannot alter it after the fact in my environment without hacking into my mail server. Even then if I've used a POP client, it's already been copied to my reading device so even I f you delete it from my server I'm still going to see it.

WeaselFire · Apr 11, 2015

Simple way to do this is have the email trigger an outgoing spam program that quarantines the email in question from distribution outside the university system. Install this system after the evil doer is no longer associated with the university so they simply don't know to look for it. The bad guy can see the email because it was received on an internal university account he has, while the email never gets to any external systems.

Then your good guy can wipe the offending email from the system, removing it from all delivered mailboxes in the system. If he's good, he can script this and have it happen in minutes. Even users who think they saw the email will no longer have it in their mailbox to view. This doesn't work on the student email systems but will definitely w\ork on faculty and internal systems where it's very easy to have strict policies in effect.

I've done all this in a prior life as an email admin, so it's definitely possible. And we nailed the guy who did it, charged him with a number of offenses and he ended up pleading guilty and paying fines to get just community service and probation. We also billed for the cleanup, as far as I know they're still waiting for payment there...

Jeff

wendymarlowe · Apr 11, 2015

WeaselFire, out of curiosity, do you remember any of the specific things he got charged with? The villain in my story is responsible for installing a backdoor into the university servers and mucking around with some of the data and also this email thing, but I'm kind of taking a stab in the dark as to what actual crimes he'd be charged with

WeaselFire · Apr 12, 2015

wendymarlowe said:
WeaselFire, out of curiosity, do you remember any of the specific things he got charged with? The villain in my story is responsible for installing a backdoor into the university servers and mucking around with some of the data and also this email thing, but I'm kind of taking a stab in the dark as to what actual crimes he'd be charged with

There are a number of crimes related to hacking now. My perp got nailed for stalking, sexual harassment and they tried to get him for domestic violence but either the plea killed that charge or there wasn't enough evidence he actually followed through on the threats.

I've had three other cases like this over the years, none of which resulted in criminal charges. Basically revenge porn sent over email.

The most common cases result in civil charges or charges related to identity theft and fraud. A lot of crime with computers that ends in charges and sentencing relates to sexual crimes, trafficking in sex, promotion of sex with a minor, child pornography, etc. It's hard to get courts and district attorneys worked up about the actual trespass on the network unless it's related to government secrets or cyber terrorism.

If you need a criminal charge, have him access a server that has a Department of Defense project on it, that usually gets Homeland Security's attention. Even if he didn't actually do anything with the top secret files, the Feds will still be happy to make him squirm.

Jeff

King Neptune · Apr 12, 2015

I wondered about hacking charges, so I looked around, and it appears that the only charge for unauthorized access to a "protected" computer is a misdemeanor, but it can be upgraded depending on what the hacker does.

http://www.pagepate.com/experience/criminal-defense/federal-crimes/federal-computer-crimes/

wendymarlowe · Apr 12, 2015

Thanks so much - all this information has been really helpful. I've been vague on what the villain is intending to accomplish through his hacking (since the protagonists don't entirely know), but this will help me hone in on something plausible.

Recalling an email (given access to the server)

wendymarlowe

writer, mother, geek

Drachen Jager

Professor of applied misanthropy

wendymarlowe

writer, mother, geek

Bing Z

illiterate primate

Drachen Jager

Professor of applied misanthropy

TessB

The Boxing Baroness

MythMonger

Willing to Learn

King Neptune

TessB

The Boxing Baroness

Bolero

Casey Karp

wendymarlowe

writer, mother, geek

Thewitt

WeaselFire

Benefactor Member

wendymarlowe

writer, mother, geek

WeaselFire

Benefactor Member

King Neptune

wendymarlowe

writer, mother, geek