T 5.77 Unauthorised monitoring of emails

Normally, emails are transmitted in clear text. In the absence of cryptographic protection, the emails can be monitored in an unauthorised manner or even changed unnoticed on all IT systems used for data transmission. When transmitting emails via the internet, a very large number of IT systems may be involved without previously knowing the exact route of transmission. The route of transmission depends on the utilisation and availability of the gateways and parts of the network. An email from one part of the city to another may even be transmitted via another country.

Incoming emails may also be accessed using the mailbox operated with the mail server of the recipient. It contains all received emails; depending on the configuration not only the unread emails, but an archive with all messages received in the past months. At least the system administrator of the mail server can access these. In some cases, copies of outgoing mails are saved on the mail server as well. However, the user mail program saves these copies to the computer of the sender in many cases.

Examples:

• Several Microsoft-internal emails were used in the antitrust method by the other party in order to substantiate its position. Some of the emails contained defamatory statements about the competitors of Microsoft.
• A provider provides services using the internet. In order to use the services, registration with the provider's server is required. The authentication information required was sent to the customers in an email. By monitoring these emails in an unauthorised manner, an attacker can register to the server of the provider and charge services to the account of the registered customers without having the corresponding authorisation.