Does anyone have real-life examples of e-mail being intercepted?
As anyone will tell you, e-mail is not secure. It travels around the Internet in plain text and we should not use it for sending passwords and other sensitive details.
For years I've been designing my systems around this mess - e.g. 'password reset' emails to users must always have an extra layer of authentication. However, I can never help wondering:
How often does e-mail actually become compromised while in transit?
- Is this a real world problem or a theoretical one?
- Does anyone have any case studies / links on real attacks?
- What are the actual methods a hacker might use to steal an e-mail?
Solution 1:
I personally have witnessed live, in-transit, email interception. It was at a technical conference and the session was all about sniffing networks. The instructor just fired her sniffer up on the conference wireless network and within 15 minutes had several POP3/SMTP authentication pairs complete with the retrieved and sent messages. These were laptops out in the conference halls polling their email over unencrypted protocols. Then in the 15-30 minutes after the session the session attendees were doing the same thing once they downloaded the right tools.
I would be very, very surprised if the same kinds of things are not ever done on our Campus WLAN.
As a side note, the instructor also admitted to sniffing her cable-neighbor's traffic. For educational purposes only.
In terms of SMTP processing email is vastly more likely to be intercepted close to the end points. The interested parties are on either end of that conversation. In the middle where the SMTP traffic is flowing over the greater Internet, the interested party is much more likely to be a government than evil hackers.
That said, the biggest interception cases are not grabbing the SMTP transaction in flight, it's grabbing the POP3/IMAP/SMTP/WebMail login which ensures complete interception ability in perpetuity (or at least until the password is changed). This is attempted daily on my network via Phishing. Once credentials are leaked email can be read willy nilly, or more commonly used to send spam by way of our trusted email servers.
To answer your questions, though,
1: Yes, this is a real problem. The biggest exposure is over untrusted (or trusted but unencrypted) wireless networks. And governments.
2: They're out there, but I'd have to google and I'm lazy this Saturday morning. Intercepting actual SMTP transactions not at the endpoint is generally the purview of Governments and corporate security. Hackers generally target mailboxes not the transactions, as they're a much richer target.
3: Sniffing wireless networks for unencrypted email transactions is by FAR the easiest method. Think coffee-shop type setups. Lesser methods like suborning mail servers to grab messages are more theoretical than actual, though much more harmful when they do occur.
Stepping back one step to the topic of password reset emails, hackers who have compromised a mailbox can leverage such emails to compromise other sites. They compromise a gmail account and by looking at messages realize that this person does a lot of business with a certain ecommerce site known to store credit-card information. They go to that site and go through the forgotten-password process (since a LOT of sites now use the email address as the account-name these days) and get the password reset email. They reset the password, which starts the timer on when the account-owner will notice. Evil commences, especially if the ecommerce site is one that displays whole credit-card numbers in the profile.
The sad thing here is that it is entirely possible that the account-owner won't even see the inability to log in as a certain sign that evil has occurred. If they're not using a password-remembering program they could just chalk it up to creeping old age and just reset the password to one they know.
Solution 2:
Your question is a little confusing (talking about emails being intercepted in transmit, but stating that your fix is to make it harder to retrieve the password - that's not transit).
Once the email leaves your network it's going to be divided up into several packets which are likely to take different routes to their destinations. The chances of the whole thing being intercepted along the way is slim.
However, it is trivial for it to be intercepted on either the originating network or the destination network, depending on the setups - especially if these are open wireless networks. They would be intercepted by packet sniffers.
So, the chances of your email being intercepted somewhere in the middle? Slim, but possible and is it a risk your business can take? It's much more likely that it will be either intercepted on one end or the other, or the account will be compromised by an easily guessable password.
EDIT: It's worth noting that just because the whole thing is unlikely to be intercepted, doesn't mean that parts of it won't be. Eg. a credit card number in the body could pass through an untrustworthy network (the Internet!), or the Subject ("I'd advise selling all your shares before our next AGM").