An interesting hack: domain name typosquatting

It's a pretty simple attack that doesn't involve impersonating a web site, just an email server. For example, IBM Sweden's email addresses are se.ibm.com. Register the domain name seibm.com, put an email server there that stores all emails sent to seibm.com, forward them to se.ibm.com, and chances are that the participants in the conversation will never notice.

So a simple typo can reveal highly confidential information.

Two researchers set up several domains in this fashion and in six months harvested 20 gig of data.

Including: contracts from OPEC countries on oil sales and production, business reorganizations, router configuration and passwords, all sorts of wonderful stuff!

The easiest solution is, for example, for IBM to not allow se.ibm.com, force all email through ibm.com, and when you buy a domain to buy all related domains (if possible: org, biz, etc.

Another possibility is to use public key encryption which would cause the message exchange to fail because the recipient's public key couldn't be retrieved by your email server, but there were also arguments about how to get around that. And encrypted email is not easy to use and not often used.

http://www.wired.com/threatlevel/2011/09/doppelganger-domains/