Fraudulent email: lessons learned from the OzCar scandal

By now, all but the most naïve of us are immune to the promises of Nigerian riches and the disquieting urges to action from banks which find their way into our email inboxes. Fraudulent emails barely rate any action or consideration beyond that needed to delete them from our inbox. Why is it then that the leader of the Australian opposition, and one of Australia’s most senior lawyers besides, has been tripped up by a fake email?

Background

Australian media reporting has been dominated over the last week by the OzCar scandal. The scandal centres around claims that the Prime Minister (Kevin Rudd) has given preferential treatment to a friend and political donor, car dealer John Grant. Mr. Grant had previously given the Prime Minister a car for use in his campaign and contributed financially to his legal and political endeavours.

An apparent smoking gun in the form of an email was referred to in the senate testimony of Treasury official, Godwin Grech. Mr Grech recalled an email from the PM’s office in relation Mr. Grant and the OzCar financial bailout scheme, which Mr. Grech administered. The email was supposed to have been written by the PM’s economic adviser, Dr Andrew Charlton. The opposition leader seized on the email, calling for the PM to resign.

The PM responded by bringing in the Australian Federal Police (AFP) to investigate the email. On the Monday following Mr. Grech’s testimony, they executed a search warrant on Mr. Grech’s home, and very quickly released their preliminary investigation results. They had found the email in question sitting deleted on his computer. They concluded it was a hoax. Further reports have indicated that the email originated within Treasury.

Mr. Turnbull spent the rest of the week defending both his reliance on the fake email, and  claims that the scandal had been orchestrated. He has since suffered a large fall in public satisfaction, as revealed by today’s poll results.

On email authenticity

This matter highlights the need for a greater degree of scepticism when it comes to reliance on email evidence, as compared with its paper counterpart. Modification of text on paper leaves a trace, whereas the substance of email is modifiable without an obvious trace. Hand written signatures go a long way towards authenticating the author of mail; the email equivalent of a signature is technically possible, however its use remains a niche practice.

Email authentication requires additional corroborating evidence and technical expertise. Metadata hidden within an email can indicate, among other things, the path that the email has taken from the sender to the recipient. This data is typically stored with the email, and can be used to detect tampering or outright forgery of emails.

Each server that an email passes through usually makes a note of the receipt and handoff of the email to the next carrier along the way. Multiple copies of the email may additionally be stored in the senders “Sent Items” folder and in archival or disaster recovery backups. Such information can be used to identify which computer an email originally came from.

Gaining access to these evidence sources is time consuming and often involves the cooperation of multiple parties. Determining authenticity based on such evidence then requires a high degree of expertise.

Commentary

It is unlikely that either Mr. Grech or Mr. Turnbull would have had access to the corroborating evidence or possess the expertise required to judge the authenticity of the email. Nor for that matter would the average email user.

Day to day though, email authenticity isn’t a problem. Our society largely manages to muddle along with email as one of our primary communications mediums. The reason it works is that each of us make decisions of trust around every email we receive.

Assuming neither Mr. Grech nor Mr. Turnbull fabricated the email, whoever inside Treasury created and sent the email to Mr. Grech relied on exploiting his trust of emails appearing to come from that source. It appears that Mr. Turnbull trusted Mr. Grech in turn.

This affair may mark the end of this kind of trust in emails as concrete evidence and the general acceptance of their authenticity. Certainly you would think so in the case of politicians attempting to score points against their opponents.

More generally though, the wider implications of the increased awareness of the vulnerability of email to fraud will be felt in our courts, where emails are often cited as evidence in both criminal and civil matters.

As for the fake email which has brought all of this to the public’s attention, presumably the AFP are still investigating who the original concocter of the email was. This investigation should lead to an examination of the computer systems of Treasury, where traces of the email, and hence clues to the original concoctor of the email may well remain. In which case, we wait with bated breath to see the next twist in this political drama.

One Response to “Fraudulent email: lessons learned from the OzCar scandal”