Directory Harvest Attacks

Written by Helen Glenn Court
Bookmark and Share

Email spam has without question reached crisis proportions. This is attributable, in largest part, to directory harvest attacks. What exactly are they? In brief, they're another instance of internet information theft. A hacker--almost without exception a software program--infiltrates ("attacks") a remote network and copies ("harvests") the email directories stored within that network. These include, clearly, the staff directory, but as well vendor, client, and mailing or subscriber lists.

An alternate DHA strategy entails a software program "guessing" at possible email addresses within a specific domain--such as metadelta.com, aplus.net, randomhouse.com, or state.gov. Such programs usually work one of two ways. The first amounts to brute force. That is, the program runs sequentially as only a computer program can through all possible alphanumeric character combinations. The second uses common names and typical nomenclature patterns, such as lastname-firstname or firstinitial-lastname and the like.

These address lists are then bombarded with unsolicited email. This may be pornography, contain virus- or worm-infected attachments, or fraudulent offers. Legitimate mail often fails to get through because network arteries are clogged with spam. Networks face what amounts to mail server heart attacks. The numbers from one email security vendor for a 48-hour period in August 2004 make this clear: 150 organizations, 132,000 harvest attacks, 3.5 million message delivery attempts.

Dealing with Directory Harvesting

Two simple countermeasures come to mind. One is to develop an atypical email nomenclature system that foils DHA methodology. Another is to configure mail servers to accept rather than reject messages with invalid return addresses but to immediately delete them. However, both are band-aids rather than a cure. Unfortunately, technology doesn't yet have an answer to stopping DHA attacks from being launched in the first place. The best strategy of the moment is to prevent the attacks from making into a network. This is precisely what specialized email security vendors offer.


Bookmark and Share