11/20/99

Forging Hotmail for Dummies

the low-tech lowdown for lobotomites

Through some cruel (but funny) trick of the gods, I was recently asked to appear as an expert witness in court, all because somebody was in a tizzy (read: facing financial hardship) for some e-mails that may (or may not) have been altered and brought to court as evidence. The person presenting the printouts apparently claimed that there was no way they could be forged.

(tee-hee.)

Apparently everyone believed this testimony. Apparently the court lacked both the skills and the paranoia to even vaguely understand that most handwritten letters may be forged by any artist, and most e-mail can be forged by any incompetent cretan. Apparently methods to "really" forge e-mail have been well-documented, but apparently all the retrieved e-mails were from hotmail and yahoo accounts, so apparently the "forger" didn't even have to bother with anything other than screwing with the source. Apparently I got involved for the cash.

And apparently I feel a little guilty about it now.

So, as penance to the illiterate classes out there, I offer for free the easy-route to forging webmail. If you find yourself in a similar situation (faced with a typical case of American Blind Justice), or are just curious, or you just need fodder for making fun of me, keep on reading on. If you are looking for a way to make those sexual harrassment charges you just filed against your boss stick, hire an overpriced law-monkey, you lonely leech.

Step One: getting the original

Q. Do you think you can get their password?

In addition to the numerous well-publicized backdoors , glitches, bugs, and exploits that make Hotmail renowned for its privacy security, you may also retrieve a litigant's password through means more adapted to the computer-illiterati. The first and simplest of which: guess. If you know the person and they happen to be pretty clueless, you might just hit the jackpot. The second way: ask Hotmail. Every time someone signs up for an account, they're asked to create a reminder question that will allow them to access the password. If you know the clueless person in question, chances are real damn good you'll get this one.

But even if lo-tech password cracking doesn't work for you, get them out of the house or office for a while and play on their computer. From the desktop, my little Windows-bunnies, hit F3 to start a file search.

In the "Containing text" box, put their name or e-mail address. You can tell it to search a particularly fruitful directory (like c:\windows\temporary internet files\) or make a pot of coffee while the search crunches through the whole damn hard drive. Once you find something that either looks indecipherable or is named getmsg, you're in business. Just double-click it and it'll show up in your browser.

Step Two: the source

Now view the source (click on view, then source, my precious cabbage). Before we get to the next step, I want to warn you: What you're about to see are the disorganized guts of Hotmail HTML. There is no need to become anxious or alarmed. Trust me.

Step Three: altering the source

Your browser (Explorer, right?) just opened this terrible thing that looks like garbage. Fear not, little villain, the point to making your forgery successful is not screwing with any of the stuff you don't understand!

So chin up and scroll down until you find something that looks like English (or take the easy route and search for text from the original message).

So you've found it? No? Keep on looking. It's there, I promise.

Once you get there, all you need to do is type like you would on any word processor. Note in Figure 5 that the message body is at the bottom, but you can also dick around with the date, from, to, and subject lines up at the top.

Make sure to save this file in a directory where you can find it again, and make sure that, regardless of what you name it, the filename ends in .html

Step Four: Open it and print it out

Get back to Explorer and open your newly forged document. Wow, doesn't that look suspiciously like the original?

Before printing, you might want to make sure that the URL (that awful thing that shows up in the address bar on Explorer) won't show up. Just go to File, Page Setup, and take out anything that says &u in the header and footer spaces. If you've been naughty and somehow gotten the password, look at the original message page in Hotmail and cut and paste the URL into the header or footer (just make sure to double all the ampersands so that they show up on the final print).

Now you're ready to go to court!

CAVEATS

1. You don't really want to try to screw someone over this way. You'll probably get caught or die in a freak accident.
2. Hotmail regularly changes its graphic appearance and advertising. The easy method described above works best for forging supposedly recent e-mail correspondence.