Back to top

Anonymous email authors can be traced

Researchers from Concordia University in California have developed a way to trace anonymous email messages by recognising the author's writing style.

Rather than the conventional method of tracing email back to IP addresses, the Concordia team employs techniques used in data mining and speech recognition, to determine the authorship of anonymous emails. According to a profile of the research published in the journal Digital Investigation, the system is accurate enough to be used as evidence in court.

"In the past few years, we've seen an alarming increase in the number of cybercrimes involving anonymous emails," reports study co-author Benjamin Fung, a professor of Information Systems Engineering at Concordia University. "These emails can transmit threats or child pornography, facilitate communications between criminals or carry viruses."

The approach pioneered by Fung and his colleagues relies on the identification of unique features and frequently occurring patterns.

To determine whether a suspect is the author of a particular email, patterns are identified in emails written by the subject. Any of these patterns which are also found in the emails of other suspects are then filtered out, leaving only those frequent patterns that are unique to the author of the emails being analysed: the suspect's so-called 'write-print'.

"Let's say the anonymous email contains typos or grammatical mistakes, or is written entirely in lowercase letters," says Fung. "We use those special characteristics to create a write-print. Using this method, we can even determine with a high degree of accuracy who wrote a given email, and infer the gender, nationality and education level of the author."

To test the technique's accuracy, the team examined the Enron Email Dataset, a collection of over 200,000 emails sent by 158 employees of the former energy company. Using a sample of ten emails written by each of ten subjects, the researchers were able to identify authorship with an accuracy of 80-90 per cent.

"Our technique was designed to provide credible evidence that can be presented in a court of law," says Fung. "For evidence to be admissible, investigators need to explain how they have reached their conclusions. Our method allows them to do this."

Tags: anonymous, tracing, cybercrime, ip address, email