When anonymous letters were written by hand, graphologists were called in to identify the likely author. In this day and age when most such mail is sent electronically, it may be difficult to prove that a particular person has written the e-mail(s) in question.
It is not that difficult for computer forensic investigators to identify the machine from which the e-mail was sent, but if that machine is used by a number of users, how can they be sure which of them did it?
According to a study co-conducted by researcher Benjamin Fung, a professor of Information Systems Engineering at Concordia University of Montreal, he and his team developed a technique that allows them to identify the sender of an e-mail with an accuracy of 80% to 90%.
Fung ascribes the success of this technique to the collaboration with the Mourad Debbabi, the resident expert in cyber forensics. “Our different backgrounds allowed us to apply data mining techniques to real-life problems in cyber forensics,” he says.
The premise of the method is actually very logical and simple. Each and every one of us has several writing patterns that encompass grammatical mistakes, the way we use uppercase and lowercase letters, punctuation marks, etc. Once those patterns are identified in the anonymously-sent e-mail, they are searched for in e-mails written by the various potential suspects.
“Let’s say the anonymous email contains typos or grammatical mistakes, or is written entirely in lowercase letters,” says Fung. “We use those special characteristics to create a ‘write-print’. Using this method, we can even determine with a high degree of accuracy who wrote a given e-mail, and infer the gender, nationality and education level of the author.”
According to the Concordia Journal, the technique was tested on a batch of over 200,000 real-life e-mails sent by 158 employees of the Enron Corporation. Ten e-mails from every employee were enough to achieve the previously mentioned high level of accuracy.
Will it be enough for the results to be admissible in court, it remains to be seen. For myself, I see how this technique can come in hand when dealing with all sorts of criminals, but as every technology has the potential to be used for “evil” purposes, I shudder to think about this technique’s likely use to reveal the identities of people who might have a legitimate, “good” reason for wishing to stay anonymous.