NHK 'Digital Tattoo' Episode 5: IT Technology and Law
The NHK Saturday drama “Digital Tattoo,” which aired its final episode on June 15th, is a drama featuring a lawyer as the protagonist, dealing with topics such as reputational damage control on the internet. As the lawyer responsible for the original plan of the drama, I will explain the legal procedures and IT technologies that appear in the drama.
https://monolith.law/reputation/nhkdrama-degitaltatoo-04[ja]
Identifying Anonymous Email Senders
In the final episode, episode 5, a scene was depicted where one of the dual protagonists, YouTuber Taiga (Daisuke Ito) (played by Mr. Kosuke Seto), confronts his father, the politician Hidemitsu Ito (played by Mr. Masato Ibu). Up to this point, Taiga has been investigating the “culprit” who sent instructions via email to the thug who attacked him, and found that the culprit was in Hidemitsu Ito’s office, by analyzing the emails received by the thug.
Using this scene as a subject, we will explain the technical methods to identify the sender of an email.
“I caught the man who attacked and made him talk. Instructions to target Daisuke-kun through a dark website came from this office.”
Digital Tattoo Episode 5
The corresponding scene is from episode 1.
“(Twisting his arm) Who asked you? Who asked you to attack Taiga?”
“I, I don’t know.”
“Who asked you! Speak up!”
“On, on a dark website…”
“A dark website?”
“I got an email, they threatened me with a million yen…”(Omitted)
“Show me that email!”
Digital Tattoo Episode 1
Of course, the culprit who gave instructions to the thug is not openly stating, “I am from Hidemitsu Ito’s office”. They are likely using an anonymous email address, such as Yahoo!, and giving instructions anonymously through a “dark website”. However, even in such cases, there are instances where the sender of an email can be investigated using IT technology.
Investigation of Email Transmission Routes through Email Header Analysis
When you open an email on your smartphone or Gmail, information such as the “sender” and “subject” are displayed in addition to the body of the email. This information, other than the body of the email, is recorded in an area called the “email header”. By understanding and analyzing this “email header”, you can investigate the transmission route of the email to some extent.
First, think of a postcard. A postcard has a front and a back. The body of the message is on the back. On the front, there is information such as the sender and recipient, as well as postmarks.
The relationship between the “email header and the body of an email” is similar to the relationship between the “front and back of a postcard”. If you only want to see the content of the letter, you don’t need to look at the front. You look at the front of the postcard to find out who the letter came from and when it was likely posted. That’s the kind of information you get.
And that email header is appended after sending. It works in a similar way to how postmarks are stamped on postcards.
How to Check Email Headers in Gmail
In Gmail, you can display the email header by opening the email and selecting “Show original” from the icon in the top right corner.
Email headers are progressively appended at the top during the transmission process. Explaining how to read them in detail would involve a rather intricate discussion, so we’ll skip that for now. However, due to this “appending at the top” mechanism, the IP address of the email sender appears at the very bottom of the email header. It’s akin to being able to determine the location of the post box where a postcard was first mailed by looking at the email header.
There are cases where the sender can be identified from the IP address of the email sender
In this drama, the sender was someone from Hidemitsu Ito’s office, and the office’s IP address was the source of the email. In the case of fixed lines such as homes and offices, there are patterns where the IP address changes daily and patterns where it does not change (so-called fixed IP address). Although it is omitted in the drama, the IP address of Hidemitsu Ito’s office is fixed, and Taiga must have noticed in some way that “this (fixed) IP address is the IP address of Hidemitsu Ito’s office”.
As for this “some way”, based on the depiction in the drama, it is probably the following method.
First, the “mail server” is denoted by the IP address and the corresponding host name. If you have acquired a unique domain and set up a mail server in your home, the host name itself will include Hidemitsu Ito’s unique domain, such as “smtp.itouhidemitsu.jp”, and it will be obvious at first glance from the email header containing the host name that it was sent from Hidemitsu Ito’s server.
Also, if it is a fixed IP address, there are cases where the culprit can be identified by comparing it with past emails. For example, if a former lover is sending harassing emails anonymously, even if the email address itself is “anonymous”,
- The IP address listed in the email header of the email during the relationship
- The IP address listed in the email header of the anonymous harassing email
If they match, it is clear that “the culprit is the former lover”.
In the case of the drama, Taiga had almost no interaction with Hidemitsu Ito for many years, and it seems that he only occasionally talked to the secretary on the phone, so it is unclear whether he knew the (fixed) IP address of Hidemitsu Ito’s office. It is likely that Hidemitsu Ito’s unique domain was included in the host name itself.
However, identifying the sender from the email header (containing the sender’s IP address) is an exceptional case. Generally speaking, this investigation is quite difficult.
” style=”flat” background=”#2FA8E1″ size=”5″]Click here for a detailed explanation of “Digital Tattoo“Category: Internet