Facebook: Ceglias alleged Emails, fraud or not?

In the past few days, news has been soaring with a new episode of the Ceglia-Facebook-Zuckerberg saga. Are we at “Facebook: A New Hope “Ceglia Strikes Back“ The Return of The Facebook I’ve lost count. One count that is most definitely not lost, though, is Facebooks worth. Evaluated at $50 Billion and with over 600 million users, the popular social media is an ideal target for all kinds of claim.

Ceglia’s new lawsuit claims 84% of Facebook. The complete claim is available on the Wall Street Journal. We’re talking a settlement of hundreds of millions, if not billions of dollars. The bait is there.

In 2009, Paul D. Ceglia and his wife were arrested on the count of fraud for a wood pellet company. So the question that comes right away is obvious.

Is this fraud? Are emails easy to manipulate?

When we examine the case, outside the fact that there’s a contract involved that may or may not be legitimate which is the crux of the matter, part of the evidence seems to be Emails exchanged between the two parties that have been manifested on the part of the plaintiff seven years after the fact.

We do not have access to the original Emails obviously, but we would like to say though that Emails are imminently falsifiable and are a poor exchange mechanism for contract negotiations when it comes to trying to establish a paper trail unless a number of conditions are knowingly present during the exchange.

Ideally, for Emails to be legitimate, you need:

1. Copies of the emails from interlocutor A
2. Copies of the emails from interlocutor B
3. Transaction logs from interlocutors mail server
4. Transaction logs from interlocutor Bs mail server
5. Ideally, Emails should be digitally signed

In the case we’re interested in, events transpired in 2004 (7 years ago). In all likelihood, the logs from the sending and receiving parties have probably been deleted a long time ago. It’s also likely that both parties never used digital signatures and this is not alluded to in the case anyhow. Finally, it’s probably the case that the messages at the receiving end were deleted. So all we are left are the Emails at the senders end (plaintiffs). So at this point, items 2 through 5 are eliminated. All you are left with is item 1.

You can see where this is going.

Messages are imminently falsifiable.

All you need is an IMAP mailbox, a mail server that saves messages in a text-file format (which is pretty much most *nix based servers and most windows-based mail servers), and a little bit of hutzpah.

The process is fairly simple:

• Create a series of fake exchange between you and interlocutor and store them in your IMAP mailbox on a local mail server you would use for this purpose.
• Go to the mail servers physical storage folder where messages are stored. This usually works best with a mail server that stores each message as an individual text file.
• Modify each message one by one by changing the headers of the sending mail server and recipient server to make it look like there was an actual dialog between mail servers.
  • It helps out if you can scope out the recipients institution/organisation where they were to see what likely IP ranges they would be in to be able to make it look good.
  • You would need the IP address they were located at and the IP address of one of the MTAs they would’ve used. Looking on Usenet can give you some clues [google groups] since you can go fairly far back in the past and try to find messages on Usenet coming from people from the same institution/organisation. This can give you IP addresses, message IDs, and even MTAs used at the time. Barring that, A little bit of social engineering could be required here.
  • Once you’ve gathered the necessary info, all you need to do is edit by hand each individual file and carefully put in messages-IDs, mail routes and timestamps that make sense … be careful to make sure the timeline is respected (ie: the chronology needs to be respected after all). You can use headers from legitimate emails sent and received with real parties as models.
  • Use the command line TOUCH utility (you can get it from anywhere) to change the time stamp on the physical files if you want that special TOUCH of authenticity.
• Once you go into your IMAP mailbox again, just drag those modified emails to a local mail client folder. Voila. Blackmail material!

Unless you can prove beyond the shadow of a doubt that the plaintiff simply doesn’t have the technical know how to do the above or doesn’t know anybody who does, it’s quite plausible that the Emails have been faked.

Conclusion: Email is crappy evidence.

References:

• The Guy Who Says He Owns 50% Of Facebook Just Filed A Boatload Of New Evidence And It’s Breathtaking BusinessInsider.com
• Another Facebook co-founder shows evidence of alleged fraud, VentureBeat.com
• Paul D. Ceglia vs. Mark Elliott Zuckerberg, WallStreetJournal
• Self-Proclaimed Facebook Owner Paul Ceglia And Wife Arrested For Grand Larceny After Failing To Deliver Wood Pellets, BusinessInsider.com