How HP bugged e-mail

Commercial online service was used to track e-mail sent to a reporter in Hewlett-Packard's leak probe, investigator testifies. Images: Commercial e-mail tracking

Hewlett-Packard employed a commercial service that tracks e-mail paths to bug a file sent to a CNET reporter, an HP investigator said Thursday.

HP investigators used the services of to trace an e-mail sent to reporter Dawn Kawamoto in an attempt to uncover her source in a media link, Fred Adler, an HP security employee, said during testimony before a U.S. House of Representatives subcommittee.

Adler's testimony, for the first time since the HP boardroom drama erupted, specified how the company bugged the e-mail it sent to Kawamoto. Moreover, Adler said that it's still company practice to use e-mail bugs in certain cases.

"That was and still is current policy," he said. "It still is sanctioned by my management as an investigative tool, we have used it in the past for investigations, for determining the locations of stolen product and what-not, and we have also assisted law enforcement."

The tracking mechanism provided by ReadNotify would allow investigators to see who opened the file attached to the e-mail, Adler said. The objective was to determine whether the journalist would forward the e-mail to her source, and to then determine the source of the leaks of HP confidential information.

Through ReadNotify, investigators would see when the e-mail attachment was opened and the Internet Protocol, or IP, address of the computer it was opened on, Adler said. An IP address can disclose the geographic location of a user, as well as the Internet service provider used to connect to the Internet.

"We suspected it would be Mr. Keyworth that would be the recipient," Adler said, referring to George Keyworth, the HP board member who has admitted he leaked information to the media.

Click here to Play

Video: Exec: HP traces personal e-mail
Investigator Fred Adler reveals tactics during congressional hearing on Thursday.

During a press conference at HP headquarters last week, Michael J. Holston, a lawyer hired by HP, said that bugging e-mail did not yield results in this case.

ReadNotify, which operates as an online service, provides a free trial that lets anyone send 25 bugged e-mails, according to its Web site. Subscriptions are offered starting at $24 per year. A premium $36-a-year subscription is required to bug files such as Office and PDF documents. A similar service operates as

ReadNotify's service makes bugging e-mail a matter of pointing and clicking. The ReadNotify Web page will generate a document with an image. This image, a green check mark, can simply be dragged and dropped into the document that needs to be traced. The check mark becomes transparent after being dropped.

Users of the service register their e-mail addresses with ReadNotify, then simply append "" to any e-mail address they send mail to if they want the message to be tracked. Recipients won't see this suffix, but could tell from the e-mail headers that the message was relayed.


In the default ReadNotify setting, an e-mail recipient could discover something is awry because a return receipt message may pop up, but the service also has an "invisible tracking" setting, according to the Web site.

ReadNotify offers a range of tracking options. Users can see the IP addresses of those who opened bugged e-mails or documents, including details on when the mail or file was opened. The service also shows some data on the PC and e-mail program. If the mail or file was forwarded, it shows the same data on that person.

The ReadNotify service appears to use what's known as a Web bug, a technique also employed by some e-mail marketers. An e-mail or a document sent through ReadNotify includes hidden links to one or more files hosted by the service. When the message or the file is opened, the program retrieves the files and by doing so checks in with ReadNotify.

Featured Video