How CIA Director David Petraeus’s Emails Were Traced (and How to Protect Yourself)
Late last week, CIA director David Petraeus stepped down from his position after an FBI investigation revealed an extramarital affair with his biographer, Paula Broadwell. Curiously, the revelation of the affair came about using location data from Gmail. Here's how the FBI put together the pieces, and how you can keep them from doing the same to you.
As you'd expect, the timeline of the affair itself is terribly complicated, and to understand the email trace that lead to the outing of the relationship, we do need to vaguely understand what happened with the affair. Here's a very brief summation of the events.
According to the Wall Street Journal, the original red flag that caught the FBI's ear was a series of anonymous, threatening emails sent to Jill Kelley, a Florida woman who organized military social events. The FBI then traced those threatening emails to their origin—probably with an IP address given up by Google—to Paula Broadwell. The FBI then got a warrant to monitor those email addresses, and eventually stumbled upon another email account where Petraeus and Broadwell left drafts of messages for each other:
We've shown you plenty of ways to keep your browsing anonymous before, and most of those same tricks work here if you're using a webmail client. Even still, the only surefire way to evade a FBI trace is to keep your private data offline and out of your email.
http://lifehacker.com/5960080/how-cia-director-david-petraeus-was-traced-through-email-and-how-to-keep-it-from-happening-to-you?popular=true
Late last week, CIA director David Petraeus stepped down from his position after How the Affair Was Revealed by Tracing through Gmail
As you'd expect, the timeline of the affair itself is terribly complicated, and to understand the email trace that lead to the outing of the relationship, we do need to vaguely understand what happened with the affair. Here's a very brief summation of the events.According to the Wall Street Journal, the original red flag that caught the FBI's ear was a series of anonymous, threatening emails sent to Jill Kelley, a Florida woman who organized military social events. The FBI then traced those threatening emails to their origin—probably with an IP address given up by Google—to Paula Broadwell. The FBI then got a warrant to monitor those email addresses, and eventually stumbled upon another email account where Petraeus and Broadwell left drafts of messages for each other:
Rather than transmitting emails to the other's inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic "dropbox," the official said. Then the other person could log onto the same account and read the draft emails there. This avoids creating an email trail that is easier to trace.Unfortunately for them, when the IP address that logs into the account with the drafts is always the same, it can be traced back to a source. Essentially, Petraeus and Broadwell's affair was outed because Broadwell sent threatening messages over an easily traceable Gmail account to someone, and then used another Gmail account to communicate with Petraeus.
How to Keep You Own Email Private and Untraceable
This whole thing happened because everything we do online is linked in some way. An email address is attached to an IP address and that same IP address is attached to another email. You can use these techniques to keep any conversation you want private. We're not teaching you how to have an affair, but rather the security holes that might make anything you think is private suddenly public. So, what can you do to make your email untraceable? You have a few different options.
Hide Your IP Address
The core of this scandal was revealed because the FBI could easily trace the IP address of Broadwell's emails and then link them to her personal account by checking that data against other IP addresses. So, the logical step here is to hide your IP address, and for that we like the incredibly secure combination of VPN service Hamachi and the web proxy Privoxy. If you don't need that level of security, a VPN alone will do the trick, just make sure your VPN provider won't give up your IP address as easily as Google will. You will have to use the VPN every time you log in to your email for this to work—multiple instances from your home IP address will eventually lead someone directly to you.Use Disposable Email Addresses on Both Ends of the Conversation
Broadwell got herself in trouble because she was using multiple Gmail accounts to do multiple things. In one account she and Petraeus were leaving drafts of emails for each other so they weren't easily traceable (an old terrorist trick). On another, she was sending harassing messages to a woman in Florida. Both accounts were linked together through an IP address. The easy solution here is to not send all those messages through the same email provider. It's unlikely Petraeus and Broadwell's affair would have come to light if she'd simply used another provider. Still, a better solution is to use disposable email addresses that self destruct after they're read. It's not perfect from a privacy angle, but it would have likely worked in this particular case.Keep All Your Private Stuff Offline
As we've pointed out before, the only real way to keep private information entirely private is to hand over that information in person. Email, even when it's encrypted or hides an IP address, can always be photographed and saved for later. If they can see it, they can copy it. If you really need to send those private messages, Gizmodo recommends you at least stick with text messages.We've shown you plenty of ways to keep your browsing anonymous before, and most of those same tricks work here if you're using a webmail client. Even still, the only surefire way to evade a FBI trace is to keep your private data offline and out of your email.
http://lifehacker.com/5960080/how-cia-director-david-petraeus-was-traced-through-email-and-how-to-keep-it-from-happening-to-you?popular=true
No comments:
Post a Comment