Email Security At Risk: Lessons Learnt From Petraeus Breach

In the online world, a trail of breadcrumbs always leads back to the source. This is what CIA director David Petraeus found out the hard way, as his affair

with his biographer, Paula Broadwell, was exposed when investigators traced a trail of emails back to his personal Gmail account. We look at how these

“digital breadcrumbs” were dropped, and what precautions you could take to prevent it happening to you!









1) Encrypt Everything!









PGP is a strong encryption technique that requires the recipient to use a “private key” to decrypt any file, encrypted with a “public key”. OpenPGP is the

open-source implementation of PGP, which is available through software and plug-ins. For example, Enigmail is an extension to Mozilla Thunderbird and

Seamonkey that encrypts emails using the OpenPGP standard. Another great tool for Windows users is Gpg4win, which provides a plethora of plugins for

encrypting files in Windows systems, including a context menu option to encrypt and archive files, as well as an Outlook mail client extension to encrypt

emails. Petraeus and Broadwell used a clever trick to exchange messages by saving them as drafts in his Gmail account, thinking they could not be

retrieved. Instead of storing them as plain text, if they had encrypted the mail text using PGP, it would have been very difficult to decipher the

messages. Even if the data is compromised from the server of the email service provider, the personal encryption used will prevent the sensitive

information from being interpreted.













2) Keep Your Data Locally









Whatever precautions you take in erasing your digital footprint while sending emails, the fact is the data is still stored on the servers of the email

service provider.As a precaution, multiple copies of each email are also stored on backup servers across various geographical locations. If authorities are

provided a warrant to retrieve your account's details, there's little the providers can do to protect you. However, many providers such as Gmail allow you

to use “POP/IMAP” to forward your mails to other accounts of yours and delete the message from the server in the process. If you use a local mail client

such as Microsoft Outlook and do this, the mails will be stored locally, and you will only need to worry about protecting your own PC, rather than worrying

about your mails on the server.





3) Hiding Your IP Address









Every email is tagged with an origin IP address, which can be tracked to the location where the email was sent from. In the Petraeus affair, the lady

involved with the CIA director thought she was being clever by sending the mail from various geographic locations. However, the IP address clearly being

shown made it easy to track down the locations and find the single constant in them. You can use redirection to disguise your true IP address, by using

something called web proxies. These web proxies basically serve as “middlemen”, taking a HTTP request from your browser, getting the result from the actual

target server and delivering the content back to your system. Using multiple proxies to make a request can completely mask the true source, making it

extremely difficult to find the actual origin of the request. This may seem like a tactic for the more “security-obsessed” email users, but it's a play

straight from the hacker's handbook, so it is extremely effective.









Is It Ever Safe Enough?









Although the precautions listed above can help protect your sensitive data better, there is no foolproof way to completely erase your digital footprint on

the internet. Generally, the amount of encryption and security offered by service providers is more than enough for most of us. If such high levels of

encryption are really necessary, it may have negative connotations for the kind of data you are exchanging online! The best precaution of all would be to

circumvent storage of any sensitive personal information online in the first place, which Petraeus learnt the hard way.