The Petraeus principle: There is (almost) no email anonymity
It’s now common knowledge that email records helped bring down former Gen. David H. Petraeus, forcing him to resign as the director of the CIA when it was revealed that he was having an affair with his biographer, which is something that could potentially compromise agency security.
Ironically, the FBI wasn’t even looking for evidence of an affair, or even investigating Petraeus directly. But anyone trying to maintain anonymity online these days is facing an uphill battle.
Government employees may want to maintain an anonymous identity away from their work persona for legitimate reasons. Just commenting on a news article they feel strongly about, or supporting a political candidate, or sending a letter to the editor can spell trouble in certain jobs. By examining how digital forensics was used in this case, users can learn how to protect themselves online.
The two people in the current scandal did a lot of things “right,” at least in terms of protecting their privacy. For one, they didn’t actually send very many emails. Instead they used a technique favored by terrorists planning attacks and teen lovers trying not to get caught. They shared an email account where each person knew the password and login information. Instead of actually sending an email, they would write it and then save it in a draft folder. Then the other person would log on, read the email in the draft folder and either delete it or add to it. The TV show Frontline reported how terrorists were using this technique as early as 2005. In the terrorists’ case, they set up as many as 30 email accounts and then changed accounts on a regular basis, never going back to an old one.
The “save as draft” option of communicating works fairly well for secrecy, because emails are never actually sent. When emails are sent, location-based information is added to the header to help route it through the Internet. Some services such as Google’s Gmail also include the IP address of the sending computer, while others, such as Yahoo Mail, only include the IP address of the routers it went through to get to a target. But in every case, the email headers provide a wealth of information for potential investigations.
The secret communication became public when Paula Broadwell, the other person involved in the affair, allegedly sent threatening emails to a woman she apparently believed was getting to close to the general. That woman talked to a friend in the FBI and got an investigation started.
Broadwell obviously couldn’t use the “save as draft” option to send out those emails because the recipient wasn’t going to log into the account. Instead she allegedly created a new Gmail account using fake credentials, a really easy thing to accomplish, and sent the emails that way.
But Google and Yahoo both happily provide info about their users to investigators when asked, even without a court order. Google’s transparency report says that there were 7,969 requests from the U.S. government for information about users over a six month period in 2011, and that 90 percent of those requests were honored. Interestingly, Google gives up info about its users to governments of other countries as well, according to the report.
Once the FBI had the information about the fake account, it just took a little old-fashioned police work to find their suspect. Remember that location data put into emails? Agents found that a lot of emails had been sent from different hotels. So the FBI got a list of all the guests staying at various hotels when the messages were sent. And Broadwell’s name came up at all of them, probably the only person to do so, making her the primary suspect.
Once the FBI started monitoring Broadwell’s email communications, she allegedly made other mistakes, including logging into her personal Gmail account during the same Internet session as the fake one, plus the one she was sharing with the general. Not only did that further tie her to the emails the FBI was investigating, but it led them to the “save as draft” folder that was so cleverly hidden.
The precautions Petraeus and Broadwell took to keep their communications private obviously weren’t enough -- on the Internet, there is probably no sure-fire way to stay secret once investigators start looking. But people with legitimate reasons to protect their identity, can take a few steps toward protecting their privacy.
Besides the obvious advice of not sending harassing emails to anyone, ever, a remailer could have been employed. There are two kinds. The first takes email and strips all the header information out of it before sending it to its destination. The second allows users to type a message that is sent out without any extra info, such as the W3 Anonymous remailer. No IP information is kept, so governments can’t subpoena it. There is nothing there.
The only other tips would be to never log into a fake email account at the same time as using an account that is tied directly to you. And don’t log into a fake account from a hotel room or your house. Try a library or a public kiosk instead -- anywhere that doesn’t require identifying info, even indirectly, as with a credit card. Wireless hotspots work fine if users remember to scrub temporary files from their mobile devices once finished. And it’s probably a good idea to avoid using the same place more than once.
Again, the best advice is not to do anything nefarious in the first place. But people who need to maintain some level of anonymity online must always be vigilant. You have to do things right every single time to protect your privacy. The people investigating you only have to be right once.