Email lessons from Gen. Petraeus' downfall

[GURPS (Premo)]

Email lessons from Gen. Petraeus' downfall

It may be easier than you think to trace emails, so be mindful of what you're sending

Computerworld - Email is at the center of the scandal that brought down CIA Director David Petraeus, one of the country's most decorated generals.

The incident, which has shined a spotlight on cyber harassment, online privacy and digital forensics, has left a lot of people wondering if the head of the country's intelligence community and his girlfriend, a former counterintelligence officer, can't keep their emails private, do most of us even stand a shot?

"The best way to protect yourself is to simply realize that privacy doesn't necessarily exist in the electronic world," said Dan Ring, a spokesman for the security company Sophos. "Simply put, if you don't want it out there in the world, don't put it in the electronic world."

Petraeus, who took over as head of the Central Intelligence Agency (CIA) just 14 months ago, announced his resignation last Friday, putting the blame on an extra-marital affair.

[GWguy]

What's interesting is how they tried to circumvent the system. Normally, emails are scanned as they pass from server to server, unencrypted, over the Internet, between email accounts.

They created an email account, wrote an email, but did not send it. Instead, it was saved as a draft. If you're using a client email program like Outlook, ThunderBird, etc... the text never leaves the local computer, is never transmitted over the Internet as an email. The password for the account is shared, so either of them could log in and view the draft email, again without ever sending it. A "reply" is created and left in the Drafts folder for the other person.

The only time the actual text is sent over the Internet is as they are viewing the draft. They assumed because it was not 'an email' sent, but only text broken up into tiny fragments as it passed in packets over the Internet that no one would ever be able to scan it.

And this is probably true. The only time these communications were found was after the discovery of the email account, and seeing the draft folders therein.

You'd think that the person responsible for security would at least encrypt private messages....

[czygvtwkr]

I think I heard about this on NCIS or CSI.....about 14 months ago lol

[GURPS (Premo)]

Quote:

Originally Posted by GWguy

You'd think that the person responsible for security would at least encrypt private messages....

you would think they would be using HTTPS at least encrypts the info flowing back and forth after log in .......

this:

http://users.telenet.be/d.rijmenants/en/enigmasim.htm

would have kept casual viewers from reading the kinky emails .....

[glhs837]

None of this would even be a question if she had practiced proper security procedure for this type of setup. The saved drafts method would have kept things out of sight, but his mistress sent the threatening emails from that account.

So, the govt didnt scan gmail until it found the account, the address was handed to them as part of an investigation.