Email lessons from Gen. Petraeus' downfall
It may be easier than you think to trace emails, so be mindful of what you're sending
Computerworld - Email is at the center of the scandal that brought down CIA Director David Petraeus, one of the country's most decorated generals.
The incident, which has shined a spotlight on cyber harassment, online privacy and digital forensics, has left a lot of people wondering if the head of the country's intelligence community and his girlfriend, a former counterintelligence officer, can't keep their emails private, do most of us even stand a shot?
"The best way to protect yourself is to simply realize that privacy doesn't necessarily exist in the electronic world," said Dan Ring, a spokesman for the security company Sophos. "Simply put, if you don't want it out there in the world, don't put it in the electronic world."
Petraeus, who took over as head of the Central Intelligence Agency (CIA) just 14 months ago, announced his resignation last Friday, putting the blame on an extra-marital affair.
The affair, which reportedly was with Petraeus' biographer and Army reservist Paula Broadwell, came to light at the hands of an FBI investigation that had originally focused on a potential cybercrime.
This past summer, Jill Kelley, a fundraiser for the U.S. military, is reported to have told a friend in the FBI that she'd received five to 10 anonymous harassing emails. The FBI began to investigate.
What they found was a trail of emails between two people -- Petraeus and Broadwell -- who were trying to hide an affair.
Using a pseudonym, Petraeus had reportedly set up various email accounts, including Gmail accounts, that he used to send Broadwell messages. One email account was actually a shared account, created so they could leave each other draft messages.
The idea was that if they left unsent emails in a draft folder, which is known as an electronic drop box, they wouldn't leave a trail and would then be more difficult for anyone to find or trace.
The FBI tracked all of this down when they began investigating the harassing emails being sent to Kelley.
Using metadata footprints left by the emails to determine where the emails had been sent from, investigators traced the emails to an account that Broadwell shared with her husband, the Wall Street Journal reported. They used that information to get a warrant to monitor her email accounts.
Then the rest began to fall into place.
"If you're just a normal person sending email, then it's pretty easy to trace," said Keith Jones, a computer forensic investigator and co-owner of Jones Dykstra & Associates. "Every server [an email] hits going to its destination puts a little identifying line in there... It's like a chain of custody, showing who had the email when."
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts