Tech Talker delves into how the government stumbled upon incriminating emails that led to the resignation of CIA Director David Petraeus .What did he and Paula Broadwell do wrong and how can you learn from their mistakes? Click to find out.
On November 9th, 2012 General David Petraeus stepped down as the director of the CIA when it was discovered that he was having an affair with a woman named Paula Broadwell. Now, I don’t generally find much interest in these political messes, but this one stuck out to me because of the role technology played in Petraeus’ resignation. In this week’s episode we will be discussing just what happened and how you can be smarter than Petraeus in keeping your life private online.>
What Happened in the David Petraeus Scandal?
So here’s a quick summary of the situation: Paula Broadwell was Petraeus’ biographer and somewhere along the line their professional relationship developed into a romantic one. To keep this relationship hidden, they decided to create an email account that the two would share. Instead of sending each other emails like normal, they would save the emails as drafts in this account so that they were never sent anywhere. This is called a dead drop, and is a fairly well known tactic to maintain privacy. It seemed to be working fine…until a woman named Jill Kelley entered the picture.
Paula Broadwell had sent Jill some threatening emails and Jill asked a friend of hers if he could look into it. Her friend was an FBI agent and began investigating the matter. He started monitoring the IP addresses from the email address Paula was using to send threatening emails to Jill.
Quick Tip: An IP address is the address your computer uses to send and receive information.
See also: How to Maintain Your Privacy on the Web
The FBI got a warrant to monitor the email and IP address that Paula was using and traced it back to its origin. From there, they noticed that the same IP address that was sending the threatening emails was also using another email account. When the FBI began looking through this email account, they found the email drafts and discovered that the woman who was sending the threatening emails was also having an affair with the director of the CIA, David Petraeus. Once everything came to be public knowledge, Petraeus felt it would be best if he stepped down, and that’s where we are.
How to Keep Information Private on the Web
So what went “wrong” here? Well, I’m not going to go into the morality of the situation, so let’s just look at the logistics of keeping personal information private on the web.
First off, it’s important to remember that nothing is ever 100% secure on the web. Ever!
Even if all of the tips I’ll share with you today are followed to the letter, there is always a chance something can go awry and your private information can leak to the outside world. That’s the nature of the internet beast. However, you can still take precautions with your personal info.
To send information secretly, the first things you need to secure are how you will transmit your information and how you will disguise your IP address. The big problem in the Petraeus scandal is the fact that Paula used her actual IP address to log into both email accounts, the active one she used to send Jill emails and the secret one she used to correspond with Petraeus. That’s what led authorities back to her.
The second problem is that Paula and Petraeus were using plain text in their emails – it wasn’t scrambled or encrypted at all! So when authorities gained access to her email account, they could read everything in their conversations easily.
The last problem is that they used Gmail as their email provider, which keeps logs of user activity (such as IP addresses).
Now let’s go over how each of these three weaknesses could be fixed!
1) Hide your IP address. The best way to hide your IP address is to use a program such as Tor. Tor is a free program that ammonizes your IP address for free. It’s used all around the world especially in countries that try to sensor internet content. This program can run on all of the major operating systems, but is pretty slow for anything other than general web browsing or emailing. If you want to know more about Tor, be sure to check out techtalker.quickanddirtytips.com later this week for a more in-depth look at Tor.
If Paula used Tor, it is pretty unlikely that the FBI would have been able to trace the IP address back to her.
2) Avoid using plain text in sensitive emails. This can be done with a service such as Encipher.it. TrueCrypt (which I mentioned in my episode on encryption) to scramble your text files and pictures and then send the encrypted file as an attachment. That way, if the email is intercepted, a password would be needed to open the encrypted file. This service encrypts your plain text with a password. This way, anyone can see the scrambled text of your emails, but they would need the password to see what it actually said! You could also use a program called
If Paula used Encipher.it or TrueCrypt to protect her messages, the FBI would not have been able to read her emails without hacking her password.
3) Don’t use a well-known email service. Once the FBI knew that the threatening emails were coming from a Gmail account, they simply subpoenad Google for records regarding that email address and any other information related to it. The way around this would be to use temporary email addresses such as 10minutemail.com, or hushmail.com which expire after a certain time. These anonymous and disposable email addresses would make it next to impossible for anyone to trace back one email, let alone a complete conversation.
Well, that’s it for today! Be sure to check out all my earlier episodes at techtalker.quickanddirtytips.com. And if you have further questions about this podcast or want to make a suggestion for a future episode, post your comments on the Tech Talker Facebook page.
Until next time, I’m the Tech Talker, keeping technology simple!
Image courtesy of Shutterstock