
Why David Petraeus’s Gmail account is a national security issue - steve8918
http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/10/why-david-petraeuss-gmail-account-is-a-national-security-issue/
======
danso
Well, Petraeus gets a +1 for not using his official e-mail account, or an old
DoD account for this. In fact, it's kind of pleasantly surprising that he used
GMail over...say, an aol.com address.

In fact, it seems that for any given government official who wants to conduct
risky non-official business, using something like GMail would actually be the
more secure route, if you were trying to keep secrets from both your employer
(which includes the public and public record requests) AND from the usual
enemies of the state.

If both Petraeus and Broadwell had used GMail accounts _not_ associated with
their names, such Dave501010@gmail.com and PaulSmith900@gmail.com, how likely
is it that anyone would discover their shenanigans? For an enemy of the state
to find out, it would have to compromise both GMail _and_ somehow connect
Dave501010@gmail.com with David Petraeus. Sure, it's security through
obscurity, but we're talking a nearly unsurmountable amount of obscurity.

Of course, once they start forwarding emails from their private account to
their publicly known addresses, then the game is riskier. There's also the
problem of keeping the ruse without making an AutoComplete mistake, such as
sending a message from petraeus@cia.gov to PaulSmith900@gmail.com without
realizing he's logged in as petraeus@cia.gov.

~~~
paganel
> If both Petraeus and Broadwell had used GMail accounts not associated with
> their names, such Dave501010@gmail.com and PaulSmith900@gmail.com, how
> likely is it that anyone would discover their shenanigans?

I'd argue that every security agency worth its salt is also keeping a close
watch on its bosses (especially on its bosses) so that let's say if Petraeus
had logged in with joe.doe@gmail.com his communications being intercepted
someone would have noticed. As a non-American, I'm not exactly sure what's for
example the relation between the NSA and CIA, but I guess it's somehow telling
that the whole thing seems to have been driven by the FBI

~~~
danso
According to the NYT, the revelation was due to the emails being forwarded
from Broadwell. So as almost always is the case in real life, it seems the
security breach was through a social lapse, not through a technical obstacle.
And it was not movie-like/CSI-level sleuthing, but just an accident, that the
authorities found out

<http://nyti.ms/RLx6QT>

> _WASHINGTON — The F.B.I. investigation that led to the resignation of David
> H. Petraeus as C.I.A. director on Friday began with a complaint several
> months ago about “harassing” e-mails sent by Paula Broadwell, Mr. Petraeus’s
> biographer, to an unidentified third person, a government official briefed
> on the case said Saturday._

------
staunch
If I was a foreign government I'd have multiple spies working inside Google by
now.

~~~
thechut
I'm sure the US government DOES have spies working inside Google as we speak

~~~
jballanc
I'm sure the US doesn't need to bother wasting the resources required to train
and embed a spy when a lawyer with a subpoena will do...

~~~
alexgartrell
I know that this is a pot shot against the American legal system (especially
with regard to copyright stuff), but it really makes no sense. A spy would
likely be no more expensive than a legal team (in fact, he'd be subsidized by
his salary at Google) and would be monumentally more effective and secretive.

Beyond that, the hard part of training a spy to get into Google would be
getting a good enough computer science student involved. From there, it's
really just a matter of teaching them to cover their tracks semi-
intelligently. However, given what I'm sure is a mountain of completely
legitimate reasons to look at user data (for example, to resolve data
corruption, investigate malicious users, etc.) and an inconceivably larger
mountain of user data to look at, I don't actually think it'd be that hard to
get away with it.

~~~
neurotech1
A surprisingly few people at Google have the authorized access to read a users
GMail mailbox. It would mainly be the GMail Site Reliability Engineers, and
support teams. The developers usually don't access to peoples inboxes.

Any support/SRE/developer access to a users' GMail mailbox would be logged and
if they exceeded their authorized access by such as accessing a "public"
persons email, They'd be fired pretty quickly.

~~~
alexgartrell
I'm sure the auditing and control is more than enough to stop your average
creeper employee from reading normal people's inboxes, but I very much doubt
that it's enough to stop a very smart, very determined spy from doing the
same. At the end of the day, _someone_ has root, and that guy can do pretty
much anything.

I'm confident that Google is doing a better job than pretty much anyone else,
but this problem is a more or less unsolvable one.

Edited to add that another interesting idea is that the people who man the
DC's are actually pretty sparse (relatively few people for a lot of servers)
so it's not inconceivable that one could trigger a failure on an important
box, take down a replica of the figure's mailbox, swap out the drive for RMA
and then do a quick copy. I bet this would be easy.

I guess my point is that no level of internal controls at any company can
_actually_ stop a determined government. If that were true, governments, which
are much more paranoid than tech companies, would have eradicated spying a
long time ago.

~~~
Athas
> At the end of the day, someone has root, and that guy can do pretty much
> anything.

I do not disagree with your overall assessment, but this is not strictly true.
Most good real-world security schemes don't follow the 'root is God'-model of
Unix, and for good reason. It's perfectly possible to design a system where
each operation performed by a "superuser" must be validated, or at least
logged.

~~~
walshemj
But does Google follow best practice or did they invent their own half-assed
method - the evidence from the way the Chinese hacked them is the latter.

If Google were serious they should have brought out Bruces company Counterpane
and put him in charge of security.

~~~
gizmo686
Do you have details of China's hack that show Google as being stupid in
security, or does being compromised by a nation famous for hacking prove
incompetence. Seriously, with the amount of value stored inside Google's
computers, it seems like they are doing a pretty good job with their security
systems.

~~~
walshemj
Well not properly securing the system the us law enforcement used to legaly
get info from google - that should have been locked down properly with
hardware cypto gear so that it could only talk one way to approved system in
the FBI or better still via an air gap.

Its blindingly obvious to any one with even a basic knowledge of computer
security best practice.

~~~
gizmo686
Can you be more specific. From your post I am assuming that China hacked into
Google by using a direct line the FBI has into Google's servers. Even assuming
such a link exists (which I do not), 'hardware crypto gear' is still a far way
away from a complete secure system. And it seems like an air gap would also
inhibit the intended functionality of the system.

Security is hard, and it is even harder when any device on the internet is
intended to be able to work with the system, and it is even harder when you
operate one of the most valuable networks in the world.

~~~
walshemj
They spearfished a pc apparently.

And systems used by your TLA's to handle law enforcement access are not
available to "any device on the internet"

As I said they should be set up to only talk over a private circuit to one
other end point and also have proper hardware crypto gear that is external to
the systems.

separating the extraction of data and applying the decoding probably should
have been done on separate systems.

------
dror
There's a log of bogus assumptions in these articles, and he got caught
because she was investigated, not him.

If he used a gmail account _and_ used a separate device such as a private
smart phone or tablet to access that account there would have been zero
vulnerability, other than the fact that he could have been blackmailed. Gmail
is pretty hard to hack into, the IP address of the device probably wouldn't
tell anyone anything about where he is, since it's a private IP on the telco
(can you tell a person's location from the IP on the telco?), and there
wouldn't be any way to get to any of his secure accounts or make a mistake of
using the wrong email account.

~~~
patrickgzill
Telco's log everything! So it would not have been difficult, if you could
connect the phone number to him, to track everything else.

------
rpm4321
Who knows if it's accurate, but Buzzfeed is reporting that it may have been
Anonymous as part of its Stratfor attack:

[http://www.buzzfeed.com/zekejmiller/anonymous-may-have-
hacke...](http://www.buzzfeed.com/zekejmiller/anonymous-may-have-hacked-
petraeus-mistress)

~~~
kinble32
I doubt it.

~~~
Zigurd
The news story there claims the first step in this scandal was that Paula
Broadwell's yahoo account was compromised. That's not too hard if you can
guess her password hints.

The next step, it seems, was sending some trolling emails. That requires
acquiring or just guessing some email addresses. The people who got the
trolling emails set the discovery of the affair in motion. Well played. But
did not require a 133t hAx0r.

------
kposehn
The most likely explanation is that she accessed his smartphone or computer
when he was not looking.

------
ricardobeat
He wasn't even using two-factor authentication?

~~~
eigenvector
How would two-factor authentication stop the FBI from lawfully demanding your
email from Google?

~~~
ricardobeat
His mistress accessed his e-mail first, not the FBI.

~~~
cbsmith
Actually, sounds like all they had to go on was she got certain e-mail
addresses. Seems kind of thin really.

------
mynameishere
Petraeus's personal email should be no more sensitive than the mailbox outside
his house, which any junkie could "hack". If he put classified information on
google's servers, that's a whole different problem. This is a non-issue and a
distraction from the real reason why he was forced out.

~~~
pemulis
That depends on what he used the e-mail address for. If it was strictly for
romantic liaisons, it's no big deal. But if he used it for any other purpose
(talking with his lawyer, chatting with senators, etc.), it would be a hell of
a platform for social engineering attacks. In that scenario, the information
in Petraeus' personal inbox is beside the point[1]; you can use the trusted
address to get your hooks into something more interesting.

[1] Ignoring the blackmail value of the affair.

------
mayneack
Sounds like Janet Napolitano has the right idea.

[http://techdailydose.nationaljournal.com/2012/09/napolitano-...](http://techdailydose.nationaljournal.com/2012/09/napolitano-
i-dont-use-email-at.php)

------
fleitz
Yes, in the hands of voters that kind of information could ruin an
administration. He should definitely be fired lest the public find out what
the CIA is upto.

------
ChristianMarks
Obviously Google should delete David Petraeus's account immediately. National
security is at stake!

;)

