
E-Mail Leaves an Evidence Trail - wardn
https://www.schneier.com/blog/archives/2018/02/e-mail_leaves_a.html
======
tlb
Not to defend the intelligence of crooks, but...

Although you can convert a PDF to Word and back in a few clicks, the layout
won't match perfectly (depending on how the PDF was generated). If you're
trying to forge a PDF document, you want it to look exactly the same as the
original, which probably requires some fiddling with formatting. So it's not
unreasonable to delegate that to a trusted henchman.

~~~
ocdtrekkie
The correct solution is to use a paid version of Adobe Acrobat, which will let
you do minor revisions to text. Bet he's wishing he shelled out that $150 or
so now.

~~~
bambax
Many software packages let you edit PDFs directly without ever converting it
out of PDF; uncompressed PDFs can even be edited as text (and if there's no
encryption, decompressing a compressed PDF is a simple task).

But usually if you want complete control, without weird artifacts here and
there, the easiest way is to completely recreate the document from scratch
(depending on length and complexity of the original).

The people you're sending the doctored version to, by definition don't have
access to the original (or they would spot the fake), and usually can't
compare the doctored version to a similar original document, and even if they
could, probably won't.

They want a document; you give them something that sort of looks like what
they're expecting, and they're happy.

------
bringtheaction
> The FBI is 100% wrong that they're going dark; it's really the golden age of
> surveillance, and the FBI's panic is really just its own lack of technical
> sophistication.

Does it even have to be lack of technical sophistication?

No matter how good the FBI is at doing its job it will almost always be better
for it to argue in favor of whatever will make its job easier.

Exception: If FBI ends up giving everyone the impression that they are truly
incompetent then there should be no reason for the public to want tax payer
money to fund its continued operation.

------
gagabity
That's why a lot of people at the top avoid email completely, not only is it
an evidence trail it can be open to interpretation later on.

Remember reading that bank CEOs use email very sparingly, all the details are
worked out in person, Trump also doesn't use email.

~~~
anonbanker
Keep your email entirely in a jurisdiction that doesn't cooperate with your
country's law enforcement. I can think of three off the top of my head.
Sensitive topics are only discussed with someone located in the same domain as
you.

Quite easy to avoid criminal charges when your email is out of reach of a
subpoena.

~~~
zaphar
In practical terms it is impossible to keep your email in a particular
jurisdiction. The proposal gives you no way to ensure it. And any steps you
might take only serve to reduce everything that makes email useful.

You are safer just not using it and will probably have a better user
experience as well.

------
auntienomen
Remarkably, it was less than 30 minutes before some troll posted a comment on
Schneier's post, trying to change the topic from Paul Manafort by ranting
about Hillary Clinton's irrelevant misdeeds.

~~~
slashink
I also found this very weird.

Correct me if i'm wrong but while this blog seems creditable and by a good
author it isn't "huge" in any sense which makes it even more confusing that
someone shows up that fast to comment on topics relating to Manafort and
Gates.

Comment is deleted now sadly but it basically stated that "the US needs to
investigate HILLARIOUS CLINTON" etc etc, completely unrelated to the content
of the article.

~~~
IncRnd
Schneier's blog is a regularly visited blog for many in the security space.
With HN linking to a page on this blog, it's very possibl that page will have
uncorrelated comments that are not security related.

~~~
bsder
And given the prevalence of Russians associated with the government in the
security space (to be fair--a lot of security people are associated with their
own governments), I suspect that it has a tight feedback loop with the troll
factories.

------
downandout
While the email exchange certainly didn’t help things, the feds could have
easily uncovered this anyway by looking at the data given to the bank and
comparing it to his actual income. It’s possible that they only discovered
this because of the emails, but whether or not that happened isn’t clear.

My guess is that issuing subpoenas for loan application data of a given target
is standard practice among federal prosecutors when looking to destroy or
pressure someone in cases where there is little evidence of the crime that
actually sparked the investigation. They fire a shotgun and watch to see which
pellets hit. Income inflation is one of the most common types of fraud
perpetrated by consumers - even innocently overstating one’s income by
rounding up ($100k stated vs $95k actual) on an online credit card application
can technically lead to felony charges like this. So it’s at least possible
that they discovered the crime at issue here through subpoenaed loan
documents, and the emails only provided additional evidence. Once you’re on
the government’s shit list, it’s only a matter of time before they find
_something_ that you may not even know you did that is technically a crime.

~~~
x0x0
I dunno, I think conflating adding a _minor_ $3.5m to your income and rounding
$95k up to $100k is silly. And lying about your income by $3.5m or so is not a
minor detail, that's serious fraud substantiated by forged documents.

~~~
jopsen
indeed the emails shows deliberate intent to commit fraud.

Not just common stupidity which seems to otherwise be the best and most
effective defense for members of the current administration.

------
mirimir
Well, sure. And so do fraudulent loan applications. But unlike them, email can
be secured. IP addresses can be hidden using VPNs plus Tor. Identities can be
hidden with unlinked personas. Messages can be encrypted in transit, and
stored on encrypted disks.

So yeah, focusing on the email trail is silly. When the fact of the fraud is
sitting in banking records. And furthermore, having a conspirator who knows
the whole story is a huge fail.

------
vengefulduck
Alternative link if the site is still down:

[https://web.archive.org/web/20180226230019/https://www.schne...](https://web.archive.org/web/20180226230019/https://www.schneier.com/blog/archives/2018/02/e-mail_leaves_a.html)

------
ams6110
Um, duh?

Who would think at this point in history, with all the very public data leaks
and hacks, that email does not leave an evidence trail?

~~~
askvictor
Evidently, a lot of people. Powerful people.

~~~
s73v3r_
So why are we trying to tell them this? Isn't it in our best interest for them
to remain stupid about it, so we can bust them when wrongdoing happens?

~~~
3pt14159
The measures you need to take to actually be secure are impossible for the
powerful to take on their own volition because they do not understand how
insecure everything really is. They'll take shortcuts.

Clinton wanted a Blackberry so she set up a email server in her garage. She
didn't understand why the NSA didn't want to make her a Blackberry like they
made for POTUS at great cost so she broke the rules and she got nailed. A shit
ton of work goes into just keeping one person (mostly) cyber secure.

~~~
IncRnd
Ascribing any intelligence to Clinton would mean that she setup that server
for other reasons, not in order to use a Blackberry.

------
AnnoyingSwede
Be glad the current administration don't know technology better, as this
undoubtedly will be a main part of their downfall.

I am sure that not only emailing that file back and forward would have been
sufficient to prove anything if the email-trails were deleted, however i
suspect these emails were all still in Paul's inbox when the fed's ceased his
computers.

So when does Trumps impeachment start? Need to get my popcorns ready.

