Hacker News new | comments | show | ask | jobs | submit login
What Petraeus and Broadwell could have used instead of Gmail (washingtonpost.com)
28 points by Libertatea on Nov 13, 2012 | hide | past | web | favorite | 52 comments

There are plenty of secure email applications, but Petraeus couldn't use any of them.

In other words, Petraeus could not be seen using those applications. Official secure email goes through official secure channels. Personal email went to through gmail / yahoo / etc.

If someone had found out Petraeus was using a different email app (and I'm sure they would have), it would have immediately raised suspicions as to why the Director of the CIA was using a secure email app that wasn't the gov's official secure email app.

I think the safest thing for Petraeus would have been to only send short coded messages via gmail (e.g. "talk at 10 pm" but replace that text with code words) and then to conduct most of the communication infrequently and in person.

But, clearly, Petraeus wasn't thinking clearly ...

This is exactly it. For Petraeus, even a secure, encrypted email solution wouldn't have solved the problem. Because he would have been seen to have been using it. Even something that encrypted the emails in-transit would have been a problem, because then the FBI still would have discovered a large number of emails b/w him and the mistress. Even if she was a biographer of his, the volume of email (and timestamps) would probably have been a good clue that there was something else going on.

It goes to show how irrational we can all be.

Clearly, Petraeus is a very smart guy, and has accomplished many great things for himself and for his country.

When this started, he probably said to himself "it's just a one time thing ...," but inevitably, it escalated, and he slid down the slippery slope of bad decisions.

Frankly, their solution was good enough and could have escaped detection indefinitely, if only they had stuck through with the discipline required. It was an emotional, not a technical failure that exposed the whole thing.

Ironically, it was the same technique pioneered by "terrorists",

"An even more secure method of communication is that which involves using one-time anonymous public email accounts; two terrorists who wish to communicate to open 30 anonymous email accounts whose usernames and passwords are known by each side. To communicate, one terrorist creates a web-based email and instead of sending it, saves it as a draft online. The “recipient” then logs onto this account, reads this message and deletes. - http://en.wikipedia.org/wiki/Internet_and_terrorism#Communic...

Yeah, it's kind of funny that the article concludes at the end that despite all the things that they "could have used instead of gmail" it wouldn't have mattered.

So... basically the article was a waste of time, proposing a technical solution for a social problem.

It's funny how almost anything that Petraeus could have done to keep this under wraps would have made it look like he was actually committing high treason and supplying national secrets to unknown foreign nationals.

Encrypted code words to burner phones, encrypted emails to unknown recipients, using non-standard apps, using non-standard phones, using multiple phones/laptops/internet connections - almost any type of non-standard communication would've looked like he was committing high treason.

Affairs are like that, huh?

What I don't understand is all the attention to technical risks of exposure. Ultimately his physical activities would surely have raised suspicion anyway? I find it hard to believe that the CIA and FBI rely solely on intercepting electronic communications to catch spies.

Intelligence officers sometimes have clandestine meetings, even in DC. Sec. Gates had at least one such meeting with then President-Elect Obama, before it was decided he would remain SecDef in the Obama administration.

As for FBI and CIA catching spies, I point to Robert Hanssen, who was brought down by his own arrogance. As ironic as it sounds, he was brought down by a system he devised while working counter-intelligence at the FBI. Hanssen came up with a system for ranking foreign operatives by what they have access to, not by their rank. When they were searching for the KGB mole, they checked who could have accessed the compromised reports. In some cases it was actually a small number of people had the access, including Hanssen.

The best thing Petraeus and Broadwell could have done was to either split up with their respective spouses and join each other openly or to forget about the whole thing.

I realize that HN is not the place to go if you're looking for people who can give good relationship advice, but an affair that comes about due to genuine mutual interest and is the seed for a strong, lasting relationship is pretty much non-existent outside of fiction. Either the original marriages were open to begin with, or there are other problems, either with the individuals involved or with the marriages themselves.

This is one of the more interesting things I've read inspired by the scandal: http://www.outsidethebeltway.com/reconsidering-the-petraeus-...

> an affair that comes about due to genuine mutual interest and is the seed for a strong, lasting relationship is pretty much non-existent outside of fiction

What are you basing this on?

Gut, mostly. I haven't seen an effective study on the matter, so there isn't much else to go on. The terms I'm using are also badly operationalized.

Substantially, all I'm saying is that affairs don't work like your standard relationship: they're always contextualized by the existing relationships.

It reminds me of Louis CK's observation that "no good marriages end in divorce"

Bob Hawke had an affair with his biographer while he was Prime Minister of Australia in the 80s, and they are still married. The incident is barely a footnote on his Wikipedia page covering his long and successful career.

It's beyond me why the Americans feel the need to cannibalise their highest public achievers for trivial personal faults.

Yes, affairs that turn into marriages happen. That doesn't actually detract from my point, which is that they're vanishingly rare. In a population of billions, I'd expect several hundred cases quite easily.

> It's beyond me why the Americans feel the need to cannibalise their highest public achievers for trivial personal faults.

I couldn't give a rat's ass about this scandal myself. I've been super-unproductive today, and this comment thread was an effective diversion. But the article I linked suggests that this scandal is a good opportunity to recognize some more interesting things about Petraeus' history that have nothing to do with his personal life, per se.

My favorite part about the article was what it didn't talk about: namely, Broadwell barely figured into it except as a secondary example.

Yep, thanks for the link. :)

I'm inclined to think that anyone with his success and media profile will inevitably have jealous rivals who think he's a show pony, and that they'd be lining up to stick in daggers now he's down.

So maybe the article is credible, or maybe not, but this kind of thing was always going to to be written regardless of the facts. I'd put far more stock in his undisputable military achievements, which are perfectly sufficient to explain his media profile on their own.

Remind me, why does anybody care what Petraeus and Broadwell are doing in their freetime? What's the legal basis for that having an impact on their jobs? (Sorry, I'm not from the US.)

People who have illicit affairs are susceptible to blackmail. It's a common way for people in important positions or with access to secure information to be compromised to enemy operatives. Similarly, having a good credit rating is important, and not gambling, because people in debt can also be desperate and vulnerable.

So I guess he should have just made his affair public?

When you're any public figure, especially the head of the CIA, it's wise to follow Seneca's advice: live in a such a way that you could tell your enemies anything you could tell your friends.

It calls into question whether they have the requisite character for the job. Someone who breaks one oath of loyalty (to one's spouse) may not be especially trustworthy in keeping another (to one's country).

The best thing would have been for them not to commit adultery.

They should have been careful to access the Gmail account only via TOR. One slip, and the game would be up.

Actually, using Gmail was a reasonable COMSEC plan for what they were doing. Much safer than using his official email.

Problem was, she couldn't restrain herself from frightening Jill Kelley into calling the cops. Once the FBI got on the case, Gmail was worthless. They'd see the unencrypted texts and get to correlate and trace the IP accesses, leaving no hope for the communicants to remain anonymous.

Ultimately, this was a case of a general and a major letting their privates call the shots.

Accessing anything from TOR in his position would be silly, because that sort of activity is likely to be picked up on many computers he might use. Why have to explain why you're trying to hide your tracks?

I would buy a cheap tablet or an iPod touch or something, use it only at public wifi spots, only ever use it for this purpose, keep music or whatever on it as a cover, and wipe the device as frequently as possible.

Not foolproof, but reasonably practical.

I thought about that. But consider, if you are on a book tour or your job as DCI takes you from place to place. Investigators will map the location of each access point you used. Airports, coffee shops, hotels, whatever. Then they'll match their map up with the various possible suspects. They'll look at security cam video and inspect hotel guest lists and airline passenger manifests. Bingo!

Thus, you need to be logging on from IP addresses that have no connection to you or your whereabouts. Maybe if you could arrange to VPN into a Russian office that does not keep logs and laughs at FBI subpoenas. Even then, there's the danger they traffic-analyze the data in and out of the VPN server.

Accessing Gmail using TOR is not practical because the account will be blocked from time to time (asking for some verification) thanks to the different exit nodes in different countries.

Don't you just keep hitting "change identity" in the tor browser bundle until that doesn't happen anymore?

If I were in this position, I'd have run an IRCd from static boot media. I don't think Petraeus should've been fired for being unable to keep his pants zipped, but I do think that a CIA employee who doesn't know how to cover his tracks properly when having an affair needs to be shown the door ASAP.

> I do think that a CIA employee who doesn't know how to cover his tracks properly when having an affair needs to be shown the door ASAP.

Apparently, you're not the only person who feels that way. From an interview on "Fresh Air" last year with Dayna and Robert Baer, two former CIA clandestine service agents, came this bit of institutional wisdom:

    GROSS: Yeah, sometimes when people start seeing each other who work together, they try to keep it secret for a while because they don't want everybody in the office to know. Did you do that?
    Ms. BAER: A little bit, to some extent.
    Mr. BAER: We used good tradecraft.
    (Soundbite of laughter)
    Mr. BAER: Car pickups, dead drops and the rest of it. You know, in the CIA they say if you can't carry on an affair in secret, you're not worth your salt.
    (Soundbite of laughter)
    GROSS: Is it that common that there's sayings about it?
    Ms. BAER: Yes.
    Mr. BAER: Oh, absolutely.
    Ms. BAER: Absolutely.
    Mr. BAER: I mean the divorce rate there must be astronomical. You know, they won't - that's a secret too, but I'm sure it is.

That's known as keeping the honour to yourself.

It means that you've become a liability to the organization that you serve so it is better to leave out of your own accord than to be thrown out. This is the quickest way to kill the storm. Imagine what it would have been like if this had been drawn out over many months, it's bad enough as it is.

Resigning looks so much better than being thrown out so if someone has messed up but on the whole has done an ok job (or in the case of Petraeus even a pretty good one) then giving them the option to bow out rather than to be tossed under the bus is a good thing. For everybody involved.

Resigning is honorable, but he might have kept his job if he made a public apology. The American people are generally quick to forgive public figures whose sins have come out and then confess. Lance Armstrong, on the other hand, is not likely to recover his image.

Right, and Korea was a "police action" and the Iraq war ended in May 2003.

exactly, being human is eminently forgivable, but being a total idiot about keeping it even slightly covert is reprehensible for anyone with his experience.

As far as I can tell both Hushmail and Tigertext are US based or have US operations. As such they can be subpoenaed (and this probably applies to other countries the US has law enforcement agreements with). Throw in a "matter of national security" to keep it secret and they would eventually have found out what is going on.

The folks planning 911 used this same technique of using drafts to send messages back and forth. I'm certain that these are now always saved permanently for law enforcement use to comply with CALEA. http://en.wikipedia.org/wiki/Communications_Assistance_for_L...

I don't think CALEA applies to email. Am I wrong?

Agents were able to use “digital forensic techniques to determine the person behind the keyboard at the time the emails in question were sent,”

How does this work? Does this refer to tracking IP addresses accessing the account? And is this information provided by Google?

They would share messages using un-flown pigeons in the same location of Washington d.c.

Finally a use for RFC 1149


> What Petraeus and Broadwell could have used

Their brains?

PrivateSky - http://privatesky.me

No mention of http://tormail.net/? Would be hard to top its degree of anonymity.

S/MIME and an email client like Thunderbird?

I sort of wish the news reporter would do their own damn job and ask a security consultant.

They could have just used GnuPG over pretty much any e-mail service?

That doesn't really help as GnuPG encrypts the message contents, but doesn't hide sender and recipients. In this case they could still have figured out who sent the messages even if they didn't figure out the contents. Then you apply traffic analysis to proceed to the next step http://en.wikipedia.org/wiki/Traffic_analysis

The only way they could have avoided detection using GnuPG is if they did something like always sending the same length message at the same time every day.

They left messages in the draft folder - no traffic analysis possible, at least from the messages themselves.

The message I responded to was proposing an alternative to what was used (draft folder) and instead using GnuPG.

However even if they only used encrypted text in the drafts and never sent them, you could still use traffic analysis techniques to help categorize the content (size, frequency etc) assuming the drafts could be read.

first the trampire, now betraeus lol

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact