Petraeus Fallout: 5 Gmail Security Facts

Where did the former CIA director and the woman with whom he was having an affair go wrong? Learn from his experience with Gmail.

Want to avoid a fall from grace? Then ensure youre not the chief of a spy agency who coordinates your extramarital affairs using a free webmail service. Thats one information security takeaway from the ongoing probe into the former director of the CIA, David Petraeus, who resigned after 14 months on the job.
Petraeus fall from grace stemmed from an FBI investigation, which began after anonymous, threatening emails were sent to Jill Kelley, a friend of Petraeus. According to the
The Wall Street Journal
, Kelley -- who serves as a volunteer with wounded veterans and military families -- complained about the emails to an FBI agent whod pursued a friendship with her. The agent passed case details to the bureaus
cyber investigators
, who ultimately found that the emails had been sent by someone who also had access to a Gmail account used by Petraeus. The resulting national security investigation ultimately revealed that the emails had been sent by Petraeus biographer Paula Broadwell, and that the CIA director was having an affair with Broadwell.
Petraeus acknowledged the affair in a
resignation letter
sent to all CIA employees. After being married for over 37 years, I showed extremely poor judgment by engaging in an extramarital affair, he said. Such behavior is unacceptable, both as a husband and as the leader of an organization such as ours.
Morals aside, the Petraeus case raises multiple security-related questions, such as the ease with which emails from Gmail, Yahoo or other providers of free Web-based email services might be intercepted by foreign adversaries in the intelligence arena, or unscrupulous competitors in the business realm.
[ Its time to strengthen your Google security plan. See
9 Google Apps Security Secrets For Business
. ]
Here are five related facts:
1. FBI Involvement In Cyber-Stalking Rare
The FBIs investigation has led to civil liberties groups questioning whether the bureau overstepped the mark when investigating what turned out to be an extramarital affair. But the FBI doesnt regularly investigate the types of behavior that led to it discovering Petraeus affair. Im not aware of any case when the FBI has gotten involved in a case of online harassment, said Justin Patchin, an associate professor of criminal justice at the University of Wisconsin-Eau Claire,
reported
Wired
. The FBI definitely wouldnt get involved in your Joe Schmoe love triangle.
Furthermore, after the Petraeus matter came to light, multiple lawmakers said that he shouldnt have resigned. Notably, CIA regulations dont prohibit affairs, although employees are supposed to tell the agency about any affairs to help avoid the potential for being blackmailed.
2. Investigation Threshold: National Secrets
So, what might have driven the FBI to investigate the emails sent to Kelley? Thats not clear, but FBI officials are set to brief House and Senate intelligence committee members Tuesday, which may lead to further details coming to light. But one likely explanation is that the FBI may have quickly found evidence of classified material being inappropriately handled.
Already, Kelleys emails have led to an investigation of Gen. John R. Allen, who commands 68,000 American troops in Afghanistan, and who had been set to assume command of all American forces in Europe, as well as the supreme allied commander of NATO. Under military law, adultery is a crime, but Allen has reportedly denied doing anything wrong. Bureau officials told
The New York Times
that Kelley and Allen had emailed repeatedly between 2010 and 2011, but provided no more details concerning the investigation.
3. Free Email Services Arent Secure
How difficult is it to hack into a free webmail account? Earlier this year, an attacker
launched a life hack
of journalist Mat Honan, which was accomplished in part by hacking into Honans Gmail account. The hackers motivation was simple: he coveted Honans three-letter Twitter handle (mat).
Now imagine the implications for a foreign intelligence agency that discovered that the head of the CIA had a personal email account. In fact, that may have been the principal concern that continued to propel the FBIs investigation forward, given the ease with which personal email accounts can be hacked. Earlier this year, for example, a
hacker with ties to Anonymous hacked
-- and published an audio transcript of -- an FBI conference call discussing investigations into the Anonymous and LulzSec hacktivist groups. The attacker, who law enforcement officials identified as Donncha OCearrbhail, boasted that hed gained access to the conference call after hacking into the Gmail account of Irelands top cybercrime investigator.
4. Anonymous Webmail Accounts Can Be Traced
Still, how did the FBI identify that Broadwells computer had been used to send the harassing emails? According to
The New York Times
, FBI agents spent weeks matching up metadata from the emails -- most likely the IP addresses that were used to send the emails, which some webmail providers include with their sent emails -- and then reconciling the locations from which the emails had been sent with Paula Broadwells known locations. From there, investigators were able to obtain a probable-cause warrant, which they used to actively monitor Broadwells email accounts.
Ultimately, investigators found that Broadwell and Petraeus had set up private accounts, using Gmail, through which they communicated. Because Petraeus used a pseudonym, it took investigators some time to identify him as the owner of the other account, but they were able to successfully do so.
5. Dont Use Draft Emails To Evade Detection
Dont trust draft emails to help you evade detection. Law enforcement officials told AP that Petraeus and Broadwell exchanged some messages by leaving them as drafts in Gmail to avoid leaving a communications trail. Once investigators gained access to Broadwells email account, however, they apparently uncovered the ruse.
This isnt the first time people have attempted to communicate covertly via draft webmail emails. Last month, during a hearing involving Canadian Sub-Lt. Jeffrey Delisle in Halifax, Nova Scotia, who was accused of being a Russian spy, prosecutors told the court that Delisle had access to a secure computer and would save information to a floppy disk. Hed then transfer the information to a removable USB memory stick, take the information home and copy it into a draft email, using a webmail account provided by the Russians. The Russians would then access and read the draft emails,
reported Canadas CBC News
. Delisle, a naval officer, last month pled guilty to spying for Russia between 2007 and 2011.
Privacy researcher Christopher Soghoian noted that in 2001, shoe bomber Richard Reid attempted to use the same draft email trick used by Petraeus to disguise his communications, too. According to court documents, Reid left copies of three emails--one of which outlined to his mother what he planned to do aboard Flight 63 -- in his Yahoo draft email folder. Didnt work back then. Doesnt work now, said Soghoian
via Twitter
.
Apparently, some security lessons have yet to be learned--even by the newly retired director of the CIA.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Petraeus Fallout: 5 Gmail Security Facts