Image from EFF

Is e-mail OK for secret stuff?

Image by EFF

Image by EFF

Short answer: No. Slightly longer answer: Maybe, but not without additional protection.

E-mail is one of the oldest and most widely used services on Internet. It was developed during an era when we were comfortably unaware of viruses, worms, spam, e-crime and the NSA. And that is clearly visible in the architecture and blatant lack of security features. Without going deep into technical details, one can conclude that the security of plain e-mail is next to non-existing. The mail standards do by themselves not provide any kind of encryption or verification of the communicating parties’ identity. All this can be done with additional protection arrangements. But are you doing it and do you know how to?

Here’s some points to keep in mind.

  • Hackers or intelligence agencies may tap into the traffic between you and the mail server. This is very serious as it could reveal even your user ID and password, enabling others to log in to the server and read your stored mails. The threat can be mitigated by ensuring that the network traffic is encrypted. Most mail client programs offer an option to use SSL- or TLS-encryption for sent and received mail. See the documentation for your mail program or service provider. If you use webmail in your browser, you should make sure the connection is encrypted. See this article for more details. If it turns out that you can’t use encryption with your current service provider, then start looking for another one promptly.
  • Your mails are stored at the mail server. There are three main points that affect how secure they are there. Your own password and how secret you keep it, the service provider’s security policies and the legislation in the country where the service provider operates. Most ordinary service providers offer decent protection against hackers and other low-resource parties, but less protection against authorities in their home country.
  • Learn how to recognize phishing attacks as that is one of the most common reasons for mail accounts to be compromised.
  • There are some mail service providers that focus purely on secrecy and use some kind of encryption to keep messages secret. Hushmail (Canada) and Mega’s (New Zealand) planned service are good examples. Lavabit and Silent Mail used to provide this kind of service too, but they have been closed down under pressure from officials. This recent development shows that services run in the US can’t be safe. US authorities can walk in at any time and request your data or force them to implement backdoors, no matter what security measures the service provider is implementing. And it’s foolish to believe that this is used only against terrorists. It’s enough that a friend of a friend of a friend is targeted for some reason or that there is some business interest that competes with American interests.
  • The safest way to deal with most of the threats is to use end-to-end encryption. For this you need some additional software like Pretty Good Privacy, aka. PGP. It’s a bit of a hassle as both parties need to have compatible encryption programs and exchange encryption keys. But when it’s done you have protection for both stored messages and messages in transit. PGP also provides strong authentication of the message sender in addition to secrecy. This is the way to go if you deal with hot stuff frequently.
  • An easier way to transfer secret stuff is to attach encrypted files. You can for example use WinZip or 7-Zip to create encrypted packages. Select the AES encryption algorithm (if you have a choice) and make sure you use a hard to guess password that is long enough and contains upper and lowercase letters, numbers and special characters. Needless to say, do not send the password to the other party by mail. Agreeing on the password is often the weakest link and you should pay attention to it. Even phone and SMS may be unsafe if an intelligence agency is interested in you.
  • Remember that traffic metadata may reveal a lot even if you have encrypted the content. That is info about who you have communicated with and at what time. The only protection against this is really to use anonymous mail accounts that can’t be linked to you. This article touches on the topic.
  • Remember that there always are at least two parties in communication. And no chain is stronger than its weakest link. It doesn’t matter how well you secure your mail if you send a message to someone with sloppy security.
  • Mails are typically stored in plaintext on your own computer if you use a mail client program. Webmail may also leave mail messages in the browser cache. This means that you need to care about the computer’s security if you deal with sensitive information. Laptops and mobile devices are especially easy to lose or steal, which can lead to data leaks. Data can also leak through malware that has infected your computer.
  • If you work for a company and use mail services provided by them, then the company should have implemented suitable protection. Most large companies run their own internal mail services and route traffic between sites over encrypted connections. You do not have to care yourself in this case, but it may be a good idea to check it. Just ask the IT guy at the coffee table if NSA can read your mails and see how he reacts.

Finally. Sit down and think about what kind of mail secrecy you need. Imagine that all messages you have sent and received were made public. What harm would that cause? Would it be embarrassing to you or your friends? Would it hurt your career or employer? Would it mean legal problems for you or your associates? (No, you do not need to be criminal for this to happen. Signing a NDA may be enough.) Would it damage the security of your country?  Would it risk the life of you or others? And harder to estimate, can any of this stuff cause you harm if it’s stored ten or twenty years and then released in a world that is quite different from today?

At this point you can go back to the list above and decide if you need to do something to improve your mail security.

Safe surfing,

More posts from this topic

dead end

Should We Stop Thinking of Email As Private?

When he was still working in cyber security for the Finnish government, Erka Koivunen met a NATO diplomat that there was "nothing new" about the era we now live in. Foreign envoys have always lived with the constant awareness that their private communications could be "leaked" for their enemies to exploit. "Anything that was written down could eventually be discovered," Erka, who is now an F-Secure Cyber Security Advisor, told me. "So the most sensitive conversations never took place in writing." Given the massive email leaks that have now hit the worlds of business, with the Sony hacks, and politics, with the leaks of U.S. political figures, is this how we should all start thinking? Does everyone alive in the twenty-first century have to operate like a NATO diplomat? Or a C-level executive who knows any word she types could be subpoenaed? Or the campaign chair of a presidential campaign? The answer, unfortunately, seems to be increasingly clear. "Whatever you write, you may need to defend your position in public," Erka said. Relying on an insecure medium The problems with email begin with the general insecurity of it as a means of communication. It's more like sending a postcard than sending a sealed letter, Erka explains. "As soon as the message goes out of your or your company’s systems, you lose control of it," Erka explained. "This is by far the biggest problem of the good-ole-email. Messages can be eavesdropped, altered, delayed, replayed or dropped altogether without you ever knowing." To actually spy on email as it's being transmitted generally requires legal access to telecommunications infrastructure or extraordinary technical knowhow and resources. Think law enforcement or intelligence agencies. Since these groups have a vested interest in cloaking their activities, they had little incentive to engage in the massive sort of leaking of gigabytes of private data we've seen from Wikileaks. However, we appear to be at the end of the era of "the gentleman's agreement" between countries, as cyber policy expert Mara Tam explained on a recent episode of the Risky.Biz podcast. This agreement went something like: "Gentlemen read each other's email, but they don't leak it to the public." The leaks from former CIA contractor Edward Snowden helped make the public aware of how much information the government potentially could access. But the exposure of a private individual's digital communication to the world presents a stark new reality for anyone who conducts business online. "Personal mailboxes store gigabytes’ worth of conversation history that will be a treasure trove for attackers for multiple reasons," Erka said. "There are sensitive discussions about business strategy, customers, competitors, products. There is also internal gossip, badmouthing and other damaging stuff." Activist Naomi Klein told The Intercept that "this sort of indiscriminate dump is precisely what Snowden was trying to protect us from." And we don't yet have a full sense of the potential ways this mass of data can be used against us. A competitor could use private information to tarnish someone’s reputation and hackers can mine the data to prepare for future cyber intrusions or to gain access to your other accounts through password resets. Letting the public decide what's private Leaks have already cost some executives their job and could swing the U.S. presidential election. But in a sense, we're all victims of this new risk to all of our privacy. "Whatever you write in an email you have to consider, are you ready for your boss, your spouse, your business partners to read it?" This new reality leads inevitably to the tragedy of self-censorship. Zeynep Tufekci -- a "techno-sociologist" -- ‏has been doing a running commentary on the Wikileaks revelations and is very disturbed by what she's seeing. "People gossiping in internal conversation is not a scandal—but destroying public/private boundaries will paralyze dissent, not the powerful," she tweeted. Wikileaks is releasing more documents than it could ever sift through in the hopes that the newsworthy information will be discerned by interested researchers around the world. But along with potentially relevant items, intensely private information has been revealed. "For example, a suicide attempt was publicized through Podesta indiscriminate dump (Wikileaks tweeted it out)," she noted. "Who will want to be political?" This makes the loss of email seem dire, but perhaps it speaks to a not just a flaw in the medium's security but the medium itself. "The deeper problem with email is that it has never quite settled on a social mode," The New York Times Farhad Manjoo wrote. "An email can be as formal as a legal letter or as tossed off as drive-by insult. This invites confusion." What can you do? So, should you be like that NATO diplomat content to keep all of your deepest secrets out of writing? Can you expect yourself to remove all snark and potentially offensive thoughts from your emails? Should you assume that your email box is like a box of letters in your attic, vulnerable to anyone who can get access to it? These answers are ultimately up to you and how you use -- or don't use -- email. F-Secure security advisor Sean Sullivan has found that young people he's interviewed are increasingly abandoning email as communication tool. "They only have an account -- typically Gmail -- in order to sign up for stuff," he said. If this continues, email is on its way out, whether it's private or not. For now, lawyers, doctors and other professionals with explicit legal responsibilities, email has a much more defined role that cannot be easily abandoned or circumvented. As far as your work email goes, consult your IT staff for guidance as you may be under legal obligation to preserve. But for your personal email, Erka suggests you have to at least be aware of how likely you are to be a target and what you can do to contain any potential damage -- besides using a strong unique password for every email account you have and only entering your account information on the secure webpage of your email provider. If you are involved in international politics, for instance, there's no question. You are a target. Hackers are either after your emails or are trying to get access to powerful people in your contacts. If you're someone with no power, no tumultuous relationships and no interest in politics, you're likely not to be on anyone's radar... yet. The problem is no one knows where you'll be in a few years and our inboxes are big enough to last a lifetime. "When everyone is using cloud-based emails like Gmail, there's no need to save space," Erka said. "That's the whole selling point of those services: Never delete anything." If you see the potential for enough damage, you many want these recent leaks as an inspiration o begin a serious spring cleaning of your personal online inboxes, including email and social media. "You may want to delete the messages you don't need and sort the stuff you do want into folders that you take off the web and can store on a secure backup," Erka suggested. Yes, you will lose the convenience of being able to search your Gmail box through a simple interface, but so will potential hackers. He also recommends sharing documents through sharing platforms and cloud services such as Sharepoint, Salesforce or Dropbox. "These links can require separate authentication upon opening and the sender can control how long it will be valid," Erka said. "If the email gets stolen and leaked years later the chances are the link will be invalid by that time." For quick conversations, Sean suggests Wickr, which offers self-destructing messages through a mobile app or a desktop client with easy encryption, something that just doesn't exist for most email. "For professionals, Wickr has a paid service which will retain messages for a legal requirement, and will then securely delete them post-requirement," he said. Regardless of policy, employers have a vested interest in moving their staff away from an over-reliance on email for more than privacy reasons. "Actual phone calls and face-to-face discussions that get out of your chair are probably more useful than email or chat threats," Sean said. "So rather than swap from one to the other – just learn to better utilize what you work with best." These leaks offer a sobering reminder that email is not secure. But, perhaps, the more important message is that it as a means of communication, it was never very smart. [Image by Alan Levine |Flickr]

October 20, 2016

5 Things You Need to Know About the Threat of Election Hacking

Cyber security is playing an starring role in the drama surrounding the question of who will be the next president of the United States. "The security aspect of cyber is very, very tough," Republican nominee for president Donald Trump said, when asked about securing American secrets from cyber attacks during the first debate. "And maybe it’s hardly do-able." Even the integrity of the election has been put into doubt by the threat of hacking -- which may be exactly the point. The questions about cyber intrusions into the electoral system and the wild speculations those intrusions provoke can be hard to put in perspective. So here are five basic premises to help you assess the situation as this historic election transpires. It would be almost impossible to hack the entire U.S. election. The biggest reason this U.S. presidential election is unhackable is that most of it doesn't depend on computers. More than three out of four Americans will vote on a paper ballot this November 8, Techcrunch's Ben Dickson reports. And the fact that all Americans don't vote in the same manner points to the biggest reason you probably couldn't hack the election. Each state has its own system, with some federal guidance. Nearly every state lacks sufficient funding to fully upgrade their systems, hence the reliance on outdated technology. So while voting machines are definitely vulnerable to hacking, hitting just the right ones in a systematic way that just happens to sway the electoral college vote in favor of one candidate would involve both a massive investment of time and money and an even larger serving of luck. But that doesn't mean an election can't be "hacked." “To ‘hack’ a US presidential election, all you need to do is to obviously tamper with one county’s system, then leak that the tampering occurred,” our security advisor Sean Sullivan told Dickson. “Many people will rush to assume that all of the other typical issues that occur may also be the result of hacking — and thus, you’ll end up delegitimizing all of the results.” A delegitimized election equals a  delegitimized winner. You don't even have to hack an election to hack an election. The hacks of the Democratic National Committee and Hillary Clinton's campaign chair John Podesta could end up being far more consequential in swaying the election than hacking either voting processes or actual vote counts -- especially if the resulting leaks end up revealing something extraordinarily damaging to the candidate in the documents being dripped out by Wikileaks. “Owning an election is gold; being able to influence it is silver; knowing the outcome in advance is bronze,” F-Secure cyber security advisor Erka a Koivunen explained. It's pretty clear that someone is at least after the silver in this election. Someone has definitely poking around in the U.S. election system. The United States has been clear that it believes that Russia is trying to hack this election. This month U.S. officials have explicitly stated that the Russians are behind the hack of a contractor that works on the electoral system of the key swing state of Florida. Similar hacks were reported by the states of Arizona and Illinois. U.S. intelligence also believes Russia is behind the hack of Podesta's emails and a security firm believes it found evidence that the nation led by President Vladmir Putin was behind the hack of the DNC. Russian Foreign Minister Sergei Lavrov told CNN that the accusation that it was behind the Podesta hack "flattering." When pressed to confirm or deny his nation's involvement, Lavrov said, “No, we did not deny this, they did not prove it." Trump himself questioned whether the hack actually happened in the second debate and if he's concerned about Russian hacking, he doesn't seem to be showing it. At one point he even -- jokingly, he said later -- asked Russia to hack his opponent's missing emails. Election technology needs to improve quickly. It's safe to say that no matter who is hacking the U.S. elections, the U.S. is probably hacking them, too. The richest nation on Earth is just not engaging, as far as most people can tell, in the leaks that have followed the recent U.S. hacks. In this new era of cyber attacks backed by nation-states or "privateers" employed by nation-states the rules of cyber espionage are unclear and the fog is thick. No matter what happens in 2016, digital technology will play ever-increasing role in both campaigns and election, and the U.S. needs to take steps to ensure the integrity of its elections. Sullivan believes that the Department of Homeland Security should go through with its proposal to declare voting system critical infrastructure and then adapt its defenses to catch up with the threats. “Network monitoring is rapidly becoming a requirement,” he told Techcrunch's Dickson. And voting must be made to feel at least as secure as using your credit card to buy a coffee. “Smartcard technologies are available in several European countries for online identity authentication,” Sullivan said. “They aren’t widely used. If a country such as the United States were to get serious about rolling out such tech, it would be a game changer.” All of this focus on the security of election systems means that there are “more people checking stuff.” The question now is who is putting in more resources -- the attackers or the people doing the checking. [Image by Maryland GovPics | Flickr]

October 13, 2016