In an increasingly weird and tangled affair, Former CIA director David Petraeus, Marine General John R. Allen, Paula Broadwell, Jill Kelley, an unnamed FBI Agent, and others all used various anonymous accounts and message-masking techniques pioneered by terrorists and teens alike. They thought they were communicating with each other with discretion and secrecy.
That's because they're practiced in the field of cyberforensics--detailed Internet and technology detective techniques used every day all around the world. When it comes to the vast majority of activity by Internet users, it's amazingly easy to trace fake email addresses and anonymous blogs back to their owners. Or, put another way, if the director of the CIA's undercover ops can be cracked, so can yours. Here's how.
Cyberforensics firms regularly show up on retainer or on the payroll of law enforcement, lawyers of all stripes, lobbyists, and even intelligence agencies. Every activity on the Internet leaves identity breadcrumbs in the form of activity logs, cookies, GPS activity from mobile phones, and even logs of camera activity and keyboard use secretly copied from targets' computers. Given enough manpower hours, cyberforensics experts can reconstruct the tiniest minutiae of any phone or computer owner's lives. Law enforcement agencies and intelligence agencies also retain their own in-house cyberforensics experts.
The FBI gained access to anonymous Gmail accounts traced to Petraeus and Broadwell through a law, more than 25 years old, that gives law enforcement carte blanche to snoop in email accounts. Provisions of 1986's Stored Communications Act (SCA) allow “government entities” to access email records in storage for less than 180 days “if there is reasonable cause to believe a crime has been committed.” For email records that are older than 180 days, a warrant is required. Using the SCA, FBI investigators were able to obtain access to emails Broadwell and Petraeus wrote via Gmail over the past six months. Google routinely discloses government queries into Gmail's archives, and the Electronic Frontier Foundation and others have raised concerns over the SCA, an email bill written back in the halcyon days of Compuserve and GEnie.
Both Petraeus and Broadwell were savvy enough to use Gmail accounts with fake names. But while Petraeus knew his way around email, he wasn't savvy enough for Broadwell and him to take precautions that could have hidden any incriminating emails. Neither used identity-obscuring VPNs and rerouting solutions such as the Tor Project, which could have hindered the FBI from tracing, for instance, Broadwell's fake email account back to her North Carolina home. Apart from Tor, commercially available end-user solutions such as Hotspot Shield and LogMeIn Hamachi obscure the origination points of email messages with varying levels of success. It is important to note that many of those services, especially those that use American servers, may keep IP address logs that are accessible to investigators or hackers.
Darren R. Hayes, the head of Pace University's Computer Information Systems program and a computer forensics expert, tells Fast Company that there are numerous ways for anonymous email accounts to escape detection, or to at least make the process much harder. Commercial services such as GuerillaMail and Mailinator offer disposable, throwaway email addresses whose data can be held on foreign servers outside the reach of the American government; VPNs also make tracing emails much harder.
The FBI, NSA, local police departments, and other government entities can all access email account records and histories via sending requests to Google, AOL, and others. These accounts customarily request all information associated with an IP address--meaning that all the email addresses from a household, whether involved in an investigation or not, are culled by law enforcement.
Cyberforensics, though not regularly discussed in the press, are a booming industry. “These days, virtually all cases involve digital evidence. Whether the case is counterterrorism, kidnapping, drugs, or a white collar crime, digital evidence is key,” AccessData's Erika Lee tells Fast Company. AccessData, which sells computer forensics software to investigators parsing electronic records and corporations tracing the perpetrators of hacking attacks, is part of a field that does everything from parse the physical locations Facebook status updates were posted from to uncovering the Chinese cybercafes where multimillion dollar attacks on banks were launched from.
No comments:
Post a Comment