slate | Using the dead-drop tactic can
certainly reduce the chances that sweeping surveillance dragnets will
gobble up your communications—but it is not exactly secure. The method was used by the planners of the Madrid train bombings
in 2004, which killed 191 people, helping them to operate below the
radar of Big Brother. However, law enforcement agencies over the years
have grown accustomed to terrorists using the dead drop, and
technologies have been developed to help counter it.
An interception tool developed by the networking company Zimbra, for
instance, was specifically designed to help combat email dead drops. Zimbra’s “legal Intercept” technology allows law enforcement agencies to obtain “copies of email messages
that are sent, received, or saved as drafts from targeted accounts.” An
account that is under surveillance, with the help of Zimbra’s
technology, will secretly forward all of its messages, including drafts,
to a “shadow account” used by law enforcement. This may have been how
the FBI was able to keep track of all correspondence being exchanged
between Petraeus and Broadwell.
(It’s also worth noting that archived draft emails stored alongside
sent and received messages on Google’s servers can actually be obtained
by law enforcement with very little effort. Due to the outdated Electronic and Communications and Privacy Act, any content stored in the cloud can be obtained by the government without a warrant if it’s older than six months, as Wired reported last year.)
What this means is that if Petraeus and Broadwell had been savvy
enough to use encryption and anonymity tools, their affair would
probably never have been exposed. If they had taken advantage of PGP encryption,
the FBI would have been able to decipher their randy interactions only
after deploying Trojan-style spyware onto Broadwell’s computer. Further
still, if the lovers had only ever logged into their pseudonymous Gmail
accounts using anonymity tools like Tor, their real IP addresses would have been masked and their identities extremely difficult to uncover.
But then it is unlikely that they ever expected to come under FBI
surveillance. Their crime was a moral one, not a felony, so there was no
real reason to take extra precautions. In any other adulterous
relationship a pseudonym and a dead drop would be more than enough to
keep it clandestine, as my Slate colleague Farhad Manjoo noted in an email.
Broadwell slipped up when she sent the harassing emails—as that, as
far as we know, is what ended up exposing her and Petraeus to
surveillance. Whether the harassment was serious enough to merit email
monitoring is still to be established, as Emily Bazelon writes on “XX Factor.” It goes without saying, however, that the real error
here was ultimately made by Petraeus. If he had stayed faithful to his
wife of 38 years in the first place, he’d still be in charge at the
CIA—and I wouldn’t be writing about how he could have kept his adultery
secret more effectively by using encryption.
17 comments:
Why stop at TOR & PGP when you could cover all your bases?
https://silentcircle.com/
I think Denninger has a more apt and less polite take:
http://market-ticker.org/akcs-www?post=213878
Methinkst the primary security vulnerabilities exploited to great good effect in all of this were of the seven deadly variety. http://2.bp.blogspot.com/-XVYKe1pI6NE/T7uWg9AH6oI/AAAAAAAABXI/Vx0rXcCOj7g/s1600/35-Seven-deadly-sins.jpg
Noticed they didn't explain how the "dead drop" was ineffective and provided a general statement. Dead drop is the most effective and more effective than both PGP and tor because all it takes is time to decrypt any digital message. In fact, I'm not going to say how ignorant the writer is thinking to believe someone sending an encrypted transmission over monitored networks is more secure than dead drops...incredible..
geolocation codes in gmail metadata is what doomed petraeus and his groupie. the moral of this story is DONT GO WITHIN A COUNTRY MILE OF A GOOGLE PRODUCT if you want to have any prayer of anonymity.
This lady had classified files on her hard drive. What if she's telling the truth here?
http://dai.ly/UG9vEu
I'm on pins and needles Bro. Makheru, what.if.she.is?!?!
Ryan Crocker said this morning that foreign service officers must take big risks to be useful, it comes with the job - contrary to the notion of croissant eating dilletentes on the left bank in Paris. http://www.npr.org/2012/11/15/165186976/we-didnt-know-how-well-al-qaida-was-organized-in-libya
Preznitial plausible deniability seems rock solid and iron-clad at this juncture Bro. Makheru. That too, goes with the foreign service officer's job imoho..., bottomline in this case, tea and douchebaggery have so categorically overshadowed any other consideration that the Hon.Bro.Preznit ain't even have to flick a single ash off his shoulder.
What do you suggest that someone who is about to connect to Google at the curb should do? Besides "straight and narrow," of course.
Plausible deniability--like Sgt. Schultz--LOL
http://www.youtube.com/watch?v=UgcxGFmYyPs
The Real Scandal Surrounding the Petraeus Resignation: the Utah Data Center
Here's the money shot http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/
Getting at the stored encrypted data is key, i.e., decrypting decades worth of gathered - but here to date - indecipherable sigint.
Looking forward, why do you suppose that's important? What contingency is this behemoth being built for?
On a related note, have you ever examined the history of the global opium trade from its inception up through today?
The more I know about the Googleplex, the more I encourage others to embrace it, stare deeply, long, and lovingly into that abyss. Exploring the intimate details of how it works, its various and sundry EULA's, etc..., will have significant value a couple of years hence.
BD feels safer already....
"Getting at the stored encrypted data..." is likely moot, particularly for data more than a few years old, given that particular 3-letter agency's penchant for operating beyond the state of the art. IOW, I'd bet there's plenty of liquid He already in B-dale.
As far as "Why?," well I think that there's already sufficient answer to that question, between what has been discussed on the interwebs and your fertile imagination. C3I, baby...C3I.
That would account for them calling it Stellar Wind http://en.wikipedia.org/wiki/Stellar_Wind_%28code_name%29
C4ISTAR is the British acronym used to represent the group of the military functions designated by C4 (command, control, communications, computers), I (military intelligence), and STAR (surveillance, target acquisition, and reconnaissance) in order to enable the coordination of operations.[1]
C4ISR is the similar term used by the U.S. military
(command, control, communications, computers, intelligence,
surveillance, and reconnaissance).[2]
C4ISTAR and its related terms can be used to refer to infrastructure, a role of military units or individuals, or procedures employed.
The General cops a misdemeanor plea and goes scott free http://www.washingtonpost.com/world/national-security/petraeus-pleads-guilty-to-misdemeanor-but-will-likely-not-face-prison-time/2015/03/03/13824f2a-c1bc-11e4-9271-610273846239_story.html
Post a Comment