The beginning of the end came for CIA Director David Petraeus when Paula Broadwell, with whom he was having an affair, “or someone close to her had sought access to his email,” according to The Wall Street Journal’s description of an FBI probe. Associates of Petraeus had received “anonymous harassing emails” that were then traced to Broadwell, ABC’s Martha Raddatz reported, suggesting she may have found their names or addresses in his email.
The email account was apparently Petraeus’ personal Gmail, not his official CIA email, according to The Wall Street Journal. That’s a big deal: Some of the most powerful foreign spy agencies in the world would love to have an opening, however small, into the personal email account of the man who runs the United States’ spy service. The information could have proved of enormous value to foreign hackers, who already maintain a near-constant effort to access sensitive U.S. data.
If Petraeus allowed his Gmail security to be compromised even slightly, by widening access, sharing passwords or logging in from multiple addresses, it would have brought foreign spy agencies that much closer to a treasure trove of information. As The Wall Street Journal hints, investigators were concerned about Petraeus’ Gmail access precisely because of the history of foreign attempts to access such accounts:
Security officials are sensitive to misuse of personal email accounts – not only official accounts – because there have been multiple instances of foreign hackers targeting personal emails.
More secure, but still susceptible
A personal email account such as the one used by Petraeus almost certainly would not have contained any high-level intelligence; he probably didn’t keep a list of secret drone-base coordinates on his Google Drive account. But access to the account could have provided telling information on, for example, Petraeus’ travel schedule, his foreign contacts, even personal information about himself or other senior U.S. officials.
Private email services like Google’s, though considered significantly more secure than most, still have susceptibilities to foreign intrusion. And it happens. Technology writers have sometimes discussed what one writer called the “password fallacy,” the false sense of safety created by access systems such as Google’s that balance security against ease of use. Even with Google’s extra security features, the company must also avoid making security so onerous as to drive away customers. But that makes it an easier target for foreign hackers. And, as a Wired magazine investigation demonstrated in August, personal email accounts often allow hackers access to other personal accounts, worsening both the infiltration and the damage.
All of this might sound a little overly apprehensive – really, U.S. national security is compromised because the CIA director’s personal Gmail account might have been a little easier to hack? – until you start looking at the scale and sophistication of foreign attempts to infiltrate U.S. data sources. Chinese hacking efforts, perhaps the best-known but nowhere near the only threat to U.S. networks and computers, suggest the enormous scope and ferocious drive of foreign government hackers.
‘Standard operating procedure’
Some Americans who have access to sensitive information and who travel to China describe going to tremendous lengths to minimize government efforts to seize their data. Some copy and paste their passwords from USB thumb drives rather than type them out, for fear of key-logging software. They carry “loaner” laptops and cellphones and pull out cellphone batteries during sensitive meetings, worried that the microphone could be switched on remotely. The New York Times called such extreme measures, which also apply in other countries, “standard operating procedure for officials at American government agencies.”
Still, the publicly reported incidents of successful Chinese hacking – such as a March intrusion that stole a $1 billion, 10-year research project overnight – suggest that the efforts might be near-continuous and the successes rampant. A 2010 Chinese infiltration of the U.S. Chamber of Commerce ended up funneling weeks of corporate data; even after the chamber thought it had reestablished security, it discovered that an office printer and a corporate apartment thermostat were still sending data – who knows what kind? – back to China. You have to wonder what a similar infiltration into the private email account of the director of the Central Intelligence Agency might have turned up.
Of course, the CIA director is not the Chamber of Commerce, which may explain why the FBI’s counter-intelligence monitoring is so sensitive that just Broadwell’s access to his Gmail account triggered an investigation. But the fact that the FBI looked so hard and so carefully – and that Petraeus lost his directorship of the CIA over an intrusion that many of us might consider minor or even routine – underscores the potential risk to U.S. intelligence entailed in alleged misuse of his personal account.
The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.
Have a news tip? You can send it to a local news editor; email email@example.com to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.Read moreRead less