iTnews Australia recently published an interesting article about a leaked security audit of the security and intelligence firm Strafor. These are the guys whose trove of juicy emails was hacked and leaked (and from whom more than 79,000 credit card details were stolen) courtesy of LulzSec, a hacker group loosely associated with Anonymous. The forensic report concludes that Strafor’s slack security made it easy for LulzSec to access the sensitive information.
While a forensic report is interesting, and it is relatively easy for analysts to point to major security flaws after the fact, incidents like this clearly show – again and again – that security is no easy matter, ironically, not even for a firm specializing in security!
Protecting communications is important not only for governments and corporations, but also for individuals like you and me. Our communications offer a treasure trove of information about everything from our most intimate thoughts to our political convictions, buying preferences, and health concerns.
Before there was email, in the days when we still sent letters, it wasn’t necessarily easier to protect your privacy and identity, it was a lot less important. The US government has always photographed and stored the front and back of every letter sent (NYT: U.S. Postal Service Logging All Mail for Law Enforcement) , but it was significantly more difficult to analyze and correlate this information. Today, storage is cheap and it’s easy to query large databases to correlate information from different sources about each individual, providing the ability to create elaborate social graphs for almost everyone on the planet.
Where did (e)mail come from? – A (very) brief history
Let’s take a step back and look at the origin of email itself. Email originated from computer users’ desire to leave messages for other users on the same network, which became possible in 1961 when MIT’s Compatible Time-Sharing System (CTSS) was introduced. Users saved text files in special directories for others to read and append. Those were the early days of main frame computers, dummy terminals, and the first remote connections. Today, we are still doing basically the same thing, just on different, interconnected networks.
The first message exchanges can be traced back to the early 1960’s, before ARPANet, the precursor of today’s Internet. Interestingly, email was never developed as a system, rather, it evolved gradually out of users’ needs, their ingenuity and technical capabilities. Leaving files in directories evolved into ARPANet mail, leading to the ability to send files between different computers, as described by Ray Tomlinson in The First Network. Tomlinson also deserves credit for using the ‘@’ symbol to separate the username from the machine name the user’s mailbox was located on. By late 1973 email was widely in use on ARPANet.
Over the next few years email developed from primitive to production, mail protocols were developed, email contents was extended to include formatting and Multipurpose Internet Mail Extensions (MIME), and email programs with graphic interfaces allowed more, less technically inclined, users to utilize this new medium.
Keeping email secure is no easy task. Before taking a detailed look at the how-to of email security, let’s spend a few minutes looking at the modern concept of email and how it developed. There are two main parts to every email:
- The Message
- The Transmission
What Is An Email? – The Message
Every email message consists of three components; the message envelope, the message header, and the message body. Your email program automatically generates the message envelope for you based on information in the header you created (TO, CC, BCC), the receiver’s email server discards it once the message is placed in your inbox, you never see it.
The original email implementation described by RFC 821 (Request For Comment 821) only allowed 7-bit US-ASCII characters to be used. This was later (2008) extended by RFC 5332 to include MIME (described in RFC 2046), which allowed textual messages in character sets other than US-ASCII, non-textual message bodies, multi-part message bodies, and textual header information in character sets other than US-ASCII. In addition to allowing a multitude of attachment formats (you can now send cute cat pictures!), these changes also allowed for the body of the email to contain encrypted contents and attachments.
How does email go from one mailbox to another? – The Transmission
To get a message from sender to recipient, from one mailbox to another, a transfer protocol was developed to allow mail servers running different operating systems and software and on different networks to talk to each other, it is abbreviated as SMTP. SMTP stands for simple mail transfer protocol, and that is exactly the problem, it is simple. SMTP was developed when the Internet was a safe place and security not an issue. SMTP is a text-based protocol for negotiating a connection with a mail server and transferring email. Until recently even your username and password were sent in plain text!
The Internet Engineering Task Force (IETF) first defined SMTP in RFC 821 in 1982, and it was last updated by RFC 5321 in 2008 – the protocol still in use today. While user-level applications use SMTP only for sending email (POP and IMAP for receiving), mail servers and other mail transfer agents use SMTP to send and receive emails, the main reason why your emails aren’t secure while in transit.
Even though a secure form of SMTP exists, the current SMTP implementation is inherently insecure, but because of the wide install base, updating or changing the protocol while maintaining interoperability is challenging and the main reason it is still around…
Two basic versions of email access
People generally access email in one of two ways:
- Through a browser, usually referred to as “webmail”
- Through an email application such as Mail.app, Outlook, etc
Assuming you use a secure connection (SSL/TSL/HTTPS) to your email server – and you absolutely should! – the main difference between using webmail or an email application is twofold: where your email is stored, and whether you can encrypt it.
What does it mean to secure email?
When you google this question you will get differing answers – from keeping the content of your message hidden, to total anonymity, or anything in between.
Email security generally refers to: Confidentiality, Message Integrity, and Sender Authentication. Confidentiality refers to keeping the content of the message private (between the sender and receiver). Message Integrity means the message wasn’t tampered with during transit. Sender Authentication means the email came from the person uniquely identified as the signer of the message.
Note that confidentiality usually refers only to the content of the message, not the identity of the sender or receiver. In the past this would have been sufficient, but, as we’ve learned from Edward Snowden, it is now possible to glean significant information from so called meta data (envelope information for example) without having to look at the actual content of a message – especially when correlated with meta data from other sources, i.e. phone records, credit card transactions, etc. Therefore, it seems prudent to consider anonymity of the sender and receiver of a message, in particular when revealing the identity of sender and/or receiver puts either party at risk.
Why is it so difficult to protect email?
For the mail system to deliver mail the minimum required is the address of a recipient. While you can forge a return ‘From’ address, without a proper ‘To’ address sending a letter by snail mail or electronically will be futile. This requirement makes sufficient anonymity hard to achieve, because at least the receiver of a message must be publicly known.
Hiding the content of your message (including attachments) is much easier to achieve; you can encrypt it. Unfortunately for encryption (S/MIME, PGP) to work, both sender and recipient must exchange encryption keys, and run email programs capable of handling S/MIME or PGP. Encryption, properly implemented, will also ensure message integrity and authenticity (more on that in part 2 of this article). Without encryption email isn’t any more private than an old-fashioned postcard you write and send using the postal service.
The current email system wasn’t designed to be secure, and certainly not to be anonymous. While technically savvy and corporate users will be able to ensure confidentiality of their communication using encryption, the remaining users either aren’t knowledgeable enough or are simply not willing to spend the time required to secure their messages, the latter being the most likely culprit.
Image Credit: gajman