On Email Security
Recently, there were quite a few high-profile e-mail scandals, with huge consequences, but apparently very few understand technical aspects of the problem. So here I’m trying to quickly summarize what is this email hacking is all about, in fairly simple terms. In fact I’ll try not use any special terms at all, so if you are looking for details on SSL/TLS, SMTP, S/MIME, DNS, IMAP and corresponding RFC you are in wrong place (though, who knows, if there is enough interest…)
Also, I’ll try to abstain from political discussion (and you decide if I succeeded).
What is e-mail.
For the purpose of this article and for simplicity, let’s think about e-mail as combination of information, exchanged through e-mail protocols, and infrastructure to support such exchange. In other words, it’s both mail, envelope, post box, postman, and all infrastructure to get mail from person A to person B.
Should e-mail be secure?
It depends, likely yes. Lots of sensitive information can be and is exchanged through e-mail. But even if you just use it to talk to your mom — your or her e-mail can be also used as backup for authentication to bank account (that Forgot Password? button), which you don’t want to give away.
Of course, for physical mails we have more trust to specific attributes of mail exchange — diplomatic post, courier, signature on delivery, use private companies with extra protection, and so on.
In general, most of these attributes from physical mail world apply and are/can be implemented in e-mail world. Of course, it also depends on particular choices individuals make to secure their e-mails.
All this intro above is pretty obvious and boring (and kept short on purpose) — now we’ll go to less obvious to many topics.
Why would somebody want to hack your e-mail.
First reaction to this question is simple — to steal information. And it’s correct. But not only this. Let’s review one by one.
- Information. Let’s assume you are exchanging state secrets, or just discussing somebody with your colleagues — you probably don’t want anybody to have access to this kind of information.
- Your account(s). (Remember, here we are talking about e-mail as both pieces of information and the whole infrastructure). If somebody hacks into your account they can not only read you e-mail, but also send e-mail from your account. And, as such, make security hole much bigger — as in, hack somebody else (you would rather click on attachment sent by your boss that “Nigerian” spammer, right?). Or use it to hack your other account.
- Your reputation. Well, we all know what it’s all about — if you are not serious about protecting sensitive information and are making careless choices people will have doubts in your qualification to hold serious positions. Your compromised account can also be used to plant some fake data (to be released when your mailbox is published) NOTE, as promised, I’m not making any allegations here. And, of course, there are more serious disqualifying sins over there than e-mail choices.
- And more…
How can somebody hack into your e-mail?
Many different ways, here are just some of them. Remember, we are talking about infrastructure — so every element of infrastructure can be compromised.
In our physical world adversaries can:
- Steal mail from your house, by breaking-in.
- Steal it from your mailbox
- If it’s locked they can steal your key or
- Blow the lock or
- Drill the hole in mailbox
- Attack postman (and attack here could be both violent and trick to get hold of her bag)
- Attack post station
- Steal mail in transit b/w post stations
- Do #1–7 at sender’s location
I’m sure I’m missing something here , but hopefully you’ve got an idea. All the same can apply to digital world, and more.
Let’s look at some of e-mail attacks.
- E-mail client is a software you use to compose and read e-mail, as well as to communicate with e-mail infrastructure (servers) to send and receive e-mail. It can be the one you run on computer, phone, within the browser.
So, hackers can
- Access your computer (physically or from other computer) and get access to your e-mail (through different means, not necessarily through email client) — and not necessarily compromising your e-mail-specific identity
- Infiltrate e-mail application itself, or trick you into using a bad one
2. E-mail is stored somewhere. It could be Gmail server if you use Gmail, or Yahoo server, if you use Yahoo, or your computer in a basement, running special software.
Similarly to the above, hackers can
- Get access to server itself (physical or from other computer)
- Infiltrate software, running on a server
The difference b/w (1) and (2) here is that (1) is what you have with you (phone, laptop) and don’t really have any options — you have to have and use it. For (2) there are options, and everyone makes a choice on how to proceed… You can take everything in your own hands (including ensure protection of server — physical and software), or delegate, and both decisions lead to more decisions, etc.
3. In order for client software to access server it uses authentication mechanisms.
- So, if you choose to use simple authentication protocols, or easy to guess password, or you choose to manage own server and it’s authentication module has not been upgraded and has security vulnerabilities — you increase risks.
- Of course, if you just give somebody else your password (or write on a post-it note and attach to the monitor), even if password itself is secure and you use strong authentication mechanisms, your account can be compromised.
- Hackers will try to trick you into unknowingly sending your credentials to their servers — more on this later. But, your choice of infrastructure you use can make it harder or easier.
4. E-mail clients and servers communicate through well-defined and standard internet protocols. Some protocols have secure and non-secure versions, and often times it’s your choice (or rather your e-mail provider’s, which you chose) which one to use.
For example, connection b/w your e-mail client can use
- Non-secure protocol
- Secure protocol
- Secure protocol, but connection itself could be compromised. For example, you can use secure protocol, but to hacker’s server, who will intercept your credentials, pretend to be you, send them to right server, etc. Or, secure protocol itself could be compromised (though still available for use), and your choice of client/server/infrastructure will me it more or less secure.
Similarly, e-mails could be stolen in transit — in general, if you use internet (and not your private network) e-mails will be sent b/w various e-mail servers and, in general, can be intercepted in transit.
BTW, I heard this to be a major argument for people arguing that e-mail is inherently insecure. While this is not absolutely incorrect, it’s not really correct either — first of all, you have some level of control by choosing which servers to use (of course, if your correspondent does not care about security you can’t do anything here… but then again we are talking about you, not them.. And if you both take necessary steps you can make it more secure).
But then you can use secure envelope (encrypted e-mails), which will decrease your chances of being hacked — though, again, it takes two to tango.
So, as we see, e-mail can be a critical asset, and can be stolen at different levels. Regardless of where it’s compromised you are screwed, and in general it’s very hard to guarantee e-mail security. But your decisions on how to use e-mail, what infrastructure and for what kind of business will increase or decrease chances of losing precious information. And, of course, your decisions are saying a lot about you.
And some recommendations
I was not sure if I want to include it here, because all recommendations will be incomplete (and to come up with fairly complete list would require much bigger article). But then I thought that perhaps some readers have not gone through any thoughts on this subject at all, and something will be better than nothing at all — at least as a starting point. So, here we are:
- Treat your e-mail account as compromised. Maybe it is not (yet). Maybe it will not be (unlikely, especially if you could have any assets there worth pursuing). But it’s much safer to assume that access to your e-mail will be granted to your worth enemy.
- Use strong passwords. Don’t re-use passwords. Use 2-factor auth. Don’t give passwords to anyone. Don’t type your passwords in public. Change your passwords often. I can go on and on…
- Use secure infrastructure. I’m not sure who these days can provide better security — government, google or my friend Li (or, if I knew — and, think, I know — II would not tell you).
- Don’t click on links or open attachments. Period. In general, security and usability hate each other, easy to use easy to hack.
I promised to talk about some of attacks. Phishing has been very popular — you’ll get a link to, for example, MICROS0FT.COM (which as you see points to micros0ft), or firstname.lastname@example.org…. (which couldpoint to email@example.com), or image with correct screenshot of google’s Change Password screen and link to firstname.lastname@example.org), or… In all these cases you will be unknowingly sending data to wrong servers, and this includes your credentials…
5. Be paranoid.
6. Use common sense. You would not click on a link to wire $100,000,000 to “Nigerian” bank even if your advisor said it’s safe — why would you click on Change Password link? You would not drop classified doc about JFK assassination in the mailbox on Red Square in Moscow — perhaps, some info not worth to be sent by internet e-mail (or, at least, must be encrypted and properly described and classified)
Comments? If it’s useful please let me know, if not — and you have suggestions on what to improve —would love to hear from you.