Monday, November 12, 2012

Lesson #1 from the Petraeus Scandal: Google is a Bit More Secure Than Yahoo Email

Michael Isikoff and Bob Sullivan at NBC News report:
Federal officials who spoke with NBC News on condition of anonymity on Monday said it took agents a while to figure out the source. They did that by finding out where the messages were sent from -- which cities, which wi-fi locations in hotels.  That gave them names, which they then checked against guest list from other cities and hotels, looking for common names.

That led them to Broadwell, they said, noting that the pattern coincided with her travel to promote her book.

Finding the location from which the emails emanated would not have been difficult, experts say.

Some webmail services, including Yahoo and Microsoft's, send user IP addresses across the Web with every note, according to privacy researcher Chris Soghoian.  Those IP addresses can be used to track the physical location of a computer user connected to the Internet, sometimes without the help of an Internet service provider.

Broadwell had used a Yahoo account publicly in the past. If she used a new, fake Yahoo account for some of those anonymous emails, agents would have had an easy time gathering a list of IP addresses from the threatening emails Kelley provided to them.  And even if she used Gmail or another service that doesn't "leak" IP information, an FBI agent could have obtained such information by calling Google with a subpoena, the experts said.
Bottom line: If Broadwell had used a Google account instead of Yahoo, it is possible that the investigation would have not gone anywhere, since internally FBI agents were already questioning reading the IP address, never mind having to get a subpoena to access the information. 


  1. Yes, give all your information willingly to Google. They'll keep it safe in the NSA's new data center for you.

  2. Off topic: downside to not voting.