Hello again, Patriots.
At the end of our last Paranoid PC article, I gave you some homework. I asked you to consider three ways that someone could gain access to your email, what the consequences would be, and how you could counter.
The obvious place to look first is your password. How would an attacker get your password?
- Guessing (weak password).
- Reusing the same password in multiple places.
- Writing your password down.
- Keystroke Logger
Another way an attacker could access your email is through physical access to your computer. If your password is saved (either in a browser or mail client), or with the “keep my computer logged in” cookie selected in Gmail, all they need to do it open it up. Losing physical access to your smartphone, with your email logged in, is a similar risk.
If you access your personal email from work, that’s another potential risk. Aside from the physical access issue, there’s usually a team of people who can get limitless access to your machine making you vulnerable to keystroke loggers, cookie theft, and man in the middle attacks.
Do you share your password with anyone? Do you share your account with anyone else (such as family)? You’ve now multiplied all of those other risks we’ve already discussed by each person who knows your password.
Coercion is another threat, and now we’re getting serious. However, if someone is shoving splinters under your fingernails to gain access to it at least you know you’ve been compromised.
Who runs your mail servers? Do they actually secure it correctly? Do they comply with law enforcement “requests”, or do they require an actual warrant?
That’s not all of the ways someone could access your email, but it’s the high points.
Now, let’s address the consequences of someone accessing your email without your consent.
- On it’s face, your personal correspondence is now open to your attacker.
- Many of your other accounts (Facebook, banking, etc) are now vulnerable if the attacker uses the “forgot my password” function to send a password reset to your email address.
- Your attacker can now impersonate you and either discredit you or entrap or endanger your contacts.
- Speaking of your contacts, your attacker can now start mapping relationships between you and everyone you’ve ever contacted. Guess who’s next on their list?
So, how do we protect against these attacks?
The weak password is the easiest to deal with. Don’t use a weak password. One suggestion from this guide is:
So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence — something personal.
Also, don’t reuse passwords. I’ll be honest; I reuse mine sometimes too, but only for the most trivial of accounts. If I need to sign on to some obscure site one time, that doesn’t have any personal info, then I’ll give a common password. It’s better to use a throwaway email account for those, however.
“But,” I hear you say, “if we have all of these complex passwords, how are we supposed to remember them?” The answer to that is a password manager such as Password Safe or Keepass. We’ll discuss that further in a future piece. Whatever you do, don’t write it down…
Two factor authentication is incredibly helpful. Even though we don’t recommend Gmail for serious work, their two-factor authentication system is easy to use. Once enabled, when you go to login, Gmail will send you a text message with an authentication code that is also required before you are able to access your email. This serves two purposes: aside from blocking the attacker, it also notifies you that someone just tried to log in other than you and your password has been compromised.
When it comes to the risk of losing physical control of your device, good physical device security plays a part; that will be discussed in more detail later in the series, but having a good password for your computer (that is different than your email!), full disk encryption, and a fully updated OS goes a long way to stopping anyone that’s not a nation state. Further, make sure you don’t leave your PC or your email logged in when you are away.
I’d recommend that if you use your email account for anything serious that you not access it from work. With the click of a couple of buttons it’s fairly trivial for your system administrators to access your computer and compromise you. If you need to access your email, do it with a personal device of some kind.
If you are being coerced, assume that you’re going to eventually give in. PGP helps here, but if your enemy is pressuring you enough to give up your password, you’ll probably be giving up your keys, too.
Who runs your email server? Are they in the US or UK, or in another country that’s less likely to quietly submit to the NSA or GCHQ? Consider getting an account on a site such as unseen.is.
We mentioned PGP earlier. If you encrypt all of your emails, then it doesn’t matter who your provider is; as long as they don’t have the relevant keys, they aren’t going to get anything but the recipient and subject line. With proper key management, this helps with everything but the loss of physical device.
I know that’s a lot to digest. Hopefully you can see that you need a layered defense. If there is a weakness a dedicated enough or powerful enough enemy will use it to obtain useful intelligence about your activities.
Since this turned into a post of its own, we’ll put off the supply chain and identifying characteristics post for another day. Stay agile and train hard.
EDUCATE. EMPOWER. RESIST.