5 comments

[ 0.26 ms ] story [ 18.6 ms ] thread
These folks are probably smarter than me, but they might not be less paranoid.

I have previously been 100% sure something nefarious was going on, (somebody edited this file!!) and then discovered that I was connected to the wrong server, for example.

This is only meant to help them think clearly as they investigate.

While their emails may well be getting intercepted, I find it somewhat implausible that a nation-state-level actor would go to all the work of intercepting their messages, but do so in such a way that they disappeared in transmission. That doesn't make a ton of sense. Sure, anything's possible, but have they really considered simpler explanations?

My recollection of how Gmail works is that posting messages to the "Sent" folder is a bit odd: in contrast to other email providers, where the SMTP server is completely separate from the IMAP / incoming server, Gmail has them connected so that if you send messages out via Google's SMTP, a copy of the message is automatically put in your "Sent" folder. (At least, this is how it worked for me, last time I checked.) This normally gets noticed because if you have your MUA set up in a sane way, where it files a copy of each sent message via IMAP into the "Sent" folder, you'll end up with duplicates. Thus, you have to suppress the normal MUA behavior when using Gmail and Google's SMTP servers.

Cf.: http://superuser.com/questions/224524/sending-mails-via-mutt...

I wonder if perhaps someone had this Gmail configuration in their MUA, and then sent messages via an alternate SMTP server. Doing this would cause the messages not to show in Gmail's "Sent" box, and if that SMTP server was badly configured or behaving, could easily cause the messages to 'disappear'.

Since many MUAs will roll from one SMTP server to another if the first one is unreachable, it's not hard to imagine this happening 'mysteriously'.

NSA would definitely never make this mistake. PRISM works directly with Google to intercept emails. So this would assume Google made the mistake in Gmail, which is questionable. So that only leaves some other countries (assuming it is a country and not technical anomaly or human error).

China has been known to be sloppy like this when monitoring activists but that was probably not their top level secret services who monitor hacker groups - those people are usually going to be good.

Not using gmail is probably a good start regardless though.

The point of the exercise wouldn't be to intercept the content of emails; it might be to make them switch to another commmunications channel which might be a little more transparent. (Or, failing that, just to disrupt the audit.)
Why do I feel like I'm being trolled here? But maybe I'm missing something. Why are they using Gmail? Did they not get the various memos from Snowden? Are they not familiar with what happened to CIA director Petraeus?