Future Tense

Terrorists Made Their Emails Seem Like Spam to Hide From Intelligence Agencies

Maybe there’s something meaningful hidden in my spam folder.

Image from Gmail

During David Petraeus and Paula Broadwell’s affair, the two would communicate by leaving notes in the drafts folder of a private Gmail account. As a covert communication method it didn’t really, um, work. But points for effort! There are other ways to hide (or at least try to hide) emails in plain sight, too. And a recent paper recounts one method the Taliban tried shortly after the 9/11 attacks.

First spotted by Quartz, cryptologist and former NSA officer Michael Wertheimer’s paper “Encryption and the NSA Role in International Standards” includes an anecdote about how the NSA wised up to a strategy of turning real emails into spam. By writing messages with spam-like subject lines, combatants were attempting to exploit surveillance filters so that instead of being combed, the messages would be sorted into the spam folder abyss.

Wertheimer explains that during operations in Afghanistan, the U.S. was able to analyze some laptops formerly owned by Taliban members. He says:

In one case we were able to retrieve an email listing in the customary to/from/subject/date format. There was only one English language email listed. The “to” and “from” addresses were nondescript (later confirmed to be combatants) and the subject line read: CONSOLIDATE YOUR DEBT.

From a surveillance perspective, Wertheimer writes that this highlights the importance of filtering algorithms. Implementing them makes parsing huge amounts of data easier, but it also presents opportunities for someone with a secret to figure out what type of information is being tossed out and exploit the loophole.

The new trend in affair protocol could be sending love notes with subject line “Pain-free penis enlargement!”