August 2018
The Economics of Hacking an Election (7 August 2018)
Foldering (8 August 2018)
German Cryptanalytic Attacks on the British World War II "TYPEX" Machine (24 August 2018)

Foldering

8 August 2018

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? What is it good for, and what are its weaknesses? There’s a one-word answer to its strength—metadata—but its utility (to the extent that it had any) is largely that of a bygone era.

Before I start, I need to define a few technical terms. In the email world, there are "MUAs"—Mail User Agents—and "MTAs"—Mail Transfer Agents. They’re different.

An MUA is what you use to compose and read email. It could be a dedicated mail program—the Mail app on iPhones and MacOS, Outlook on Windows, etc. An MUA needs to configured with the domain names of the user’s outbound and inbound email servers. MUAs live on user machines, like laptops and phones; MTAs are servers, and are run by corporations, ISPs, and mail providers like Google. And there’s a third piece, an inbound mail server. A receiving MTA hands off the mail to the inbound mail server; the MUA talks to it and pulls down email from it.

Webmail systems are a bit funny. Technically, they’re remote MUAs that you talk to via a web browser. But they still talk to MTAs and inbound mail servers, though you don’t see this. The MUA and MTA might be on the same computer for a small operation (perhaps running the open source squirrelmail package); for something the size of Gmail or Hotmail, the webmail servers are on separate machines from the MTAs. However, foldering doesn’t involve an MTA. Rather, it involves composing messages and leaving them in some folder. The folders are all stored on disk—as it turns out, on disk managed by the inbound mail server, even though you’re composing mail. (Why? Because only inbound mail servers and MUAs know about folders; MTAs don’t. The MUA could have a draft mail folder (it probably does), but by sending it to the inbound mail server, you can start composing email on one device and continue from another.)

Webmail systems are, as I said, MUAs. For technical reasons, they generally don’t have any permanent folder storage of their own; they just talk to the inbound mail server.

So: foldering via a webmail system involves a web server and an inbound mail server. It does not involve an MTA—and that’s important.

If you’re trying to engage in covert communications, you’re not going to use your own mail systems—it’s too obvious what’s going on. Accordingly, you’ll probably use a free commercial email service such as Google’s Gmail or Microsoft’s Outlook. The party with whom you’re communicating will do the same. Let’s follow the path of a typical email from a Gmail user (per the usual conventions in cryptography, we’ll call her Alice) to an Outlook user named Bob.

The sender logs in to Gmail, probably via a web browser though possibly via an MUA app. Even back in the mists of time, the login connection was encrypted. However, until 2010, the actual session wasn’t encrypted by default, though users were able to turn on encryption since at least 2008. Let’s assume that our hypothetical conspirators or lovers were security-conscious, and thus turned on encryption for this link. That meant that no eavesdropper could see what was going on, and in particular could not see who logged in to Gmail or to whom a particular email was being sent. After Alice clicks "Send", though, the webmail MUA hands the message off to the MTA—and that’s where the security breaks down. Back then, the MTA-to-MTA traffic was not encrypted; thus, someone—an intelligence agency?—monitoring the Internet backbone would see the emails. Bingo: our conspirators are burned. And even if we’re talking about simple legal processes, the sender and recipient of such email messages are (probably) legally metadata and hence are readily available to law enforcement.

Suppose, though, that Alice and Bob used foldering. There are no MTAs involved, hence no sender/receiver metadata, and no unencrypted content flowing anywhere. They’re safe—or so they thought…

When Alice logs into Gmail, her IP address is recorded. It, too, is metadata. An eavesdropper doesn’t know that it’s Alice, but her IP address is visible. More importantly, it’s logged by Gmail: user Alice logged in from 203.0.113.42. Oddly enough, "Alice"—it’s really Bob, of course—logged in from 198.51.100.17 as well, and those two IP addresses aren’t physically located anywhere near each other. That discrepancy might even be logged. Regardless, it’s in Gmail’s log files, and if Alice or Bob are under suspicion, a simple subpoena for the log files (or a simple hack of the mail server) will show what’s going on: these two IP addresses are showing a decidedly odd login pattern, and one of them belongs to a party under suspicion.

So where are we, circa 2010? Suppose neither Alice nor Bob were suspected of anything and they sent email. An intelligence agency monitoring assorted Internet links would see email between the two of them; if one was being targeted, it would be able to pick off the contents of the messages. If they used foldering, though, they would be much safer: there wouldn’t be any incriminating unencrypted traffic. The spooks would see traffic from Alice’s and Bob’s IP addresses to Gmail or Outlook, but that’s not suspicious. The login names and the sessions themselves are protected.

Suppose, though, that Alice and/or Bob were under suspicion by law enforcement. A subpoena would get the login IP addresses; the discrepancy would stick out like a sore thumb, and the investigation would proceed apace.

In other words, in 2010 foldering would protect against Internet eavesdropping but not against law enforcement.

The world is very different today. Following the Snowden revelations, many email providers turned on encryption for MTA-to-MTA traffic. As a consequence, our hypothetical intelligence agency can’t see that email is flowing between Alice and Bob; it’s all protected. If they’re being investigated, of course, a subpoena will show the email—but the same sort of subpoena would also show the login IP addresses.

Where does that leave us? Today, an attacker with access to log files, either via subpoena or by hacking a mail server, can see the communication metadata whether Alice and Bob are using foldering or simply sending email. An eavesdropper can’t see the communications in either case. This is in contrast to 2010, when an eavesdropper could learn a lot from email but couldn’t from a foldering channel.

Conclusion: if Alice and Bob and their mail services take normal 2018 precautions, foldering adds very little security.

https://www.cs.columbia.edu/~smb/blog/2018-08/2018-08-08.html