The Sanford lesson: How private e-mail gets hacked

Is anyone’s e-mail really secure? In an interview Friday, David Setzer, CEO of Mailprotector, a global e-mail security company, said that if he had to guess how Gov. Mark Sanford’s e-mails had been exposed, he believed it was someone close to the governor who had access to his e-mail account.

Setzer wasn’t far off. It now appears that it was actually a former beau of Sanford’s Argentine mistress who had access to her account and found the salacious messages. This jealous fellow appears to have been the culprit who leaked the e-mails to the press.

Could this happen to any business leader or high profile public person? Seems Sanford proved it can.

Any executive whose assistant has routine access to the boss’s’ e-mail or computer can easily find private messages either on the business e-mail account or on other personal accounts merely by navigating to the e-mail software that accesses those messages.

This software could be based on the Internet — say a Google mail or AOL mail account that is accessed by visiting a Web site and signing in.

Even an Outlook account could be easily viewed, if the assistant or co-worker had the user name and password.

Setzer says it’s unlikely a guy like Sanford would use the South Carolina government e-mail system to communicate with his lover. Those e-mails, says Setzer, would be subject to archiving by law.

Many corporate e-mails have the same restrictions because of  regulations that govern how companies operate.

But there’s nothing to stop anyone from acquiring a free, off-the-reservation e-mail account that can be used to send messages around the world somewhat anonymously.

It’s important, says Setzer, that if you’re going to use a personal e-mail for private communication that you pick a provider that uses TLS or another e-mail encryption technology.

Without it, an e-mail is just like a postcard; anyone can flip it over and read what’s written.

Setzer recommends using one of the larger, free services that’s secure. Many are not. (To see if your free, Web-based e-mail account is secure, look in the Web address to see if it starts with “https”; if it just says “http” then you’re not using a secure server.) The advantage of the large services? The bigger the service, the more obscure its users.

“There’s security by obscurity,” says Setzer.

Using the same service as the person you’re communicating with also means your messages never leave the provider’s servers — another level of insurance against sniffing by hackers.

But in the end, says Setzer, once someone else learns your user name and password, even your encrypted e-mail isn’t safe.

For that reason, don’t cache (save) your login and password to any computer — even your personal laptop. Because all you’ll need to do is leave the room for a moment before someone sits down at the screen finds it.

Another safeguard: Change your password regularly. Yes, it’s a hassle, but you’ll save yourself a world of hurt by taking this easy step on a routine basis.

And finally, learn the rules of creating a highly secure password. They include:

  • Don’t use personal info. It’s simple, especially in these days of Facebook and MySpace, for hackers to figure out your kids’  and pets’ names, your birthdate or other commonly used specifics.
  • Don’t use real words. There’s now software that can quickly enter every real word in the dictionary so it can be tried as the passcode for your account.
  • Use a mix of characters. Include letters and numbers, upper and lower case.
  • Use a passphrase. This is a “word” you make up by picking a line of dialogue or lyrics and using the first letter of each word to craft a unique phrase.

Leave a Comment

Your email address will not be published. Required fields are marked *