Last week there was an article in most English-speaking outlets about the group Anonymous hacking a conference call from the FBI to Scotland Yard on January 17, and releasing the contents to YouTube. The group was able to access the call because it allegedly obtained an email from the FBI to law enforcement agencies in various countries giving details of how to dial in to the call. Of course it is quite embarrassing for two of the world’s foremost law enforcement agencies to be subject to such a breach in security. It is not known whether the information provides critical details for current investigations and whether those investigations were compromised by the leak. The FBI, which is investigating the incident provided the following statement: “The information was intended for law enforcement officers only and was illegally obtained. A criminal investigation is under way to identify and hold accountable those responsible.”
What is more of concern to us today is — if it can happen to Scotland Yard and the FBI, how secure are MY emails? The answer is, “not at all.” Emails that are sent unencrypted over an open Internet line (the way most of us send our email) are subject to being intercepted. People can employ electronic devices on Internet lines to read emails and other transmissions. That is to say, someone other than the intended individual can intercept an email, without the sender or receiver being aware of that fact. Or, if either party has inadvertently installed spyware on his or her machine, the spies do not even need to intercept the email if it can be diverted automatically.
So, what does a user do to protect him or herself? First and foremost, remember that emails are not generally secure, and that they should not contain sensitive information. Social security numbers, credit card numbers, passwords, and other critical information should never be sent via email. If it could represent the loss of money, security, privacy or identity, it should not be put in an email because it is too easy for it to be stolen. That means that you should never do business with a vendor that that wants you to send information about your accounts via email OR that sends your full credit card number back to you in an email as a receipt.
Second, be cautious about using open networks. Many of us use non-secured networks at coffee shops, hotels, and other places where we want to conduct business. If you have a wireless network in your home, ensure that it is a password protected network. Open networks are particularly easy to breech, and their use increases the likelihood that your email will be intercepted.
Third, use virus and malware protections on your computer to be sure that your email is not being monitored before it is ever sent.
Remember, a massive number of emails are sent each day. One site estimated that in 2010, there were, on average, 294 billion emails sent per day. The odds of someone finding your email and acting upon it are quite low. However, care in what you put in the email will help protect you if someone does intercept your email.
Post note: There is a nice tutorial I recommend: 9 Things You Must Absolutely do to Keep your Online Identity Secure