Why David Petraeus’s Gmail account is a national security issue

http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/10/why-david-petraeuss-gmail-account-is-a-national-security-issue/

Some of the most powerful foreign spy agencies in the world would love to have an opening, however small, into the personal e-mail account of the man who runs the United States’ spy service. The information could have proved of enormous value to foreign hackers, who already maintain a near-constant effort to access sensitive U.S. data.

If Petraeus allowed his Gmail security to be compromised even slightly, by widening access, sharing passwords or logging in from multiple addresses, it would have brought foreign spy agencies that much closer to a treasure trove of information. As the Wall Street Journal hints, investigators were concerned about Petraeus’s Gmail access precisely because of the history of foreign attempts to access just such accounts:

Security officials are sensitive to misuse of personal email accounts—not only official accounts—because there have been multiple instances of foreign hackers targeting personal emails.

A personal e-mail account like Petraeus’s almost certainly would not have contained any high-level intelligence; he probably didn’t keep a list of secret drone-base coordinates on his Google docs account. But access to the account could have provided telling information on, for example, Petraeus’s travel schedule, his foreign contacts, even personal information about himself or other senior U.S. officials.

<snip>
And, as a Wired magazine investigation demonstrated in August, personal e-mail accounts often allow hackers access to other personal accounts, worsening both the infiltration and the damage.

All of this might sound a little overly apprehensive – really, U.S. national security is compromised because the CIA director’s personal Gmail account might have been a little easier to hack? – until you start looking at the scale and sophistication of foreign attempts to infiltrate U.S. data sources. Chinese hacking efforts, perhaps the best-known but nowhere near the only threat to U.S. networks and computers, suggest the enormous scope and ferocious drive of foreign government hackers.

Some Americans who have access to sensitive information and who travel to China describe going to tremendous lengths to minimize government efforts to seize their data. Some copy and paste their passwords from USB thumb drives rather than type them out, for fear of key-logging software. They carry “loaner” laptops and cellphones and pull out cellphone batteries during sensitive meetings, worried that the microphone could be switched on remotely. The New York Times called such extreme measures, which also apply in other countries, “standard operating procedure for officials at American government agencies.”

<snip>

Of course, the CIA director is not the Chamber of Commerce, which may explain why the FBI’s counter-intelligence monitoring is so sensitive that just Broadwell’s access to his Gmail account triggered an investigation. But the fact that the FBI looked so hard and so carefully – and that Petraeus lost his directorship of the CIA over an intrusion that many of us might consider minor or even routine – underscores the potential risk to U.S. intelligence entailed in Petraeus’s, or Broadwell’s, alleged misuse of his personal account.