Malware authors use Gmail drafts as dead-drops to talk to bots


#1

[Permalink]


#2

I’m amazed the gmail accounts don’t get locked automatically when they’re signed into from all over the world hundreds of times per day.


#3

It’s not entirely clear what advantage this has over having two gmail accounts and emailing the commands from one to the other. In both cases, the message is stored on Google’s servers, and in both cases both parties have to log into GMail.

Being a “dead drop” sounds more secretive and spyish than just emailing, I guess.

Particularly in the case of General Petraeus, it’s just silly for him to have thought that it was any safer. It “feels” safer because it “feels” like the message doesn’t “go” anywhere, but that’s just our intuition being wrong about how email works. Whether it’s one or two GMail accounts, the message goes to Google and is downloaded separately onto two different computers.


#4

I think the idea is that government survellence tends to happen on data in flight–the email is only scanned once it is “sent”, so by never sending the data you are less likely to be spotted.

Or, it’s just easier to have a single account instead of two and everyone logs into the same account.

But to reiterate the point about the account getting locked, I had Google lock my gmail account once when I was just flying across the country. The geographically distinct logins apparently triggered some sort of protection on their end, and I had to go through the SMS code to my Phone unlock thing to get it back.


#5

I don’t think that there’s evidence for that. “In flight” is just how we imagine email working. If it’s from one GMail account to another, it’s all staying on the same server. It can be just as simple as copying a database record from one row to another.

There’s nothing magical about the 0.0003 seconds an email spends “in flight” between users – it’s not the USPS. If the government wants to read your email, they’ll just read it from where it’s sitting on the server.

(Note, one email provider to another is more vulnerable, because you only need to have access to one of them.)


#6

It depends how the collection works. The government doesn’t build a custom solution for every provider (although they may have custom solutions for Gmail, Hotmail, and a few other biggies), they have a box they drop on the network that is designed to sniff SNMP.

Gmail isn’t just one server either. They may not use SNMP internally, but mail that is sent does have to traverse the network.


#7

SMTP, perhaps?
[nitpick]


#8

This topic was automatically closed after 5 days. New replies are no longer allowed.