Tuesday, November 01, 2016

On the Topic of Private Email Servers

I would like to explain for the common people of the United States why it would make sense for someone to use a private email server setup on a laptop.  Much has been made by the Republican Party of HR Clinton’s choice to do so, with people calling her a traitor for doing so.  I have always found these accusations to be absurd.  Why?  Because there are valid and legitimate reasons why in the interest of national security someone in intelligence would want to have available and make use of a private email server.

I will explain to you why this is so based on solid technical expertise, and then ask you to form your own conclusions. I'm trying to provide enough technical information without dumbing things down, but I have attempted to simplify certain concepts.

My Credentials
This is based on my 25 years of expertise in software.  My expertise covers operating systems from Windows 3.1 to Windows 10, programming languages starting with C, C++, Java, and then C#, as well as experience programming at the network-stack level on operating systems.  Configuration of firewalls, design and configuration network architectures, network server configuration, and experience at multiple levels of network communications between computers.
I also have experience using Linux and have configured my own private email server before in Linux.  I have also had opportunity to work with, as a contractor, government and quasi-government organizations and law enforcement agencies, and have seen first hand how backward and antiquated their policies and  processes are, and the resultant technology is.  In addition to all of this, while I don’t work in the field of computer security, I keep up with all the articles on all the latest security issues, new viruses and hacks, exploits and so on, as a matter of my own ongoing continual professional development.

First Some Basics in Hacking
The one thing that is always essential in hacking is this: knowing the IP Address of the computer you are attempting to hack into.  All computers, when connected to the Internet, have a unique address that allows all communications to reach them.  Without this address, it is not possible for any internet messages or communications to reach that computer.  This address is unique each time the computer is plugged into a new network.  When your computer sends messages out, the computer on the other end (yes, there is always a computer on the other end) learns the IP address of your computer in order to send a response.  Your computer maintains a cache of IP addresses it knows and can connect to also.  This cache can be manipulated and modified locally by an administrator logged into each local computer.

How a “hacker” would spy on a computer?  A hacker has software that spies for them.  The hacker must tell it what IP address to spy on.  Without knowing the IP address to spy on, there is no possible way for the hacker to spy on that computer.

(There will be some that dispute this saying: “what about knowing the MAC address?”  But the fact is that the MAC address, which is generated by hardware on your computer and “technically” cannot be changed, is easily changed with various software packages that allow the IP Stack to spoof MAC addresses.  So that’s not a valid argument.)

In a nutshell your computer needs to know the IP address of any other computer it talks to, listens to, or spies on.  It is an absolute impossibility to spy on a computer otherwise.

How this works in real life:  You plug your computer into your internet at home or work.  (Or you turn on the Wifi.)  Your computer talks to a server that gives you an IP address.  At home this “server” is probably software running on your Wifi router or a device given to you by your Internet Provider.  Usually, in the office environment, or at home,  your server will give you the SAME IP address every time.  Keep that in mind.  It will be important to consider later.

Now that your computer has an IP address it can talk to other computers.  You’ve launched your web browser and it is trying to get to www.google.com.  Your computer still knows the IP address from www.google.com from the last time you used it.  Your browser sends a message to www.google.com saying essentially “show me your web page.”  The server at Google your computer is talking to thinks, “sure” and grabs your IP address and sends a web page back to your computer.  Your computer catches this message and displays that web page in your browser.

If you have an email client like mozilla, or outlook, or some other email client (rather than using email in a browser like gmail or hotmail), something similar happens when you launch that email software.  The email software is configured to know the name of your email server.  It sends out a message to it’s server: Give me the IP address of mail.mycompany.com.  It gets this IP address and now it can talk to that mail server.  It sends a message: give me all my new emails.  The server on the other end sees  your computer’s messages and starts sending all those mails to your computer’s IP address.

The computer's IP address is key to ALL such communications between computers.  Whether you are logging on in a chat window, or launching an online game, or going to a web page, or fetching your email, it always works the same way.  Your computer contacts some server by knowing its IP address, and that server replies to the IP address that contacted it.  Essentially all computers know nothing about one another except for their IP address!

One more important consideration.  As I mentioned before, when you plug in your laptop at home or at work, most likely you are always getting the same IP address.  But even more important is this: the important servers out there in the world ALWAYS have the same IP address.  The servers generally have to keep using the same IP address or else connections to them would not know where to find them.  Servers can sometimes change IP addresses but it is rare and infrequent because it causes disruptions in internet traffic.  It usually only happens when there is some major server upgrade at the company providing the servers.

How This Relates to Spying
Now that you’ve got the basic concepts of internet communications down, consider this:  because messages are traveling across the internet between computers it is possible to spy on those messages.  But your spy software has to know an IP address of what to spy on.

It is easy for hackers to create spy software and make it available for other hackers to download.  It is easy because all the internet traffic out there is public.  It is easy to spy on something that is public.  It would be much like setting up a video camera by the side of the road in order to keep track of all the cars that go by.  But there is an insane amount of data traveling around the internet.  It would not be possible even if a computer could capture everything to keep track of it all and sort it all out.  In fact, all the storage space of all the computers in the world would not be enough to store it all, because unique messages are generated constantly between computers, multiple computers by the millions requesting the same data, and so on.

The only way for a hacker to actually spy on any computer is to know that computer’s IP address.

Let that sink in for a while.  This is the most important thing I’m going to say here.  You really need to understand that.

So for example, spy agencies all over the world try to spy on key servers.  For example, probably every country in the world is attempting to spy on the traffic that goes to mail.nsa.gov (or whatever the mailserver for the NSA is called) or mail.irs.gov, and so on.  What prevents the spy agencies from being successful (theoretically) is that all these messages transmitted are encrypted.  When you use the https:// prefix before a web page, instead of just http:// your data is being sent encrypted.

But they are still able to capture that data.  Anyone can capture that data. They can capture it and then set their little armies of software engineers onto the task of cracking the encryption.

We have seen that every few years slightly harder levels of encryption are cracked, and so the encryption levels need to be increased again.  We see time and again various viruses or malwares taking advantage of exploits in these layers of encryption.  Encrypted traffic is not and can never be 100% safe.

So, let me back up to something I mentioned earlier.  When you are at home or the office and you plug in your laptop, it gets an IP address, but usually the same one it always gets.  Home and office networks are designed that way to make it quick to get on the internet.

But when you are in a public place: a library, a bookstore, a coffee shop, a hotel room, and so on, your computer gets a DIFFERENT IP address every time it plugs in.  There is no possible way to spy on a computer like that because the hacker’s spy software cannot possibly know your IP address, or what it will be from one time to another.

Let that sink in again, please.

Let me replay this all in the form of an analogy: let’s say at home I have a very secure room full of all my treasures.  A single key unlocks the door to this room.  Let’s say that somehow for the sake of argument the walls of this room are impenetrable.

If I put that key in a safe, all a person has to do is crack the safe and get the key to enter my treasure room.  But let’s say instead I have a giant bucket of 100,000 keys.  (Not every practical, really, but it illustrates my point.)   I know exactly what my special key looks like based on coloration and shape.  So I can just toss my key in that bucket and pull it out to open my secure room.  This is called security by obfuscation.  Depending on the circumstances it can be a much better form of security that security by a passcode.

In case I am not making my point, let me put it in more practical terms:  

If I fire up my email client on my laptop, that email client is going to connect to some email server at a static (non-changing) IP address on the internet and send and receive email.  This can be easily spied upon but it would be difficult to decrypt the data.  Difficult, but possible, because the data is being spied upon and captured (no way to avoid that as it travels over public conduits) it just needs to be decrypted.

If I have my own private email server running on my laptop, what would happen instead my client software would connect to my email server (without ever going out on the internet) and send and receive all my email.  But then that email wouldn’t really be transmitted across the internet until I plug that laptop in: at a coffee shop, hotel room, library, etc. When I do plug that laptop in, the email won’t be transmitted to mail.nsa.gov but instead transmitted to other individual email servers all over the world, and sometimes through various proxies.  Why?  Because I’m not using mail.nsa.gov to send my email, I’m sending it through my private email server.

Because my laptop is going to get a unique IP address the moment I plug it in at a coffee shop, there is no way to spy on this laptop.  Because the email server will send these emails to other emails servers all over the world, there is no way to spy on this email traffic either.  You cannot guess what email servers, routers, or other network infrastructure components will be used sending these emails.

And, if my email on my private server is also encrypted, this makes it even more impossible to spy upon.

Please Draw Your Own Conclusions
Now that you know more about the way the internet, computer communications, and email transmission works, I ask you to draw  your own conclusions.  Has one political party made a huge controversy about these things because of their own ignorance or deliberately with malice to try and tip the scales in an election?  Because I’m a good guy, and have worked for the government on contract before, and have personal knowledge about the level of sophistication in our government IT policies and infrastructure, I’m going to go with “stupid.” But you draw your own conclusions.

It could be that government policies were broken by someone using a private email server.  I have no idea.  The cops break the law every time they exceed the speed limit to go to an emergency, and yet I don’t care.  Our government internal policies and processes are dozens of years out of date, embroiled in red-tape, and so on.  Why should I be surprised when someone breaks them?

But in my opinion is it absolutely and with definite certainty not “betrayal” of our country.  And there are legitimate reasons why someone in government (especially someone responsible for national security) may wish to put a private email server on their computer.  

Thanks for reading and I hope you take this to heart.

No comments: