How Do Hackers Send Emails?
Could you learn privacy tips from them?
There are some people out there who would not risk, at least in certain instances, sending emails using an ordinary, everyday email account like Gmail, Outlook, or their company's email.
Who might they be?
- People on the run from the law
- Paranoid about privacy
- Whistle blowers
- Someone who would simply like a hack-proof way to send a message now and then
If you read between the lines, that means that the email platforms we all use are only relatively secure, and surely not eavesdrop proof.
The solution for those who don't want to risk being traced, tracked down, or having their communications read in any way isn't to avoid email—rather, it's to send encoded, undecipherable, unbreakable—encrypted—emails.
That was the case with the infamous hi-tech contractor Edward Snowden, who as of March 2017 was still wanted in the U.S. for leaking intelligence secrets online that he stole from the National Security Agency. He must keep a low profile, but there came a time that he wanted to email a journalist who was creating a documentary on whistle-blowers.
Needing to stay invisible, he did not rely on an email platform must of us would use (Yahoo, Comcast). Instead, he went to great lengths to send encrypted email messages using a totally different email mechanism.
"Pretty Good Privacy."
The most popular method of email encryption is PGP, which stands for "Pretty Good Privacy." It was created by a man named Phil Zimmermann, who also created a free version called "OpenPGP." (If do a little poking around, you'll likely find a few other versions.)
To swap encrypted email messages, users obtain digital "keys" to send and receive messages. Not only is the message encrypted, but even if it were intercepted, it could only be unlocked and decoded if the snooper had the key...which he wouldn't.
The most-used encryption format is asymmetrical encryption and features two keys. The two keys are different yet mathematically related:
- A private key that that stays on your computer that you never share.
- A public key that you give to people to send encrypted messages.
PGP is not an easy platform for the average person. Security experts say that encryption technology is just too complicated for most people ever to become mainstream.
What about the rest of us?
Are we all at risk every time we use our every day, we-never-worry-about-it email programs?
The answer is both no and yes. Many mainstream email providers are taking steps to build encryption into their platforms, but it doesn't ensure 100% privacy.
Gmail from Google is used by more than 1 billion people globally. Today Google says Gmail provides encrypted email on both incoming and outgoing email messages. The mechanism that Google used for encryption is known as TLS, for Transport Layer Security.
TLS is built right into the Gmail platform: there's nothing that you or I need to do to have our emails encrypted. Here's what Google itself says about user privacy and encryption:
Encryption with Transport Layer Security keeps prying eyes away from your messages while they're in transit. TLS is a protocol that encrypts and delivers mail securely, for both inbound and outbound mail traffic. It helps prevent eavesdropping between mail servers — keeping your messages private while they're moving between email providers."
With Gmail and TLS, if a hacker were to intercept your messages in transit, they would (in theory) not be able to read your emails.
There is a catch, however.
To take advantage of TLS, the people you're emailing with also need to be using an email format that features and supports TLS. If not, the chain of encryption is broken.
It's like this. You send letters back and forth to a friend. You use a secure, private P.O. Box to receive letters, but your pen pal only has a mailbox in front of their home. Your communications with each other stand a greater chance of being intercepted and read. (Unless you wrote it in some obscure language.)
Sorry. Not good enough.
Those like Edward Snowden and others who worry about their privacy don't trust public platforms like Gmail. They'll say that all your emails are stored in some cloud, unprotected, and could easily be read at any time by anybody.
Then again, he has something to hide.
Chances are, if you're mostly emailing friends to invite them to a party, your dentist to cancel an appointment, or your cousins in New York to say you miss them, you shouldn't worry too much about your emails.
And even if your correspondence gets private (sensitive medical or personal topics), the likelihood is your emails aren't being read by anyone. Many websites provide secure connections.
But times are changing, and authorities have been given more power to look into the online lives of citizens, even if you haven't done anything wrong.
So, watch what you do...and maybe do a little reading on encryption.