Our Nation Has Incompetents At Its Highest Levels

| |

Top Tier Gear USA

I’m literally having trouble breathing right now I’m laughing so hard, and in addition I spat my afternoon espresso all over my keyboard, so if there’s a letter that is missing in my text, that’s the reason (I shorted it out!)

It is being reported by CNBC this afternoon (I just heard it) that Petraeus and his mistress, in an attempt to conceal their email traffic, had a “shared” Gmail account and used the “drafts” folder as a means of communicating; each would sign in, write a “draft”, not send it, then the other would sign in and read it, etc.

Of course this leaves the actual text exposed all over the place, and what’s worse is that it probably leaves these “drafts” all over backup media in unencrypted form as well.

Now let’s recap:

This is the chief of our spookworks and he can’t manage to figure out how to send a secure email message to his mistress!




THIS is the state of so-called “cyber-security” at the highest levels of our supposedly-secure “government”?

It is utterly trivial to grab a free copy of PGP and Thunderbird (or your other favorite program) along with the Enigmail plug-in and create anextremely strong encrypted email transport system for your own private use.  You can do the same thing with AGP and K9Mail on Android for you Android phone users.  You can look up my public key on my home page if you’d like (or on any of the many PGP keyservers) and send me an encrypted (or signed and encrypted) email.  (By the way, if you do that use the newest key — I literallyforgot the passphrase on the older keys and as such if you use them not only you not decrypt it but neither can I!)

If you do, and the spooks (like, for instance the FBI) intercept your message they’re going to have a lot of fun trying to read it no matter where they intercept it — on your computer, on my computer, on one of the computers between you and I, anywhere.

Their options are to try to compel me to give up the passphrase to unlock the private key necessary to decrypt the message (e.g. by torturing me), hope I saved the message somewhere unencrypted (or that you did) where they can find it in plain form or to try to break the private key’s passphrase with brute force, which takes a lot of computer power.

I have no doubt that eventually they can accomplish breaking the lock on the keyfile, but it might require enough time and computational effort that it’s not worth it.  For example, they might be able to break it in 40 years, but odds are I’ll be dead first and thus I don’t give a damn if they can break it in that amount of time or not.

I’m only interested in whether they can break the lock before the message’s useful life expires.

Now there are those who argue that so-called “public key” cryptography is in fact insecure and that our government has compromised it and has a “back door” into all of it.  Maybe they do and maybe they don’t but it’s utterly certain that it takes a lot more effort on their part to intercept a message encrypted in such a fashion than one that isn’t encrypted at all!

The real scandal here isn’t, in my view, whether Petraeus was having an affair or even if he disclosed classified secrets to his mistress.  Indeed, that’s one of the things you have to assume when there’s a “honey” involved; “honey pots” are by definition dangerous from a operational security point of view in that in the purely-mundane view with zero intent to disclose you might talk in your sleep and as such anyone you share a bedroom with could plausibly hear something that you know and is classified!

No, the real scandal here is that our so-called “Chief Spy” is too functionally-illiterate in cyber-security to manage to send a message to his mistress that is end-to-end encrypted and thus unreadable by the FBI. 

As such we all must assume that similar stupidity permeates official message channels and our enemies can read the messages just as easily as the FBI did.

Our nation has incompetents at its highest levels involved in essential government functions where competence is assumed by everyone.

We’re ****ed.

Delivered by The Daily Sheeple

We encourage you to share and republish our reports, analyses, breaking news and videos (Click for details).

Contributed by Karl Denninger of Market Ticker.

Wake The Flock Up! Please Share With Sheeple Far & Wide:
  • brandon

    Doesn’t surprise me. Most of the nations leaders in Government and Military know next to nothing about the field they are in charge of. That alone is pure incompetence. Even in business I find it ridiculous some department head comes in with no experience other than business and ends up running the whole thing.

    It happens, and sometimes there is success, other times brutal failure ensues. As far as encryption and the paranoia people have behind it. Watch criminal cases where it’s often used. Unfortunately they are usually pedophilia cases, but there are multiple events that have transpired in recent years where the government has spend months brute forcing files with no success. This has resorted to using the legal system to force the user to hand over their key. The government doesn’t have the computing power, time, or money to brute force anything that would take just a few years to brute force. The NSA? Who knows, but I’ll call BS on them being able to break a 25 character key of upper/lower/special characters/numbers.

  • Locus

    The idea of communicating through saved drafts on webmail accounts was also proposed by Lennie James (as character Robert Hawkins) in the series ‘Jericho’. At the time it was more silly than effective since none of the major webmail providers did HTTPS. If you do that today from a safe computer, Google and (by warrant) the FBI will be able to browse your mail, but in theory the vacuum cleaner slurps at interchange points (your ISP, the NSA, Chinese etc.) will not see plain text. But I do not trust that theory either, I believe it possible — even likely — that the SSL private keys for gmail and other webmail servers are routinely leaked to NSA so they can parse SSL handshake and easily watch webmail sessions.

    The author has a point that end to end with PGP is the only ‘real’ security, but make no mistake, maintaining a secure local computer for PGP that can be confiscated without revealing your secrets… is no easy task, unless you and your secret mistress learn linux, use a securely encrypted filesystem, avoid web browsers entirely and use no-frills (text and attachments) methods of end-to-end communication. But even then it is obvious to the spoooks that encryptiion is happening. It is a far better idea to chuck this whole cloak and dagger spook business and live among the Amish, adopt their way of live and strive to be worthy enough that you may catch the eye of a fine woman.