Trinidad and Tobago emailgate: Digital forensics could prove if Keith Rowley is lying | Baltimore Post-ExaminerBaltimore Post-Examiner

Trinidad and Tobago emailgate: Digital forensics could prove if Keith Rowley is lying

Kamla Persad-Bissessar at a rally with her supporters.
(From the Prime Minister's Facebook page)

What’s the difference in the email scandal that rocked Trinidad and Tobago and the one that cost General David Petraeus’  his  job at the CIA?

None.

That’s the opinion of Umesh Varma, a technology professor at Cambell University in North Carolina.

Professor Umesh Varma of Cambell University is an internationally recognized expert in the field of digital forensics.

Professor Umesh Varma of Cambell University

Varma told the Baltimore Post-Examiner  that in Petraeus’s case, a digital footprint was found that investigators used as proof of the General’s inappropriate behavior.

“The two cases are the same. The only difference is that in the General’s case there was a successful link established between client and server computers… some information can be gathered through Google cache (what investigators call “metadata” of email). Hard copy does not normally show metadata. Most of the metadata resides on mail servers.”

In the case of Rowley, hard copies reportedly only exist.

“You can always challenge the hard copy emails. It is unlikely that someone can change server logs to trap another person. Server logs are system generated. Any tempering would be caught easily using anomaly detection,” Varma said.

How Petraeus got caught

Petraeus’s affair with his biographer Paula Broadwell is what landed him on a slippery slope after Broadwell sent emails to another woman’s computer, which included contents of messages that appeared to have come from Petraeus’s email account. Investigators thought there was a cyber breach.

The United States Justice Department and other high-level officials, including Attorney General Eric Holder, were aware of the investigations into General Petraeus.

After months of investigating, certain parts of the investigation were approved, in particular, the metadata information from the servers, the actual center of digital communications where all data, processed through emails, are stored forever, even if one deletes the actual sent and received messages on their personal computers. The messages can still be combed out of the Google server.

Opposition leader MP Keith Rowley could find himself in trouble if he can't prove his claims.

Opposition leader Keith Rowley could find himself in trouble if he can’t prove his claims. (Screen shot)

“Over the course of the probe, prosecutors realized there wasn’t a cyber-breach. Instead, Mr. Petraeus had shared some access to the account. How was it established? From the evidence from server logs, with Ms. Broadwell, possibly to exchange messages, these people (investigators) said,” noted Professor Varma.

Why Rowley’s emails won’t stand in court

Varma explained that in the case of opposition leader Keith Rowley, he only presented hard copy emails, which are not proof of an authentic exchange between the parties accused.

Another challenge with the hard copy emails is that it can be seen as email spoofing, where hackers gain unauthorized access to someone’s computer and send messages to another’s as if the messages are coming from a trusted host.

Varma said anyone can create hard copies of what looks like an email exchange between persons and present it to the police if the contents are incriminating in nature. But it cannot be used as proof in a court of law in the absence of the electronic exchange between the parties.

Emails could have some truth in them

Kamla Persad Bissessar and U.S. Vice President Joe Biden during the Vice President's recent trip to Trinidad and Tobago.

Kamla Persad Bissessar and U.S. Vice President Joe Biden during the Vice President’s recent trip to Trinidad and Tobago.

Varma explored the theory that Rowley’s batch of emails might be true, but said if there was indeed such an exchange, it could have been doctored.

“If the government officials were involved in email exchanges (server has associated metadata), accept the fact that email indeed was generated, but the content of the messages were altered to frame the government. The only way to verify if the content was not altered was to create a hash (MD5) value of the message and compare at both sending and receiving end, which was not done. Why? Once you print a document (printout of e-mails) the hash value of message changes (remember, there are no digital signatures attached). There is no way on earth the accuser can prove that the message was NOT altered. If the sender ‘message’ and the receiver ‘message’ hash do not match the court does not consider the evidence credible.”

“So, the government’s argument: yes, it’s our email (based on server identification) but the message body was altered to frame us,” Varma said.

How General Petraeus could have saved his job

In the case of Petraeus, Varma said he could have saved his job if there was no metadata available on the servers to connect evidence to his computer or tablet.

“He could have argued that he is the victim of e-mail spoofing/network traffic tempering/network packet injection etc. Even a copy of e-mail on his computer does not prove anything because anyone could have hacked into his PC and planted the contents. It is the investigator’s ability to connect and extract the relevant metadata (e-mail headers, URLs, IP addresses, DNS entry, routing information, date, time, any signatures etc.) to the e-mail in question can make or break the case.”

Former CIA Director and retired U.S. Army General David Petraeus was caught in a digital web of metadata. (Photo from Wiki commons)

Former CIA Director and retired U.S. Army General David Petraeus was caught in a digital web of metadata.
(Photo from Wiki commons)

If Petraeus wanted to have an affair without getting caught Varma’s advice is the General should not have used the phone or e-mails as communication methods.

“Just go to your web-based email and write the mail and leave it in “Draft” folder and let the girl friend read from “draft” (assuming he shares his ID/PW with the woman) and never click the “SEND” button (means you are not generating any server traffic, no server logs of e-mails, no metadata to discover, not using any email protocols – SMTP, POP, IMAP etc. – and the “other” person reads the mail from “Draft” and simply delete!),” he said. “You can fool the entire law enforcement and forensics experts and never get caught. And still be able to communicate. It’s a low tech solution but works.”

Varma said  “all the connected servers would keep most of the metadata. As long as a person has not e-mailed anything there is no way any/all servers would connect their metadata to the person’s computer.”


About the author

Marcia Braveboy

Marcia Braveboy is a journalist from Grenada who has been living in Trinidad and Tobago for the past 11 years. She has more than 20 years of experience in media, mainly in copy writing, news and broadcast journalism. Braveboy was a senior reporter at Power 102 FM radio, CNC3 television and producer of the investigative Frontline program on CCN’s i95.5 FM talk-radio station. You can follow Marcia on Twitter: @mbraveboy Contact the author.
COMMENT POLICY
  • Christian Hume

    If the Government of Trinidad and Tobago REALLY wants to get to the truth of this, they will contact Google and Microsoft and ask for full disclosure of all the digital footprints and so on. Anything short of that, its because they have something to hide, something that a real digital forensics probe would uncover.

HOME / ABOUT / CONTACT / JOIN THE TEAM / TERMS OF SERVICE / PRIVACY POLICY / COMMENT POLICY