Using draft emails to exchange secret messages

In a BBC radio 4 programme a chap was talking about his attempts to recover some British people who had been kidnapped in Iraq.

The kidnappers used an ingenious means of communication. They opened a webmail account and sent the password to the negotiator. Whenever the two sides had  to communicate one party would write an email message, but instead of sending the message they would save it as a draft.

Later the other party would open the account and read the draft email. If they wanted to reply they would add to the draft.

Because the messages were never sent over the internet  they were invisible to traffic interception and data retention.

The method is certainly more secure than exchanging emails, but not completely secure because the email provider [e.g. Hotmail] would have a record of the IP addresses used to log on to the account. That might not matter if the parties used internet cafes.

No comments: