The NJIT Cybersecurity Research Center seeks to address on-going and long-term future needs to research new methods for understanding how systems can be compromised and fail, how to design secure cyber systems, and how to improve or fix a cyber infrastructure that has already been deployed.
"Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press,” said Republican presidential nominee Donald Trump during a recent news conference in Florida.Trump was referring to emails that Hillary Clinton wrote on a personal server she used for official business, which she didn’t hand over to the State Department and her lawyers deleted as personal.
Trump’s comments caused an instant uproar and were met with a firestorm of criticism on social media and from the Clinton campaign, accusing him of endangering national security and urging a U.S. adversary to infiltrate the former Secretary of State’s servers.
“I think it's certainly irresponsible for Trump to openly encourage a foreign government to perform such espionage,” says Reza Curtmola, computer science professor and co-director of NJIT’s Cybersecurity Research Center.
Trumps incendiary remarks come on the heels of the leak of 20,000 emails from the National Democratic Committee, a hack linked to the Russian government.
“From a technical perspective, those 30,000 deleted emails might still be stored somewhere, perhaps in a backup archive made by the company who was in charge of backing up her email server,” says Curtmola. “It would not be surprising, if at some point during this campaign those emails resurfaced.”
Hackers use advanced evasion techniques, like multiple proxy servers, that provide anonymity.
The Romanian computer hacker known as “Guccifer” said he compromised Clinton's personal server by using a combination of spear phishing, guessing answers to security questions and weak passwords, and exploiting software vulnerabilities on the target machine to gain access.
The FBI later reported that Guccifer admitted that was a lie.
But Curtmola says the methods he laid out are absolutely plausible.
“Once the hacker figured the IP address of the email server, he could have used special programs, which remotely ‘scan’ the server in order to determine what version of the software is running,” he explains. “The hacker could then exploit known—or even zero-day—vulnerabilities for that specific software on the server in order to gain access to it.”
So, are our deleted emails ever safe? What really happens when you flag an email for deletion and move it to the trash folder?
“It’s not physically deleted immediately,” says Curtmola. “It might stay in the trash folder for a while—usually up to 30 days—until it gets deleted. During that time, it can be recovered.”
Nowadays, online email service providers, such as Google and Yahoo, don’t (and aren’t obligated to) disclose how long deleted emails continue to exist on their servers.
“The purpose of having these backups is to provide reliability to deal with situations when the email server crashes and its storage media is corrupted, say due to hardware issues,” says Curtmola. “This can be as simple as making a copy on the same machine, or it can be as complex as making multiple copies on different backup servers.”
Even Google's Gmail experienced a snafu a few years ago, which affected tens of thousands of users who showed up to an empty Inbox. Luckily, Google was able to restore their emails from tape backups.
“This means even if you delete an email today, the email service provider probably made a back up of your emails yesterday, and that deleted email will continue to exist in the back up,” he continues.
Since the backlash, Trump has tried to diminish the controversy, reducing his comments to mere sarcasm. Still, Curtmola urges the company in charge of safeguarding the server that potentially houses those emails to apply recommended best practices, like using security software such as firewalls, antivirus programs, and correctly configuring the software.
“Many breaches occur because complex software systems are incorrectly configured and updates and patches aren’t applied as soon as they are available,” he says.
In addition, Curtmola advises the backups be stored on a “network that is more isolated, not so exposed or easily accessible, as would a regular email server; backups should be stored encrypted.”
But, ultimately, there is no perfect security.
“Given the right incentive and enough time, any machine can be broken into,” he says. “Securing systems is about orchestrating processes in place as a coherent system in order to minimize your risks.”
For all the latest on how NJIT researchers are addressing challenges and applying new approaches to practical encryption, secure cloud computing and privacy technologies, visit the NJIT Cybersecurity Research Center.
By Shydale James