If an email has leaked out, we can find out if it’s real or not. This is the first question we need to ask about the leak from Hunter Biden’s emails today. He has the final answer.
Today’s e-mails have cryptographic tags in the metadata. These signatures have been circulated over the last ten years as a means to fight spam, to make sure that the sender is who he claims to be. These signatures not only check the sender, but also ensure that the content has not been changed. In other words, it guarantees the authenticity of the document, the sender and the date of transmission.
Cryptography works. The only way to bypass those signatures is to hack into the servers. In other words, if we see a 6-year-old message with a valid Gmail signature, we know that either (a) it is valid, or (b) they hacked Gmail to steal the signature key. Since (b) is very unlikely, and if they could hack Google, they could get a ton of more important information, we must assume (a).
Your email client usually hides this metadata from you because it is boring and people rarely want to see it. But it’s still there, in the original electronic document. An e-mail message is simply a text document consisting of metadata, followed by the content of the message.
No special knowledge is required to display the metadata. If someone has sufficient skills to export emails to a PDF document, he/she also has sufficient skills to export the source of the email. If you can download a PDF file on Scribd (as in the story), you can download an e-mail source. I’ll show you from underneath.
To show you how it works, I send an email with Gmail to my personal mail server (from gmail.com to robertgraham.com).
NYPost’s history shows e-mails printed in PDF format. So I do the same thing when email arrives on my MacBook using the Apple Mail application. Looks like this is the next one:
The original form I sent from my Gmail account is just a text document that looks like this
It’s very simple. The customer inserts items such as the Message-ID that people are not interested in. There are also internal formatting details, such as the fact that the message is in plain text and not in HTML.
But this raw document was sent from a Gmail web client. It then went through the Gmail servers, after which it was transferred over the internet to my personal server, where I finally retrieved it on my MacBook.
When e-mail messages pass through the servers, the servers add their own metadata.
When it arrived, the raw document looked like this. None of the important bits have changed, but much more metadata has been added:
What you’re worried about is the DKIM signature.
It has been added by the Gmail servers for everything sent from gmail.com. It certifies or verifies that the e-mail originates from these servers and that its main content has not been modified. Long sequences of seemingly random characters form a cryptographic signature. That’s what all cryptography is based on – long pieces of data that look random.
To unzip this document, I used the Apple Mail client software and in the File menu I chose Save as… and saved it as the source of the raw messages.
I uploaded this document to Scrib so everyone can download it and play with it, for example to verify your signature.
To verify the signature of the e-mail, simply open the e-mail document with Thunderbird (Firefox e-mail client) using the DKIM Verifier extension, which confirms that the signature is really correct. So we can see that this is a valid email sent with Gmail and that the headlines have not been changed:
The same can happen to the letters on Hunter Biden’s so-called laptop. If they can be printed in PDF format (as in the press release), you can also save them in raw format and check the DKIM signature.
Such things are unusually simple, which anyone with a minimum of computer experience can do. This will be important in determining the validity of the story by proving that the emails were not tampered with. Shortcomings that lead me to believe that no one with a minimum of computer theoretical knowledge was involved in this story.
The story contains the following paragraph about one of the letters on the hard drive (a smoking gun claiming that Pozharsky met Joe Biden) that was allegedly sent. Who’s entitled to it? If you have an email with a verifiable DKIM signature, you do not need to approve it – it will be confirmed. Since Pozharsky used Gmail, we know the original would have a valid signature.
The absence of unconfirmed claims that could be confirmed seemed strange for a story of this magnitude.
Note that the NYPost indicates that he has a copy of the original, so he should be able to do the same verification:
Although they would have been theoretically possible, this does not seem to have happened in practice. The PDF file in the article is on Scribd, so everyone can download it. PDF files, like email files, also contain metadata that most PDF readers display. It seems that this PDF was not created after Sunday, when NYPost received the hard drive, but in September, when Trump’s allies received the hard drive.
Conclusion
You don’t need any special skills to do this. If someone has sufficient skills to export emails to a PDF document, he/she also has sufficient skills to export the source of the email. Instead of exporting in PDF format, select Save as… Source of the original message. Instead of downloading a .pdf file, download the resulting .txt file into the Scribd.
At this stage, a journalist would not have to check DKIM or consult an expert: anyone could do so. There are tons of tools that can easily download and view this raw source mail, like the Thunderbird example I did above.
*** This is a syndicated blog from Errata Security’s network of security bloggers, written by Robert Graham. You can read the original announcement on https://blog.erratasec.com/2020/10/yes-we-can-validate-leaked-emails.html.
Related Tags:
biden email,dkim,free bulk email verification tools,myemailverifier,best email verification service,millionverifier,email verifier software with crack,mailfloss