Experts query authenticity of e-mail addresses revealed by Rowley

(Trinidad Express) Informa-tion technology experts who have examined the purported e-mails detailing an alleged Section 34 conspiracy involving top Government officials  are questioning the authenticity of the exchange.

Among the issues are wrong dates, time and format, an imaginary e-mail address, and the ease with which the entire document could have been typed, printed and faked.

And according to technology columnist Mark Lyndersay, the burden of proof now rests with Opposition Leader Dr Keith Rowley to prove his claims, by providing to the police the actual digital e-mails or prints of the e-mails containing the full extended headers, which contain data that should provide a verifiable footprint of every place the e-mail went between sending and receipt.

As it stands, Lyndersay said, the information provided by Rowley was not evidence.

The e-mails, which date to September 2012 and involves Prime Minister Kamla Persad-Bissessar, Attorney General Anand Ramlogan and Works and Local Government Minister Suruj Rambachan and National Security Adviser Gary Griffith in a plot to silence the media and remove the Director of  Public Prosecu-tions, were read by Rowley in Parliament on Monday.

The claims were made during debate on his no-confidence motion against the Prime Minister.

Government’s response has been swift, with Persad-Bissessar on Monday afternoon writing to the acting Police Commissioner Stephen Williams, providing copies of the alleged e-mails and asking for a quick investigation.

Attorney General Anand Ramlogan said yesterday he had examined the e-mail print-out and sought advice from persons who had concluded that the entire document was bogus, and  challenged  Rowley to repeat his allegations outside the protection  of parliamentary privilege.

Much of what Ramlogan said was corroborated yesterday by experts approached by the Express.

Among the impossibilities noted were:

• The e-mail anan@gmail. com is fictitious and could not have been created. According to Google’s website, “We’ve discovered that short usernames at popular domains receive significantly more spam since they’re easy to automatically generate. Gmail’s requirement that all user names be at least six characters in length is meant to keep spam out of your inbox. (Dots or periods don’t count as characters when creating your username.)” The e-mail address on the document read by Rowley — anan@gmail.com — has only four characters. When the Express sent a message to this e-mail, the response was an error message that the e-mail account did not exist.

• It is impossible to send a message from two separate e-mail addresses simultaneously.

The computer would not recognise the command. As a result, the address anan@gmail.com; anand@tstt.net.tt to kamlapb1@gmail.com , as noted above, would not have been received.

• Wed 11 Sept, 2012, as written in one e-mail, is wrong. September 11 last year, fell on Tuesday. Several other dates are also wrong.

• The date 9/06/12, as it appears similarly in several e-mails, is written in the wrong format and should instead read Thurs, 6 Sept, 2012.

The Express was also pointed to several online tutorials on how to hack into e-mails, and create a thread of misinformation without the knowledge of the e-mail’s owner.

Additionally, using the website anonymailer.net, the Express was able to send e-mails using the legitimate e-mail addresses of Persad-Bissessar, Suruj Rambachan, Anand Ramlogan, and Dr Roodal Moonilal.

According to Lyndersay, the e-mails containing the extended headers, if provided by Rowley, would allow investigators to trace the many “touch points” that the transmission took. Lyndersay said “that he (Rowley) has not come forward with such information, which could be culled from e-mails forwarded to him, does not mean that it doesn’t exist”.

However, Lyndersay added, “It seems clear now that neither anan@gmail.com nor anand@gmail.com can exist and that limitation threads back to the beginnings of the service nine years ago”.

Lyndersay said that should Rowley provide the information, authenticating the e-mails and their transmission routes would take days, if not weeks, using the services of a digital forensic specialist “though such a person can garner a great deal about authenticity by even a cursory glance of an extended e-mail header”.

He said, “It will also require the cooperation of Gmail, Hotmail/Outlook.com and any other service provider to verify the truth of the transmission data”.

The extended headers would also expose “spoofed” e-mails, addresses which seem to come from one place and in fact originate elsewhere, said Lyndersay.

He said, “If there’s no extended header available for inspection, though, things fall apart pretty quickly and what you have is a document that you could make up in a word processor pretty easily.”