Email Location Data Led FBI to Uncover Top Spy’s Affair

U.S. Army Gen. David H. Petraeus, commander of U.S. Central Command, presides over a re-enlistment and awards ceremony while visiting Soldiers of Task Force Mountain Warrior. Photo: U.S. Army Spc. Albert L. Kelley, 300th Mobile Public Affairs Detachment

Every year careless hackers, cyberstalkers and others are undone by the digital trails they leave behind for law enforcement to collect and trace back to them.

But who would have thought the nation’s top spy chief would be undone so easily by digital footprints left behind in e-mail?

In the irony of ironies, the distinguished career of CIA Director and former Afghanistan war commander David Petraeus appears to have come unhinged after authorities traced the location of the sender of threatening e-mails that were written from an anonymous e-mail account and sent to a woman in Florida.

Authorities say the location data connected to the e-mails and the e-mail account from which they were sent, helped them identify the sender as Petraeus’ biographer, Paula Broadwell. This helped them search other e-mail accounts owned by Broadwell, including a Gmail account she used, which led them to the affair with Petraeus, according to The Wall Street Journal.

The case shows just how easy it is to discover the personal connections that can unmask anonymous parties. But the Petraeus affair is as much an outlier as an exemplar. The FBI rarely, if ever, gets involved when one person is harassing another online.

“I’m not aware of any case when the FBI has gotten involved in a case of online harassment,” Justin Patchin, an associate professor of criminal justice at the University of Wisconsin-Eau Claire, said. ”The FBI definitely wouldn’t get involved in your Joe Schmoe love triangle.”

The affair began to unravel after the Florida woman, Jill Kelley, contacted an FBI friend after receiving threatening and harassing e-mails from an anonymous person who accused her of flirting with a man who was not identified in the e-mails. Kelley is a volunteer social planner for events at MacDill Air Force Base in Tampa, Florida, which is home to the military’s Central Command. Petraeus was commander of CENTCOM from 2008 to 2010, when he left to take his position as head of the CIA.

The e-mails, between 5 and 10 of them, began arriving last May, and reportedly told Kelley to “back off” and “stay away” from the unnamed man.

Kelley’s FBI friend launched an investigation to determine if the threatening e-mails constituted a cybercrime.

FBI investigators determined that the anonymous account from which the e-mails were sent belonged to Broadwell and her husband, who live in North Carolina. Reports are unclear about how they did this, but, according to the New York Times investigators were able to determine what other e-mail accounts had been accessed from the same computer address as the one that sent the harassing e-mails, which may have led them to Broadwell or her husband.

The information contained in the metadata of e-mail headers varies. It’s unclear if the anonymous account was a Gmail account or came from another e-mail service provider. In Gmail, the header generally only includes the IP address and domains of the servers through which the e-mail was sent, as well as ones it passed through in transit to the recipient’s inbox. Authorities would have had to contact Google to obtain information about the IP address that was used to log into the anonymous account and any other accounts that were accessed from the same address. But other e-mail providers, such as Yahoo, do include the sender IP address in the metadata.

Agents considered that the anonymous e-mail account used to send the harassing e-mails might have been hacked by someone else who was sending the e-mails to Kelley. But they eventually were able to match the locations from which the e-mails were sent to the same locations, including hotels, where Broadwell was known to have been during the times the correspondence was set to Kelley, according to the Journal.

Based on these connections, investigators obtained a warrant to monitor other e-mail accounts Broadwell used, including a Gmail account.

In examining these other accounts, agents uncovered sexually explicit e-mails that Broadwell exchanged with another party who also used a Gmail account. Investigators were not able to immediately identify Petraeus as the other party, however, because he’d set up his Gmail account using a pseudonym.

Investigators determined sometime during mid-summer that it belonged to Petraeus and that the two were having an affair. The reports do not say how investigators made that connection. According to the New York Times it’s not known if the FBI gained access to Petraeus’ personal e-mail account, or if its investigation relied solely on e-mails found in Broadwell’s account.

Broadwell’s affair with Petraeus reportedly began two months after he took over the CIA and ended about four months ago, around the same time the FBI discovered the affair, according to Col. Steven Boylan, who spoke to ABC News.

After the FBI contacted Broadwell the week of Oct. 21, she acknowledged the affair and provided authorities with her computer. The agents discovered several classified documents on the computer, which raised concerns that Petraeus had given them to her, but agents ultimately determined this was not the case. Petraeus admitted to the affair but said he had not given any classified documents to her.

Though Petraeus is not believed to have broken any laws, he resigned from his position with the CIA last Friday, expressing regret for hurting his family and at his lapse in judgment in conducting the affair.

Broadwell will now become part of the statistics that Gmail reports in its next semi-annual transparency report on government data requests.

The e-mail provider and search giant releases a so-called Transparency Report every six months, to provide users with generic statistics about government requests for data and takedowns. The last 2011 report showed that U.S. government agencies sought user data from Google 6,321 times for the six months ending December 2011, which was up from 5,950 during the first six months of 2011. The requests targeted 12,243 Google accounts in the latter half of that year, and 11,057 in the six months prior.

Google, which offers e-mail, cloud storage, a blogging platform, web search, and other services, provides government agencies with e-mail communications, documents, browsing activity, IP addresses used to create an account and other data when asked.

It’s not known how many of these requests are accompanied by a warrant, however, since Google doesn’t disclose this in its report, and U.S. laws are unclear on when a warrant is required. The Electronic Communications Privacy Act, for example, allows access to electronically stored data without warrants.

Update 3:30 PST: To clarify that although reports indicate that Broadwell and Petraeus used Gmail accounts to communicate with one another, the e-mail account that was used to send the harassing e-mails to Kelley has not been identified as a Gmail account in news reports.

Additional reporting by Robert Beckhusen