I know that this is an old post but wanted to add my comment to this post given my previous thoughts on the matter. Take a look at the article listed on The Times here: http://www.timesofmalta.com/articles/view/20081014/local/attack-on-mitts-system-started-in-cairo-embassy-information-extracted-on-sept-4

Note the following paragraph:
“Among measures which could be disclosed, were the introduction of token/smart cards to MPs and people in sensitive posts, without which email accounts could not be accessed. Secure Mail was also being introduced immediately to encrypt email.”

Tokens and smart cards contain digital signatures and when using them, as the article points out, no one can read your mail unless these items are in hand. It’s similar to the online banking token.

Good to see that they’re going to use them (and encrypted e-mails) even though it is a little late.

Ironically, the Government of Malta was one of the first countries in Europe to include a definition of “digital signatures” and encryption into its laws. Despite this, it does not seem as if e-documents (which are signed electronically as defined and allowed by law) are being used.

One wonders if this is a case of industrial espionage of some sort.Could it be related to a case of break-ins in offices of various IT companies reported in Maltatoday some months ago?

[Daphne – They were advertising agencies, not IT companies. I often wonder how much of this sort of thing goes on and remains undiscovered and unreported. Clerks at insurance companies have access to the details of the valuables in our homes. Any bank teller can get into any client’s account and see what he or she has got or hasn’t got. We leave a lot to trust. And while they have strict confidentiality agreements and will lose their job and in some situations even face prosecution for releasing details, I sometimes wonder how it can be possible to monitor the behaviour of those thousands of people, some of whom may be silly enough to think nothing of looking up a disliked neighbour’s account, for example, and going home to tell, say, their mother.]

Any mail system administrator of your ISP has access to your mail. Obviously, they never should open your mail without reason, but they can do it.

If you really need to send something important and/or high risk and/or secret via email, then the best thing to do is to save the document as a text or Word file, encrypt the file, sned it and then give the password to the addressee telephonically (or something).

[Daphne – So he wasn’t a hacker, but a company employee breaching confidentiality. Or was he a company employee who hacked a system to which he had no regular access? That’s why we really need to be told.]