Experts tell Gawker: Hillary’s shoddy private e-mail security is a potential national security disaster

posted at 3:21 pm on March 5, 2015 by Allahpundit

We already knew it was bad. Not until you read this will you understand how bad. In fact, I debated with myself whether to even include the word “potential” in the headline. The reason it’s there is because cybersecurity experts can’t say for an absolute fact that foreign governments infiltrated her server. All they can say is that it’s a virtual certainty given how high a priority she is for enemy hackers and how clumsy her defenses were. It’s like a business owner knowing that his store is being cased and choosing to leave the vault unlocked anyway.

You need to read it all to appreciate the extent of the failure. The threshold problem with using private e-mail is that your own cybersecurity is only as good as the company you’re using. If hackers know a way into a commercial server — and Hillary’s e-mail apparently used three different servers — then they have a way into your account potentially. That’s not a major problem for average people but it’s huge when the target is someone being watched by the most sophisticated cyber outfits in the world. Instead of conducting State Department business behind one very well fortified door, i.e. the federal government’s, Hillary placed it behind three less fortified ones. The only reason to do that is if she was more worried about the American public knowing what she was doing than, say, China knowing.

But even that doesn’t fully explain the security lapse. If you’re going to hide behind three less fortified doors, you should at least want to make sure those doors are as fortified as possible. Hillary didn’t:

Security researcher Dave Kennedy of TrustedSec agrees: “It was done hastily and not locked down.” Mediocre encryption from Clinton’s outbox to a recipient (or vice versa) would leave all of her messages open to bulk collection by a foreign government or military. Or, if someone were able to copy the security certificate Clinton used, they could execute what’s called a “man in the middle” attack, invisible eavesdropping on data. “It’s highly likely that another person could simply extract the certificate and man in the middle any user of the system without any warnings whatsoever,” Hansen said.

The invalid certificate would have also likely left Clinton vulnerable to widespread internet bugs like “Heartbleed,” which was only discovered last spring, and may have let hackers copy the entire contents of the Clinton servers’ memory. Inside that memory? Who knows: “It could very well have been a bunch of garbage,” said Hansen, or “it could have been her full emails, passwords, and cookies.” Heartbleed existed unnoticed for years. A little social engineering, Hansen said, could give attackers access to Clinton’s DNS information, letting them route and reroute data to their own computers without anyone realizing. “It’s a fairly small group of people who know how to do that,” Hansen noted, but “it’s not hard—it’s just a lot of steps.”

And that’s not all. Hillary’s server appears to be configured with a public login page, allowing her — or anyone else — to access the server from anywhere in the world with the right login and password. In other words, not only was she beaming confidential information out onto the Internet, where it could have been intercepted at various points, instead of routing it through secure federal government servers, she actually placed a doorway into the server on the Internet so that people with the right key (namely, her) could access it easily. That’s “pretty much the worst thing you can do” to a network that’s meant to be private, let alone sufficiently top secret to serve a cabinet member, said one security expert to Gawker. And on top of all that, there’s a chance that by using a .com domain, Hillary may have inadvertently steered classified government info to innocent people who had no intention of receiving it. From Gizmodo:

He pointed out that there is another valid domain, clintonmail.com, owned by somebody else with the last name Clinton since 2002 (note the lack of an “e,” which is the only difference between it and Hillary Clinton’s domain). “How many emails meant for the Secretary of State has the owner of clintonmail.com received?” Nielsen asked, adding that this isn’t a problem with .gov domains since only the government can register them.

The question is why. Why, if she was resolved to use private e-mail, wouldn’t she pay some cybergenius a half million dollars or whatever rate the Clintons get for an hour’s work these days and get him to build one of the most tightly secured private e-mail servers in the world? We all understand why she wouldn’t want American voters being able to sift through her correspondence at State. What I don’t understand is why she wouldn’t take precautions to keep them away from prying Russian/Chinese eyes too. Remember, she was warned by State’s IT people that private e-mail wasn’t secure. Even if she was a total tech ignoramus, that was her wake-up call to pay someone to secure this server. She didn’t. Even if you think, as I do, that most voters won’t care about this, it’s still a major unforced error by someone who’s been planning to run for president in 2016 since before she became Secretary of State. As it is, imagine President Hillary arguing with Putin over Ukraine circa 2018 and him warning her to stand down or else a few damaging e-mails from her time at State might just end up mysteriously being leaked to the New York Times. She’s left herself wide open to foreign blackmail. Inexplicably.


Related Posts:

Breaking on Hot Air

Blowback

Trackbacks/Pings

Trackback URL

Comments

The one thing I want to know is this: when are we going to start requiring candidates to pass security background checks BEFORE they can be allowed to run for or be appointed to a political office?

James on March 5, 2015 at 7:00 PM

I’m impressed by how loyal everyone at State was to her. This started 6 years ago, and not a single person leaked it until now?

msr on March 5, 2015 at 5:40 PM

C’mon… What do you think the $6 Billion was used for?

http://www.thefiscaltimes.com/Articles/2014/04/04/6-Billion-Goes-Missing-State-Department

climbnjump on March 5, 2015 at 7:01 PM

Really? Just how unbelievable is that? Or, to re-phrase, just how stupid do they think you and I are?

Infidelius on March 5, 2015 at 4:12 PM

Really, they were elected twice. They know how stupid the majority of the electric is and that’s all they care about.

whbates on March 5, 2015 at 7:41 PM

They know how stupid the majority of the electric is and that’s all they care about.

whbates on March 5, 2015 at 7:41 PM

Ohm, I think you got some wires crossed in your autocorrect. But to keep it current you should amp up your attention to detail.

James on March 5, 2015 at 7:59 PM

That Hillary. . . . !!!

Narniaman on March 5, 2015 at 8:02 PM

The one thing I want to know is this: when are we going to start requiring candidates to pass security background checks BEFORE they can be allowed to run for or be appointed to a political office?

James on March 5, 2015 at 7:00 PM

Never. The Constitution sets the parameters.

Lance Corvette on March 5, 2015 at 8:43 PM

They know how stupid the majority of the electric is and that’s all they care about.

whbates on March 5, 2015 at 7:41 PM

Ohm, I think you got some wires crossed in your autocorrect. But to keep it current you should amp up your attention to detail.

James on March 5, 2015 at 7:59 PM

Resistance is futile.

malclave on March 5, 2015 at 8:53 PM

Trey Gowdie might just as well shop the Chinese, Russians, Iranians, ISIS, Catmando, the Gallalapagos Islands, Bermuda, Jamaica,the Island of Malta, or perhaps the Fraternity at Cincinnati Community College for HACKED emails from Herself………Good thing we weren’t at war or up to no good in Lybia…….else the enemies might have gotten advance notice of our actions from this pathetic Liar!

ConcealedKerry on March 5, 2015 at 9:31 PM

Year of the rat meets groundhog day.

wolly4321 on March 5, 2015 at 4:30 PM

Not exactly sure what that means existentially, but I like it.

AesopFan on March 5, 2015 at 11:17 PM

The one thing I want to know is this: when are we going to start requiring candidates to pass security background checks BEFORE they can be allowed to run for or be appointed to a political office?

James on March 5, 2015 at 7:00 PM

They’ll just employ the company that passed Snowden.
And you know one of the questions will be, “Are you now or have you ever been a Conservative?”

AesopFan on March 5, 2015 at 11:19 PM

They know how stupid the majority of the electric is and that’s all they care about.
whbates on March 5, 2015 at 7:41 PM

Ohm, I think you got some wires crossed in your autocorrect. But to keep it current you should amp up your attention to detail.

James on March 5, 2015 at 7:59 PM

Resistance is futile.

malclave on March 5, 2015 at 8:53 PM

That was reVolting.

AesopFan on March 5, 2015 at 11:20 PM

That was reVolting.

AesopFan on March 5, 2015 at 11:20 PM

Let me guess…I’m grounded?

James on March 5, 2015 at 11:38 PM

I expect Hillary is banking on all the goods she has on everyone else. This is why Democrats are wetting themselves: not because she broke the law and they are “tired of defending her” (like anyone believes their sanctimony), rather that there is a lot of crap on them she has collected.

So, she might be in the driving-seat: “if I go down, I’m taking you with me”. We’ll need a truckload of popcorn for this one.

But we need to investigate, see how bad it is, and who else is involved and start locking them up, beginning with her hapless sys admin, who had to understand the high-crime against the country that this was.

The Clintons do seem to be a cancer on society don’t they?

virgo on March 6, 2015 at 12:24 AM

They know how stupid the majority of the electric is and that’s all they care about.whbates on March 5, 2015 at 7:41 PM

Ohm, I think you got some wires crossed in your autocorrect. But to keep it current you should amp up your attention to detail.James on March 5, 2015 at 7:59 PM

Resistance is futile.malclave on March 5, 2015 at 8:53 PM

That was reVolting.AesopFan on March 5, 2015 at 11:20 PM

P equals IRsquared or was that E = MC2?
Either way Hillary equals Obnoxious and Stupid squared.

AH_C on March 6, 2015 at 12:32 AM

Again, I need to caution everyone. I’m fairly certain that classified information would not even be permitted on a regular state department email account.

blink on March 6, 2015 at 12:53 AM

True, but it beggars belief that the Secretary of State did not see and use classified information on a daily basis, and we know that she did not have a SIPRNET account either.

James on March 6, 2015 at 1:07 AM

She might have been beaming sensitive information out, but information that’s classified as Confidential should not be going through state department emails. I believe a classified internet system and special emails are needed for that
blink on March 6, 2015 at 12:56 AM

Until someone intentionally or accidentally spills classified info unto a unclassified system. Like all classified stuff are supposed to be read and handled in a secure room. Let’s say her Secretary reads a classified message and keys the essence unto her unclassified pc and emails it to hdr22. That email was never tagged as classified but the contents are indeed classified. Or shhe burns the classified files to a cd and then uploads them to the unclassified email. Lots of ways to have spillage if you don’t know or care about protocol.

AH_C on March 6, 2015 at 1:31 AM

Why, if she was resolved to use private e-mail, wouldn’t she pay some cybergenius a half million dollars or whatever rate the Clintons get for an hour’s work these days and get him to build one of the most tightly secured private e-mail servers in the world?

Because that’s someone they’d have to Vince Foster out of the way before he went to Trey Gowdy.

hurricane567 on March 6, 2015 at 1:59 AM

Picture used in lead-in immediately conjures up the adage “the Blind leading the Blind” that should be used in her campaign ads.

MSGTAS on March 6, 2015 at 8:23 AM

And then there is the disconcerting possibility that perhaps Ms. Clinton deliberately left her server, unsecured

kjatexas on March 6, 2015 at 9:53 AM

You don’t have to be smart if you are evil.

Younggod on March 6, 2015 at 9:57 AM

Hillary Clinton. Young, tech-savvy leader of the Smart Power™ Party

Closet Optimist on March 6, 2015 at 11:10 AM

In front of the flag-draped coffins on the tarmac, Hillary clasped the hands of the parents, sympathetically looked into their eyes, and with careful cadence and solemn words lied through her teeth. Integrity and the tears of grieving parents are an easy price to pay, given the opportunity to “Feel Their Pain” in front of the cameras.
She’s a poster grandma for depraved indifference.

IcePilot on March 6, 2015 at 11:47 AM

Where are the backups?

IcePilot on March 6, 2015 at 12:49 PM

How do you know this?

blink on March 6, 2015 at 11:14 AM

It was said early on that she had zero, none, zip, nada government email addresses. That means no SIPRNET.

James on March 6, 2015 at 12:56 PM

They know how stupid the majority of the electric is and that’s all they care about.
whbates on March 5, 2015 at 7:41 PM

Ohm, I think you got some wires crossed in your autocorrect. But to keep it current you should amp up your attention to detail.

James on March 5, 2015 at 7:59 PM

Resistance is futile.

malclave on March 5, 2015 at 8:53 PM

That was reVolting.

AesopFan on March 5, 2015 at 11:20 PM

I got a real charge out of this one. :-)

Lammo on March 6, 2015 at 3:34 PM

She might have been beaming sensitive information out, but information that’s classified as Confidential should not be going through state department emails. I believe a classified internet system and special emails are needed for that

blink on March 6, 2015 at 12:56 AM

Well, the “Confidential” stuff shouldn’t be going through her private (sic) e-mail server either. But we’re told she did ALL her e-mail via her server, and this would include sensitive info of all grades.

I’m shocked, shocked, by all this.

ReggieA on March 6, 2015 at 5:31 PM

The question is , did her lack of security cause Benghazi?

foreman3 on March 6, 2015 at 10:31 PM

If she see no classified emails this way, she needs to go to jail, period

foreman3 on March 6, 2015 at 10:36 PM