It was less than two weeks ago that former Secretary of State Hillary Clinton assured the nation that her “homebrew” email server was safely secure in her home in Chappaqua, New York. She insisted that the hardware was fortified behind a locked door and had a Secret Service detail mentoring it night and day, as though the greatest security threat that system faced was via a physical attack by a team of cartoonish cat burglars.
Nevertheless, Clinton insisted that the safeguards around the email system she constructed out of “convenience” were “effective and secure.” She added that “there were no security breaches,” as though she would even be able to know that that definitively. Well, subsequent reports cast doubt on the level of security that system enjoyed, but other reporters have begun to poke holes in the claim that the physical location of Clinton’s server is in her New York home.
In a March 12 report by Fox News journalist James Rosen, proficient hackers were asked to probe the security protocols in place that protected Clinton’s server today. They found that the system was vulnerable to a variety of hacking methods. Moreover, they noted that the server did not appear to be located in Chappaqua.
Now, working with publicly available tools that map network connectivity, experts have established that the last “hop” before the mail server’s Internet Protocol, or IP, address (listed as 184.108.40.206) is Internap’s aggregator in Manhattan (listed as 220.127.116.11).
“This is a very strong indication that the clintonemail.com server is in Manhattan,” the source told Fox News.
That’s odd. Well, maybe the physical server had been moved in the days following the revelation that Clinton used a private email system. According to an Ars Technica investigation, however, Clinton’s email server was located in Alabama at one point while she served as America’s chief diplomat. Moreover, its substandard security left it vulnerable to a series of common hacking techniques.
Clinton has probably changed her e-mail address since the scandal began—particularly since the hdr22 account she used has been widely published and has likely become a magnet for all sorts of unwanted messages. And the hosted Exchange server is certainly an upgrade from her original server configuration—Until October of 2010, based on historic DNS records viewed by Ars, Clinton’s e-mail server was in fact at a static IP address provided by Optimum, a Cablevision subsidiary, that corresponded to the Clintons’ Chappaqua address. The domain was registered on January 13, 2009, just days before Clinton’s confirmation as secretary of state—but it did not gain a certificate for secure client connections until March. The current certificate for clintonemail.com was issued by GoDaddy in 2013 just as the original certificate was about to expire.
At some point shortly after the home server was dropped in 2010, the mail exchange record for clintonemail.com was moved to a hosted Exchange server running out of a data center in Huntsville, Alabama. The server uses McAfee’s MXLogic e-mail filtering service to screen for malware and spam (though it’s not certain when the service was added).
There are a couple of potential hazards posed by the Clintons’ hosted mail server. First, Outlook Web App is enabled, and that offers an avenue for attackers to attempt to brute-force their way into mail accounts by guessing passwords. Exchange server offers some policies to block these sorts of password attacks, but using them runs the risk of denying users access at all—all someone has to do to basically shut down a user’s e-mail is enter bad passwords a few times to activate the lockout.
The report suggests that it would not be all that difficult to “brute-force guess” Clinton’s email password and infiltrate the system. It defies logic to believe that a high value target like the secretary of state’s electronic communications were not probed by foreign intelligence services over the course of her tenure in the president’s Cabinet, and reports increasingly suggest that those agencies did not encounter many obstacles in their effort to compromise her communications.
At the very least, Clinton’s insistence that her email server is located in Chappaqua is another indication of her pathological compulsion to willfully mislead the public on even the most banal details of her tenure at State. It is increasingly clear that Hillary Clinton is, as William Safire once observed, a “congenital liar.” Since Democrats seem disinclined to demand more of their party’s standard-bearer, it will be up to voters to determine whether the American government will be led by a habitual prevaricator in 2017.