The only item missing from the secret e-mail server run by Hillary Clinton appears to be the welcome mat for hackers. According to the Associated Press, the Clintons set up remote-control operations of its server without ever bothering to build in the normal security that would accompany those functions in a professional setting — if one could even find a professional setting that would allow those functions to operate at all:
Clinton’s server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn’t intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders.
Just in case any hackers missed the “Open House” sign on the unlocked front door, the Clintons left two back doors unlocked, too:
Records show that Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet. One contained similar remote-control software that also has suffered from security vulnerabilities, known as Virtual Network Computing, and the other appeared to be configured to run websites.
No self-respecting network administrator would have allowed those openings to go without extraordinary security in place, or at least a VPN. In fact, the State Department had already banned the use of such remote access software on even its unclassified systems without a specific waiver allowing their use. They don’t even allow the waivers for overseas systems.
Needless to say, the experts aren’t impressed:
“That’s total amateur hour,” said Marc Maiffret, who has founded two cyber security companies. He said permitting remote-access connections directly over the Internet would be the result of someone choosing convenience over security or failing to understand the risks. “Real enterprise-class security, with teams dedicated to these things, would not do this,” he said. …
The findings suggest Clinton’s server “violates the most basic network-perimeter security tenets: Don’t expose insecure services to the Internet,” said Justin Harvey, the chief security officer for Fidelis Cybersecurity.
According to the AP, the original survey of these vulnerabilities was conducted by a hacker in Siberia. The Morning Joe panel can’t believe how this story keeps getting worse for Hillary Clinton, and no one on the panel buys her campaign’s spin that no one has proven a breach of the system (yet). The question at this point is whether or when criminal charges get filed, Willie Geist says. The question of Hillary’s incompetence has already been settled.