Yeah, I know, old hat and all that; especially tonight. But there is finally an insightful article about how the infamous private HRC email server was set up and configured. Why does anyone care? Because in today’s Internet environment, eveyrone is a target; especially if you are named Clinton and serve as the US Sec of State.
In a nutshell, badddd choices were made. Not legal, but no supervision of IT guy. No independent audit of configuration. Just, “Yeah, a private email server would be great and it would keep our conversations away from the clowns at State and in Congress.”
Without going all techy, considering the value of the information and the probable threats from both domestic and international hacking…. they locked it up with a comparative bathroom lock in a tract house. They type you use a table knife to unlock.
You can make your own assessmesments about judgement, etc…. but all in all a poor choice.
(more below)
AP has gone over the record and spoken to security experts to see just how
vulnerable Hillary Clinton’s private email server was to hacking and
expolits.
According to their article-
http://bigstory.ap.org/article/467ff78858bf4dde8db21677deeff101/only-ap-clinton-server-ran-software-
risked-hacking
the MS mail server was configured for Remote Desktop but NOT through a VPN.
A port scan of the IP address showed multiple ports open both on that server
and VNC servers on other devices in the home. For a while, a web server was
activated on that MS server, but later closed.
“Mikko Hypponen, the chief research officer at F-Secure, a top global
computer security firm, said it was unclear how Clinton’s server was
configured, but an out-of-the-box installation of remote desktop would have
been vulnerable. Those risks – such as giving hackers a chance to run
malicious software on her machine – were “clearly serious” and could have
allowed snoops to deploy so-called “back doors.”
The guy who configured was part of IT staff in previous campaign (his name
is in article). He as taken the 5th in regards to testifying before
Congress. I guess so he won’t have to admit as to how badly he screwed up.
It appears he relied on port # and passwords to get into the server. With
everone port scanning everthing, and common port #s (unless changed) are
associated with applications, then you are just a script kiddie away from
owning the machine.
So it appears that he set up her system with minimal concern for
security (relying on passwords). Running Remote Desktop and VNCs would be
common for maintenance; but not running a VPN to access them is just crazy.
Considering the person and nature of the material should have made VPNs
manditory, but evidently they decided convenience over rode security. In
fact, considering the long history of “interest” in the Clintons from both a
political and intelligence viewpoint, I think they would have locked down
any private Internet resource as tightly as possible.
R
Haven’t we long known the technically it wasn’t secure, but derived it’s security from nobody knowing that it existed?
I think many knew about it, certainly friends, State Dept., foreign officials she may have use it to communicate, etc… Probably in the 100s. Why it was allowed to continue to operate in that condition is another question. We can speculate.
R
Not hundreds. Maybe not even a dozen. And those that did either never disclose anything about Clinton and how she operates or were under iron-clad non-disclosure agreements with severe penalties. Would be interesting to know if the tech contractors had a clue that it was anything other than personal server which could be very common among wealthy people.
You don’t run a server for a few people and have over 60,000 emails on it. Even for years.
It was used as part of the 2008 campaign and who knows how many people were addressed from it. Then it continued as she was member of these committees-
Committee on Armed Services (2003-2009)
Subcommittee on Airland
Subcommittee on Emerging Threats and Capabilities
Subcommittee on Readiness and Management Support
Then as Sec. as State.
Certainly private advisers, political operatives, staff, reporters, international contacts… With her presence at the top of the National Security Pyramid for years (both as former 1st Lady, then member of Armed Services Comm., then Sec of State) she and all her contacts would be suitable targets for intelligence agencies (political gossip alone would be a gold mine).
So with the stated vulnerabilities, we have to assume that copies of emails were from time to time read in Moscow, Beijing, Teheran, Tel Aviv and any number of national capitals. Both from her server and the accounts of her contacts. When nation states target you, you need the full power of a nation state to protect your online accounts…not a private IT guy.
However, there are other aspects to this which are not quite clear.
R
can you say more about other the aspects that aren’t clear?
It appears to be one thing, but might really be another and all the controversy is theater. To openly speculate as to the only logical explanation, (considering the history of the participants) could invite trouble to the host of this site and its commentators from TLAs as well as poison any results achieved. Spiders crawl all sorts of websites, particularly those who question the established order or have journalistic connections.
Unless of course, everyone is incompetent and the Secret Service, instead of doing its job and knowing about communications avenues of its protection subjects, were getting drunk with Bill and a suite full of hookers in some hotel. For 7 years.
R