Yeah, I know, old hat and all that; especially tonight. But there is finally an insightful article about how the infamous private HRC email server was set up and configured. Why does anyone care? Because in today’s Internet environment, eveyrone is a target; especially if you are named Clinton and serve as the US Sec of State.
In a nutshell, badddd choices were made. Not legal, but no supervision of IT guy. No independent audit of configuration. Just, “Yeah, a private email server would be great and it would keep our conversations away from the clowns at State and in Congress.”
Without going all techy, considering the value of the information and the probable threats from both domestic and international hacking…. they locked it up with a comparative bathroom lock in a tract house. They type you use a table knife to unlock.
You can make your own assessmesments about judgement, etc…. but all in all a poor choice.
(more below)
AP has gone over the record and spoken to security experts to see just how
vulnerable Hillary Clinton’s private email server was to hacking and
expolits.
According to their article-
http://bigstory.ap.org/article/467ff78858bf4dde8db21677deeff101/only-ap-clinton-server-ran-software-
risked-hacking
the MS mail server was configured for Remote Desktop but NOT through a VPN.
A port scan of the IP address showed multiple ports open both on that server
and VNC servers on other devices in the home. For a while, a web server was
activated on that MS server, but later closed.
“Mikko Hypponen, the chief research officer at F-Secure, a top global
computer security firm, said it was unclear how Clinton’s server was
configured, but an out-of-the-box installation of remote desktop would have
been vulnerable. Those risks – such as giving hackers a chance to run
malicious software on her machine – were “clearly serious” and could have
allowed snoops to deploy so-called “back doors.”
The guy who configured was part of IT staff in previous campaign (his name
is in article). He as taken the 5th in regards to testifying before
Congress. I guess so he won’t have to admit as to how badly he screwed up.
It appears he relied on port # and passwords to get into the server. With
everone port scanning everthing, and common port #s (unless changed) are
associated with applications, then you are just a script kiddie away from
owning the machine.
So it appears that he set up her system with minimal concern for
security (relying on passwords). Running Remote Desktop and VNCs would be
common for maintenance; but not running a VPN to access them is just crazy.
Considering the person and nature of the material should have made VPNs
manditory, but evidently they decided convenience over rode security. In
fact, considering the long history of “interest” in the Clintons from both a
political and intelligence viewpoint, I think they would have locked down
any private Internet resource as tightly as possible.
R
