July 14, 2016
If you were Vladimir Putin, or President Xi of China, what would you do if you had the entire archive of Hillary Clinton’s emails, classified and unclassified, “deleted” and not, in your hands? What value to you would that be in your next round of negotiations with the president of the United States?
Unencrypted Email
Hillary Clinton traveled to 19 foreign locations during her first three months
in office, inlcuding China, South Korea, Egypt, Israel, Palestine, and a
meeting in Switzerland with her Russian counterpart. During that period of time
her email system was unencrypted. She transmitted data over wireless
networks in those countries, networks almost certainly already monitored 24/7
by intelligence and security officials. To say her email was not collected is
to say the Russian, Chinese, Israeli and other intelligence services are
complete amateurs.
They are not complete amateurs.
A System Wide Open to Monitoring
While FBI director James Comey said his investigators had no “direct
evidence” that Hillary Clinton’s email account had been “successfully hacked,”
both private experts and federal investigators, according to the New York Times,
“immediately understood his meaning: It very likely had been breached, but the
intruders were far too skilled to leave evidence of their work.”
Comey described a set of email practices that left Clinton’s systems
wide open to monitoring. She had no full-time cyber security professional
monitoring her system. She took her BlackBerry everywhere she went, “sending
and receiving work-related emails in the territory of sophisticated
adversaries.” Her use of “a personal email domain was both known by a large
number of people and readily apparent… Hostile actors gained access to the
private commercial email accounts of people with whom Secretary Clinton was in
regular contact.”
The FBI director was generous in his assessment. See, no hacking was
really necessary.
But No Hacking was Really Needed
Online security company Venafi TrustNet has the world’s largest
database of digital certificates and associated metadata, allowing it to go
back in time and identify how digital certificates were used in the past, a
kind of forensics capability for IT security. Here’s what they found on the
clintonemail.com server, and it is not good.
Using non-intrusive Internet scanning tests routinely performed
throughout by IT security teams (meaning foreign intelligence agencies have
them too), Venafi learned the Clinton server was enabled for logging in via web
browser, smartphone, Blackberry, and tablet. That automatically makes it vulnerable
to interception, as the information Clinton was sending and receiving abroad
was traveling via other nations’ web infrastructure and open-air cellular
networks.
Clinton’s email log-in page was also on the web, meaning anyone who
stumbled on it could try and log in, or employ the standard array of password
hacking and brute force attacks against it, much like they did
with your Gmail account that was hacked.
The Clinton email setup also was initially running a standalone
Microsoft Windows Server, which is very vulnerable to attack, with at least 800
known trojans/spyware in existence that can steal keys and certificates. If the
credentials on the server were compromised in those first three months, then
the next years of encryption might have meant nothing.
How could someone have gained access to the credentials? Clinton’s most
recent digital security certificate was issued by GoDaddy. Her domain’s landing page was at one time
hosted by Confluence Networks, a web firm in the British Virgin Islands.
No Smoking Gun?
If anyone had picked up Clinton’s emails from the airwaves or in transit
over the Internet (as we know, via Snowden, the NSA does), while they were
encrypted, or had acquired the encrypted versions and used the resources of a
state security apparatus to decrypt them, there would of course be no forensic
evidence to find. Persons working at NSA-like levels actually breaking into
systems expend significant energies hiding their intrusions, and such high
level “hacks” have been known to stay hidden for years.
Sure, if the standard is a “smoking gun,” there is none. But such proof
is rarely available in the world of global espionage, and decisions and
conclusions are made accordingly on a daily basis.
Clinton’s email was extremely vulnerable, and her decision to run it off
a private server put at significant risk the security of the United States.
This is not a partisan attack or a conspiracy; it is technology.
Related Articles:
·
Voters: 50 Percent Say Clinton
Should Keep Running Even If Indicted
/https://www.niagarafallsreview.ca/content/dam/thestar/news/canada/2021/09/25/huawei-executive-meng-wanzhou-receives-warm-welcome-upon-return-to-china/_1_meng_wanzhou_2.jpg)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.