If you were Vladimir Putin, or President Xi of China, what would you do if you had the entire archive of Hillary Clinton’s emails, classified and unclassified, “deleted” and not, in your hands? What value to you would that be in your next round of negotiations with the president of the United States?
Unencrypted Email
Hillary Clinton traveled to 19 foreign locations during her first three months in office, including China, South Korea, Egypt, Israel, Palestine, and a meeting in Switzerland with her Russian counterpart. During that period of time her email system was unencrypted. She transmitted data over wireless networks in those countries, networks almost certainly already monitored 24/7 by intelligence and security officials. To say her email was not collected is to say the Russian, Chinese, Israeli and other intelligence services are complete amateurs.
They are not complete amateurs.
A System Wide Open to Monitoring
While FBI director James Comey said his investigators had no “direct evidence” that Hillary Clinton’s email account had been “successfully hacked,” both private experts and federal investigators, according to the New York Times, “immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”
Comey described a set of email practices that left Clinton’s systems wide open to monitoring. She had no full-time cyber security professional monitoring her system. She took her BlackBerry everywhere she went, “sending and receiving work-related emails in the territory of sophisticated adversaries.” Her use of “a personal email domain was both known by a large number of people and readily apparent… Hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact.”
The FBI director was generous in his assessment. See, no hacking was really necessary.
But No Hacking was Really Needed
Online security company Venafi TrustNet has the world’s largest database of digital certificates and associated metadata, allowing it to go back in time and identify how digital certificates were used in the past, a kind of forensics capability for IT security. Here’s what they found on the clintonemail.com server, and it is not good.
Using non-intrusive Internet scanning tests routinely performed throughout by IT security teams (meaning foreign intelligence agencies have them too), Venafi learned the Clinton server was enabled for logging in via web browser, smartphone, Blackberry, and tablet. That automatically makes it vulnerable to interception, as the information Clinton was sending and receiving abroad was traveling via other nations’ web infrastructure and open-air cellular networks.
Clinton’s email log-in page was also on the web, meaning anyone who stumbled on it could try and log in, or employ the standard array of password hacking and brute force attacks against it, much like they did with your Gmail account that was hacked.
The Clinton email setup also was initially running a standalone Microsoft Windows Server, which is very vulnerable to attack, with at least 800 known trojans/spyware in existence that can steal keys and certificates. If the credentials on the server were compromised in those first three months, then the next years of encryption might have meant nothing.
How could someone have gained access to the credentials? Clinton’s most recent digital security certificate was issued by GoDaddy. Her domain’s landing page was at one time hosted by Confluence Networks, a web firm in the British Virgin Islands.
No Smoking Gun?
If anyone had picked up Clinton’s emails from the airwaves or in transit over the Internet (as we know, via Snowden, the NSA does), while they were encrypted, or had acquired the encrypted versions and used the resources of a state security apparatus to decrypt them, there would of course be no forensic evidence to find. Persons working at NSA-like levels actually breaking into systems expend significant energies hiding their intrusions, and such high level “hacks” have been known to stay hidden for years.
Sure, if the standard is a “smoking gun,” there is none. But such proof is rarely available in the world of global espionage, and decisions and conclusions are made accordingly on a daily basis.
Clinton’s email was extremely vulnerable, and her decision to run it off a private server put at significant risk the security of the United States. This is not a partisan attack or a conspiracy; it is technology.
Peter Van Buren blew the whistle on State Department waste and mismanagement during Iraqi reconstruction in his first book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People. His latest book is Ghosts of Tom Joad: A Story of the #99 Percent. Reprinted from the his blog with permission.
Well said. While Mr. Comey noted the FBI/DOJ investigative teams ‘had no evidence’ that Hillary’s multiple email servers/storage units were ‘hacked,’ he was not speaking for this Republic’s INTELLIGENCE COMMUNITY…a Community that is the best in the world as cyber-tech/intelligence gathering. And, to my amazement, no media I’ve read has mentioned anything about whether the INTELL folks know the particulars on ‘hacks’ of Hillary’s mess. Why is that? Did 22-TOP SECRET-SPECIAL ACCESS PROGRAMS vanish just like Hillary’s email? The IGs for State and INTELL did not file a frivolous civil complaint nor one cut from whole cloth nor a partisan complaint to torment Hillary and her lieutenants…so, what happened to the 22-SAP? Does everyone whose fingerprints are on the 22-SAP escape any consequences for their deeds?
I am grateful Hillary didn’t have a copy of OPERATION OVERLORD sitting on her desk at Chappaqua so she could have the ‘convenience’ of reading the PLAN at home away from the office!
I hear you, but with respect, I think the real issue is not that Hillary didn’t use proper security in her email, but that she (almost certainly) used her office as Secretary of State to enrich herself. She used her private email simply to avoid State Department oversight, and then deleted the emails to avoid incriminating herself.
There is a long-standing legal principle called ‘spoilation of evidence’ wherein a party that destroys evidence is presumed to have done so because the evidence would have harmed them. Those deleted emails were not about yoga. They were about her selling out the national interest for cash and political favors.
As far as revealing important ‘secrets’, the Russians and Chinese know what we’re doing. The United States government only keeps secrets from it’s own people. Example: TPP and Obamatrade were broadly available to many nations and many multinational corporations, they were only kept secret from the US public. Even now, the companion treaties for TPP are under lock and key and not even members of congress can read them. The Chinese government and Chinese corporations, however, can.
As far as foreign governments being able to blackmail Hillary, that is the wishful thinking of someone still living in 1970. Look at the obvious documented corruption of the Clintons, and how they continue to get away with it. There is NOTHING the Russians or Chinese could release that would harm a president Hillary Clinton. They’ll just ignore it and soar above it, as they always have.
Kissinger still has his status as a U.S. protected war criminal and still makes money off it. Doesn’t excuse anybody else though. They’re varmints. The whole lot of them. In an Advanced and Enlightened society it would be legal to hunt them.
I enjoyed your book and this post. Thanks!
The emails are about the most minor infraction The Coalition have faced (The Koalition of the Killing- Bush was a pubic err Public “servant” when his handlers coined the original, no copyright applies. We paid for it.) It didn’t start nor stop with his bumbling attempts at dictatorship. Ollie North with his gunrunning in Lebanon killed 300 REAL marines (three words, Ollie, Semper Fi Punk) in two coordinated bombings by a group he and many others funded. And armed. The emails was another wake up call, Ike spoke of the Cross of Steel and the Military Industrial Complex 6 decades ago. Americans woke up enough to hate the MIC but still re-elected Ike and every president thereafter except Ford and Carter, even though every one of them swore to not feed the MIC and did it anyway.
And then there’s the idea that They Used Windows. as a standalone. My God have they not even heard of Kali? Linux in any form? MacOS?
…although it would make good bait.A decoy on an easy target computer and then have people around who are scanning for the scanners. Put in some emails that are almost totally bogus and redirect the real stuff to microSD cards. Not quite as easy as it seems, but the biggest part is to have cast iron balls.