Tipsheet

Good News: Hillary's Personal Blackberry Was Probably 'Less Secure' As Well

Yesterday, Guy reported on the recent development regarding Hillary's email system. Shocker; it really wasn’t that secure after all. It was vulnerable to “spoofing,” where hackers imitate her in messages to her various contacts:

Not only did Hillary's overwhelming impulse for secrecy and contempt for accountability put her own emails at risk -- bad enough, given her role as the country's top diplomat -- it also endangered the integrity of her contacts' communications. This is unforgivable. Myopia, paranoia, arrogance and reckless incompetence, all rolled into one set of astounding revelations. By the way, just a few days ago, the State Department shut down large parts of its email system due to malware placed by Russian hackers who somehow burrowed into the network. Do we know for a fact that Hillary's insanely insecure email scheme compromised State's broader system? No. Is it a distinct possibility, given everything we know? Absolutely. How many State Department, White House, and foreign officials' sensitive emails were put at risk, or penetrated? That may forever remain an open question, especially if Hillary maintains her obstinate refusal to turn over the server.

Now, it’s being reported that Clinton’s Blackberry, which wasn’t State Department-issued, was probably less secure as well (via Politico):

The personal BlackBerry that Hillary Clinton used as secretary of state was likely much less secure than the State Department-issued devices used by her staff and subordinates, according to knowledgeable former officials and executives.

And the security risks were magnified because Clinton used her personal BlackBerry on travel in foreign countries where State Department employees are routinely cautioned about the use of mobile devices.

The risk of targeted theft of an official’s data is greatest in nations with telecoms that are owned or largely controlled by the government, said Martin Libicki, a cybersecurity expert and senior scientist at the Rand Corporation. That’s because state-aligned hackers could pull any unencrypted data, such as the metadata connected with a phone call, straight off the cell towers.

The security of BlackBerry systems, for instance, is dependent on roughly 600 “IT policies” — essentially security measures that can be switched on or off, according to a person with detailed knowledge about BlackBerry’s federal operations. The more switches that are turned on, the more secure the device or network of devices will be. Individuals generally turn on far fewer of those security measures and take more security shortcuts than would IT professionals charged with keeping State Department information out of the hands of foreign hackers, the source said.

The most important component for BlackBerry security is the BlackBerry Enterprise Server, a piece of “middleware” that encrypts email and securely connects other applications with the BlackBerry handset, making it significantly more secure than the basic BlackBerry an average consumer might buy.

A spokesman for Clinton declined several times to say whether the former secretary employed such an enterprise server during her tenure. In the past, her office has said making details of her email security public would aid hackers. “Robust protections were put in place,” according to a statement earlier this month, and “third party experts” were consulted and employed.

But, have no fear; the spokesperson also said, ““the State Department took technical security for the entire traveling party very seriously” when Clinton traveled overseas as Secretary of State. Politico found no evidence that Clinton used her Blackberry when she visited China or Russia, where the threat of hacking was high.

Regardless, it’s just another detail that chips away at Clinton’s narrative laid before us at the UN that her use of her personal email was 100 percent secure, and that there’s nothing to worry about. Evidently, that’s not the case. We should consider ourselves lucky–for the time being–that we didn’t have a disastrous breach of security given Madame Secretary’s communications set up. She may have set up a technological Fort Knox to avoid FOIA requests with that private email server, but she left the door open to other potential threats.

Hillary is going to have to answer for all of these concerns that have been presented in the weeks following the revelation that she used a private email address the entire time she was Secretary of State. But, those issues can’t bother her today; she had to speak about camping, life skills, and the fun deficit.