Tipsheet

AP Confirms: Hillary's Private Server Was Extremely Vulnerable to Hacking


In his interview with 60 Minutes on Sunday, President Obama tossed Hillary Clinton a partial lifeline on her email scandal, averring that while the controversy is a "legitimate" issue, it hasn't posed a "national security problem." He aired this personal conclusion amid an ongoing FBI investigation seeking a formal determination on precisely that question -- and despite ample evidence that Mrs. Clinton's improper scheme compromised highly sensitive government secrets. As of this writing, we know that hundreds of the emails that passed through her unsecure server contained classified materials, including secret and top secret information. Speculation mounted early on that Clinton's "homebrew" server was irresistibly vulnerable to foreign hacks, with subsequent evidence lending credence to these concerns. Which brings us to these new revelations from the Associated Press, published the day of the first Democratic presidential debate:

The private email server running in Hillary Rodham Clinton's home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers, according to data and documents reviewed by The Associated Press. Clinton's server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn't intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders. Records show that Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet. One contained similar remote-control software that also has suffered from security vulnerabilities, known as Virtual Network Computing, and the other appeared to be configured to run websites. The new details provide the first clues about how Clinton's computer, running Microsoft's server software, was set up and protected when she used it exclusively over four years as secretary of state for all work messages. Clinton's privately paid technology adviser, Bryan Pagliano, has declined to answer questions about his work from congressional investigators, citing the U.S. Constitution's Fifth Amendment protection against self-incrimination.

Oh, right.  The man who set up and ran Clinton's server has refused to testify, fearing the legal implications of doing so.  And then there's this tidbit about the worrisome activities of a Serbia-based hacker:


It's hard to overstate how reckless and irresponsible Clinton's email arrangement was, so let's leave the opining to the experts:

Remote-access software allows users to control another computer from afar. The programs are usually operated through an encrypted connection — called a virtual private network, or VPN. But Clinton's system appeared to accept commands directly from the Internet without such protections. "That's total amateur hour," said Marc Maiffret, who has founded two cyber security companies. He said permitting remote-access connections directly over the Internet would be the result of someone choosing convenience over security or failing to understand the risks. "Real enterprise-class security, with teams dedicated to these things, would not do this," he said...The findings suggest Clinton's server "violates the most basic network-perimeter security tenets: Don't expose insecure services to the Internet," said Justin Harvey, the chief security officer for Fidelis Cybersecurity...Mikko Hypponen, the chief research officer at F-Secure, a top global computer security firm, said it was unclear how Clinton's server was configured, but an out-of-the-box installation of remote desktop would have been vulnerable. Those risks — such as giving hackers a chance to run malicious software on her machine — were "clearly serious" and could have allowed snoops to deploy so-called "back doors."

Three IT security mavens, unanimous in their astonishment.  Back to Obama's assertion that Hillary's transparency-evading server machinations didn't damage American interests: Some of the latest emails revealed by the Benghazi select committee -- which first uncovered Clinton's use of a private server for all public business -- reveal that unsecure emails (at both ends) between the former Secretary of State and Clinton Foundation employee Sidney Blumenthal contained classified data, including the name of a CIA asset in Libya.  A former CIA official appeared on MSNBC yesterday and slammed Clinton's handling of this exceptionally sensitive secret as potentially "lethal."  Clinton received the information in an unsecure server from an off-the-books advisor lacking top security clearances, then forwarded it along to another colleague from her own unsecure server:


“That’s the holiest of holies inside the CIA—the true identity of a secret source. Even inside CIA, in internal emails, in cables, you never mention or talk about the true name of a source. You use a pseudonym. So I mean, honestly, it’s quite stunning...It could be literally lethal....Who has access to that? Who is trying to hack into it? If this was a foreign-based source living in Libya, let’s say, if you get outed as the CIA source over there, you’re a dead man. So it couldn’t be more serious.

Mrs. Clinton's justifications of her conduct have repeatedly shifted as her many lies have been systematically debunked by emerging evidence.  She seems to have settled on two primary arguments: That her actions were permitted (they were not, according to government officials and a Bill Clinton-appointed federal judge), and that she just doesn't understand the Internet very well.  Even if the latter argument were true, (a) wouldn't the wisest path for a self-professed technological ignoramus be to carefully adhere to established protocols, rather than going through the inconvenience of establishing a risky alternative system?  And (b) don't Americans deserve a president with at least an elementary grasp of how the world works in the 21st century?