Hillary's Emails: Justice Needs to Be Served


The Fight Against Double Standards: Hillary Clinton

Recently disclosed emails show Hillary Clinton had classified information stored and communicated through an unsecure computer system. According to documentation released by the poorly run FBI investigation into Hillary's emails, the Clinton server, stored in a basement room at her Chappaqua home, was a sitting duck for even average hackers.

First, Hillary and her staff signed onto the system, then loaded it with classified information using open, unsecure communications. Then the administrative staff used an access system known to be flawed. The primary doorway into Hillary's classified emails was the server and the administration software installed on it. The Clinton server was a typical commercial set up but falls far short for the intended purpose of retaining classified information, making it illegal.

The Tip of the Titanic Sinking Iceberg

The server itself was linked with up to 30 email accounts, some dedicated for the Secretary of State to use, others handling ex-President Bill Clinton and his staff. Followed by a final section reserved for the Clinton Foundation. The entire system was linked to the Internet via Comcast, itself a vendor known to monitor transmissions. The main security feature installed on the server was a single copy of Norton Anti-Virus software.

The Clinton server was equipped with Microsoft RDP or Remote Desktop Protocol. The RDP program was used by Hillary's technical staff of two technicians, Bryan Pagliano and Justin Cooper, to remotely log into the server and perform maintenance. However, RDP is a poor choice for administrative remote access because it is unsecure, a fact noted even by the RDP vendor Microsoft. Since 2002 there have been at least 20 Microsoft security updates specifically related to RDP and at least 24 other separate specific instances where known RDP security flaws were documented as critical. The Hillary version of RDP was considered so bad that it had previously been broken by high school students who guessed login IDs and passwords.

Water, Water Everywhere!

One way the Clinton security could have been improved would be to install TLS (Transport Layer Security) on the server. Basically, TLS would have encrypted any logons and communications from either the technical staff or by Clinton herself. However, according to the FBI documentation, the Clinton tech leader, Bryan Pagliano, elected not to install TLS on the system. Another way to provide some security to Hillary while she was using the email itself was to provide an encrypted email. Yet, again the technical staff determined that this was too hard to do and elected not to encrypt her emails.

According to the FBI report, there was evidence that someone or something tried multiple times to gain access to Hillary's server. Since the FBI was never given access to the server, they had to rely on the logs gathered by Hillary's tech leader Bryan Pagliano. The logs showed many scanning attempts but "only one appears to have resulted in a successful compromise of an email account on the server."

When It Rains, It Pours

There is more evidence that Hillary's server was compromised. According to the FBI investigators, "Pagliano recalled finding 'a virus' but could provide no details other than it was of no great concern." Another FBI investigator wrote, "On January 9, 2011, Cooper sent Abedin an email stating that someone was attempting to 'hack' the server, prompting him to shut it down. Cooper sent Abedin another email later the same day stating he had to reboot the server again."

The Pagliano and Cooper responses to a virus attack and later a "hack” was amateur at best and ineffective. The reaction by Hillary's tech staff was totally inadequate, doing little to stop, identify or even determine if the server was compromised. It is clear that any data or logs from this point on could easily have been altered by a hacker and all of the data on the system should have been considered breached. Instead, they simply rebooted the server, which would do little if anything to stop a hacker who had already penetrated the computer. In fact, the reboot may have served the hacker well since it could embed the injected malware into the operating system and hide itself from discovery.

To support this conclusion of compromise, it appears that someone logged into the Hillary server and used the TOR system of anonymous internet access to do work. This login could have been internal, such as an employee on the system, or external, such as a Remote Access Trojan exploit malware designed to siphon data from Hillary's server to an untraceable location on the Internet. According to the FBI report, "FBI investigator to date was unable to identify the actor(s) responsible for this login, or how [withheld name] login credentials were compromised."

Further Security Risks

The server was equipped with special software to communicate with Hillary's preferred method of working with emails; a Blackberry phone. This significant security risk was never addressed, and the FBI was unable to examine any of Hillary's Blackberry systems because they were either destroyed or never turned over.

Worse still, Hillary had a bad habit of losing her Blackberry phones; "Abedin and Hanley indicated the whereabouts of Clinton's phone would frequently become unknown once she transitioned to a new device." This problem compounded security and led Hillary to use multiple phones, depending on her whim and whether she could find her favorites. According to the FBI report, "it was not uncommon for Clinton to use a new Blackberry for a few days and then immediately switch it out for an older version with which she was more familiar."

The problem for Hillary and her Blackberry phones was also compounded by the supply of older models which she could use. This supply problem was so severe that at one point her staff obtained the older model Blackberry phones by purchasing them from "eBay." It is almost comical that the security of the U.S. depended on used phones which were not secured in any way, and were purchased second hand from third-party vendors on eBay.

Here We Go Round the Blackberry Bush

The game of musical Blackberries also made it a problem for her staff to deal with dead or damaged phones. The FBI report noted, "Cooper did recall two instances where he destroyed Clinton's old mobile devices by breaking them in half or hitting them with a hammer." The proper method of destroying devices that contain classified materials is not to break them in half or hit them with a hammer. It is clear that the staff means of device destruction left plenty for any enterprising thief, spy or hacker to re-assemble all the data on the Blackberry using no more than $300 in electronic parts and some software.

So, could Russian intelligence have penetrated Hillary's Blackberry phones? The answer, unfortunately, is yes. During a trip to Russia, Hillary sent and received open email with President Obama using his classified email address. She apparently did this while touring the Russian city of St. Petersburg. According to the report, Hillary's assistant excused this severe breach of security when she noted "security protocols in St. Petersburg were not necessarily the same as they were in Moscow, where they were not allowed to use their Blackberrys."

From this single event, because of the poorly secured server and the poorly secured Blackberry, a Russian FSB intercept officer could have obtained her login ID, password and the email address of the President. The FSB agent, equipped with the login information, could now mask himself as the Secretary of State and log into her email anytime to view, send, download, delete or alter data.

Abedin Used Personal Email Account

There is another failure point in Hillary's email server that was compromised. Hillary’s top assistant, Huma Abedin, would use her personal Yahoo account to print classified emails. Huma would forward Hillary's emails to her Yahoo email account because her state.gov account would not allow her to print them. Huma usually forwarded only the most important emails since Hillary had a hard time reading email on her Blackberry phone. Abedin also used the email account she shared with her husband, Anthony Weiner, to forward and print classified emails. It is well known that virtually all of Yahoo's email accounts were hacked by a "nation-state." This hack would have been accompanied by an immediate "Facebook" like data mining scan that certainly would have identified and plucked Hillary's classified emails from Abedin's account.

Finally, there is evidence that the Clinton server was compromised by an internal source. Justin Cooper, one of the two technicians who worked on Hillary's server, was accused of planting spyware on the computer and hacking the Blackberries of Clinton staff members. In an email sent to John Podesta, Chelsea Clinton accuses Cooper of using hacking tools against the Clinton Foundation staff. "Ilya physically saw/caught Justin a couple of days ago reading his bberry and loading the same spyware onto his computer that he loaded onto Bari's computer," wrote Chelsea. Chelsea also noted that Justin read more than just staff emails.

"Oscar told my father (former President Bill Clinton) he knows that Justin reads his emails." This disturbing information, combined with the fact that the Foundation email and Hillary's classified emails were on the same server, should have brought a complete and total investigation by the FBI. Instead, events show that the FBI gave Mrs. Clinton and her staff a free pass. The FBI botched their work on Hillary's server and email. They elected to give all the key players immunity and never obtained critical evidence in the form of hardware, taking the "word" of those involved as fact.

There were a number of ways that Hillary compromised national security with her email system. What has been documented here is only a few of her major security breaches. From the beginning when she elected to set up a private system to the end of the FBI investigation, the entire affair was crippling to her campaign and even more crippling, perhaps, to America. Hillary could not have done more damage if she had been directly working for Putin because, even if it was unknowingly, she was.

Charles R. Smith / Guest Contributor

I am the author of “Deception.” My reports have been covered by Security Affairs, Insight magazine, USAF, “The Connection” Information Protection journal, E-SOURCES Online, U.S. Naval Institute Proceedings Magazine, NewsMax.com and other outlets.

2 comments:

  1. LOL love the email joke artwork! Good article. Spelled out chronologically helpful in painting the picture. Good job!

    ReplyDelete
  2. Excellent article! The audacity & stupidity of these folks is exceeded only by their lack of morals.

    ReplyDelete