Security experts are dissecting the speech from yesterday by FBI Director James Comey, and pretty much everyone agrees Hillary Clinton’s personal email server was likely hacked. That is, everyone but Clinton herself:
Mr. Comey described, in fairly blistering terms, a set of email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others. She had no full-time cybersecurity professional monitoring her system. She took her BlackBerry everywhere she went, “sending and receiving work-related emails in the territory of sophisticated adversaries.” Her use of “a personal email domain was both known by a large number of people and readily apparent.”
In the end, the risks created by Mrs. Clinton’s insistence on keeping her communications on a private server may prove to be a larger issue than the relatively small amount of classified data investigators said they found on her system. But the central mystery — who got into the system, if anyone — may never be resolved.
“Reading between the lines and following Comey’s logic, it does sound as if the F.B.I. believes a compromise of Clinton’s email is more likely than not,” said Adam Segal, the author of “Hacked World Order,” who studies cyberissues at the Council on Foreign Relations. “Sophisticated attackers would have known of the existence of the account, would have targeted it and would not have been seen.”
It does not take a rocket scientist to come to the same conclusion. Especially in recent years, it is a given. The US DoD even went so far as to develop a cyber security strategy around the idea that the agency must operate under the assumption of compromise.
I found the following passage the most interesting part of the article:
Mrs. Clinton’s best defense, and one she cannot utter in public, is that whatever the risks of keeping her own email server, that server was certainly no more vulnerable than the State Department’s. Had she held an unclassified account in the State Department’s official system, as the rules required, she certainly would have been hacked.
Russian intruders were thoroughly inside that system for years — since at least 2007 — before the State Department shut its system down several times to perform a digital exorcism in late 2014, nearly two years after Mrs. Clinton left office.
Either out of embarrassment or to protect its sources of intelligence, the Obama administration has never publicly blamed Russia for stealing data from the unclassified systems at the State Department and the White House, just as it has never publicly identified China as the culprit in the theft of security-clearance information on nearly 22 million Americans stored by the Office of Personnel Management.
Mrs. Clinton’s campaign has insisted that the server did have some cyber protection software, but they have not said what kind.
I find it interesting The New York Times purports the State Department unclassified email was breached by Russian attackers between 2007 through 2014. While I know about some of the compromises, this makes it appear as if DoS is utterly incompetent.
Lastly, sure Clinton’s personal email server had cyber protection. Likely it was some anti-virus software and probably not much else, if anything at all. There most certainly was no standard suite of email security software, such as an email gateway, firewall, sandboxing for file attachments, and other similar technology.
Clinton did not care. All she wanted was email on her Blackberry, at all costs.
The question is this: will it cost her the Presidency?