Clinton Email Problem

RacerDeac · Mar 13, 2015

WakeandBake said:
Wait a second, I don't know that. How so? Im playing devil's advocate here, but I don't agree that a private entity can't secure an email server as well if not better than the federal government can. You sound like you are in the biz, you should know that. Securing/monitoring an email server is not rocket science or just the purview of government. I would argue that private parties can and do secure email just as well as the military, if not better. Again, just playing devil's advocate. There is a lot of fear mongering going on here.

1) Most simply, if it had been heavily secured, there would be records of that and they would have been handed over as soon as this scandal struck. Why would Hillary keep evidence of her excellent email security to herself?

2) Lots of small things point in the general direction of lax security: publicly available OWA login, which is a security risk itself...even worse, before it was recently taken offline, it was a pretty outdated version; old hardware system setup from when Bill retired; use of IIS v7.5 with known vulnerabilities since 2010; other things I've read but don't remember off hand. None of them point to a server that was actively monitored and updated. Hell, for the first three months she didn't even have a security certificate. Her domain was from Network Solutions, which was hacked and had lots of domains re-pointed to a Ukranian IP back in 2010...much easier to hack and spoof than a .GOV domain.

3) Let's be honest, the infrastructure around the State Department email system, despite being the federal government, is still some of the best that exists. It is supported by NSA Einstein Project. They should have the ability to monitor and catch intrusions better than most anyone else in the world. They certainly have the infrastructure and data storage needed. It's unlikely that any Private business, much less a personal setup, could provide that level of monitoring and security this side of a Google or Apple. You can play Devil's Advocate, but there's simply no way that Hillary could have better secured her server than the State Department could have. Her ONLY advantage, and it's a small one, is obscurity...but we know from Guccifer that her email address was known to hackers before it was known to the public. Once her domain was known, she's at a huge disadvantage.

RacerDeac · Mar 13, 2015

WakeandBake said:
ok so it was examined then?

You're in the business right? That's something you could figure out from your desk right now armed with nothing more than her domain and an internet connection. No need to examine the server physically.

And no, Hillary has not turned the server over.

RacerDeac · Mar 13, 2015

WakeandBake said:
The number 1 vulnerability for ALL computer systems is not hardware or software. Its people.

Which makes it even worse that the server was located in a house where Bill Clinton lived. You think he wouldn't bring home a cute little spy while Hillary's away on business? I just read an article about a new book coming out suggesting he had at least one girl that the SS let through the gate while Hill was traveling the world.

WakeandBake · Mar 13, 2015

Thanks for answering my questions. As I said, I have only followed what is on this thread. You have made great points

WakeandBake · Mar 13, 2015

and she sent NO official SoS email from her SoS acccount? did I read that right? NONE?

EDIT - you had me on OWA availability.

PhDeac · Mar 13, 2015

Racer is way overplaying his partisan hand with this doomsday crap.

Hillary was a bad actor, no doubt, but this kind of overreach OMG BENGHAZI!!!!!1 panic will sway public favor away from Pubs.

WakeandBake · Mar 13, 2015

If the vulnerabilities he posted are accurate then he has made a good point from a tech perspective.

If she sent sensitive info that could endanger our troops or innocent people from a shoddy system then fuck her. If she just sent emails to discuss her scandals with her aides and how they planned on handling the press or the Republicans then its not as big of a deal.

ONW · Mar 13, 2015

Wouldn't our government's servers detect the security of her incoming messages as well as other governments recognizing incoming and outgoing messages to this server as suspicious?

ONW · Mar 13, 2015

WakeandBake said:
and she sent NO official SoS email from her SoS acccount? did I read that right? NONE?

EDIT - you had me on OWA availability.

Nerds.

Sgt Hulka · Mar 13, 2015

WakeandBake said:
ok so it was examined then?

No, the article said that it was found out by a white hat hacker. It also pointed out that she was using an outdated version of OWA (??), They located the server at Broadway and Chambers streets in Lower manhattan, Analysed it with "Maltego" (???),
The "TLA is invalid" (??), and clintonemail.com has been running an older model of Microsoft Internet Information Services, or IIS – specifically version 7.5 (???).

I don't know what any of this means in reality, but perhaps you do and it is all hogwash.

WakeandBake · Mar 13, 2015

ONW said:
Wouldn't our government's servers detect the security of her incoming messages as well as other governments recognizing incoming and outgoing messages to this server as suspicious?

I don't know how these messages were handled. Racer seems to know.

In my experience with secure email for HIPAA, there are appliances that essentially intercept the message you want to secure and hold it there. Then it sends the intended recipient a new message with a hyperlink embedded in it. The recipient receives this "dataless" message and clicks the embedded hyperlink - is prompted for credentials, and then upon passing security will read an HTML rendering of the message straight from the secureMail appliance. The data never resides on the recipient's server (provided they don't download an attachment, and those are usually maintained on the appliance as well).

EDIT - I doubt from reading the other accounts that she had secure messaging set up cause it looks like she was running like the pic I posted. Dumbass.

vadimivich · Mar 13, 2015

I'm on the other side of the aisle from Racer, but this is a BIG FUCKING DEAL.

The second most valuable intelligence target in the entire country to foreign actors decided it was OK to conduct affairs of state from a private, totally insecure (against advanced foreign state intelligence groups) environment. That's absolute fucking unbelievable.

It shows that that she is willing to cavalierly put national interests at extreme risk to avoid internal accountability. That alone is a massive character flaw for someone who wants to be President.

WakeandBake · Mar 13, 2015

Sgt Hulka said:
No, the article said that it was found out by a white hat hacker. It also pointed out that she was using an outdated version of OWA (??), They located the server at Broadway and Chambers streets in Lower manhattan, Analysed it with "Maltego" (???),
The "TLA is invalid" (??), and clintonemail.com has been running an older model of Microsoft Internet Information Services, or IIS – specifically version 7.5 (???).

I don't know what any of this means in reality, but perhaps you do and it is all hogwash.

Well, OWA is a known security problem You may have used it for your job (Outlook Web Access). It allows you to view your exchange mailbox with any browser on any PC without a mail client. So fuck that.

Ive never heard invalid TLA, but it sounds like an expired certificate. Shoddy but not necessarily a breach. Just means that the security authority hasn't issued an updated cert.

Running on outdated IIS can be problematic because of outdated security patches, etc.

Sounds like a shitty system that wasn't well maintained as Racer pointed out, if these reports are true.

WakeandBake · Mar 13, 2015

vadimivich said:
I'm on the other side of the aisle from Racer, but this is a BIG FUCKING DEAL.

The second most valuable intelligence target in the entire country to foreign actors decided it was OK to conduct affairs of state from a private, totally insecure (against advanced foreign state intelligence groups) environment. That's absolute fucking unbelievable.

It shows that that she is willing to cavalierly put national interests at extreme risk to avoid internal accountability. That alone is a massive character flaw for someone who wants to be President.

I can agree with this mostly, but I don't know what matters of SoS business were handled on her server, and which ones were on the official server.

DCDeac · Mar 13, 2015

There were official documents and policies pre-2010 that recognized the fact that simple security features such as public encryption and digital signatures were not available on government systems and detailed how employees were to use other email systems if they required those capabilities. The public evidence of this is that prior to 2010 you wouldn't see any mobile email device outside of a blackberry that was dedicated only to government email being used by the vast majority of officials. Those that didn't use them, had multiple accounts on their own devices at that time, or used a dedicated phone other than a blackberry were using their own solution.

There were few requirements on email until 2010 mainly because all the executive-level folks at various agencies had their own way of doing business. The vast majority used a government email for some things and personal email for others - but did not split them between personal/business and it was not required to do so. All that was required was the basics of record keeping and data protection which is entrusted to all government employees.

For a year we were encouraged to use encrypted Gmail with two-factor authentication, and had to print out our emails and store them. Even the DHS email system wasn't completed in 2008 - they were on Exchange 2003, without a comprehensive solution for encrypting or retaining all email. Don't make me laugh regarding US-CERT (or "Einstein" if you prefer) - that was nowhere 7 years ago, and when they realized exactly how many agencies and groups and individuals were using their own solutions the had to form an entire new program just to reduce the number of places US-CERT had to exist. A year after it was mandated it was in less than 1% of where it was supposed to be.

Maybe it's because I've seen that effort from the ground level that this doesn't move the needle for me - not if Hillary did it, not if Bush did it. What would matter is if records were destroyed intentionally. Emails from 7+ years ago being deleted through negligence... Meh. I mean, good luck finding anyone in government who can produce all their emails from 2007 if they weren't maintaining them privately. Everyone just thinks they're on a server somewhere or in a tape in some magic bunker or something - they're more than likely not.

FuckmouthedRube · Mar 13, 2015

Wrangor said:
Was looking up Hillary Clinton's age last night during a political discussion over drinks last night and this article popped up. Thought it was an interesting look into Dowdy. Kind of a side topic to the main show, but figured someone might find it interesting.

http://www.politico.com/magazine/story/2015/03/trey-gowdy-hillary-clinton-116040.html

At first I thought Hillary email story was leaked by a Dem with State Dept ties who didn't want to put with the Clintons again and leaked it now to encourage some Dems to challenge Hillary. If the above article is remotely accurate, it could have been leaked by one of Gowdy's crew who realized they'd been played by Hillary and a bunch of emails were missing.

Pretty interesting that Gowdy is portrayed as an impartial judge. Issa fell out of favor because he was an incompetant hack. Tea Party's gonna be pissed if Gowdy doesn't deliver Hillary's head on a platter, hence multiple committees wanting to question Hillary. Did crack me up that two South Carolina House 'Pubs freely admit they're part of 435 morons.

WakeandBake · Mar 13, 2015

wow, that' s interesting. Goes to my point, the private sector is way ahead on these matters.
Agreed, if she deleted some important shit thats fucked up

Sgt Hulka · Mar 13, 2015

FuckmouthedRube said:
At first I thought Hillary email story was leaked by a Dem with State Dept ties who didn't want to put with the Clintons again and leaked it now to encourage some Dems to challenge Hillary. If the above article is remotely accurate, it could have been leaked by one of Gowdy's crew who realized they'd been played by Hillary and a bunch of emails were missing.

Pretty interesting that Gowdy is portrayed as an impartial judge. Issa fell out of favor because he was an incompetant hack. Tea Party's gonna be pissed if Gowdy doesn't deliver Hillary's head on a platter, hence multiple committees wanting to question Hillary. Did crack me up that two South Carolina House 'Pubs freely admit they're part of 435 morons.

Again, missing the point. This is not a political issue as much as those on the right want it to be and as much as those on the left want to dismiss it. It certainly has political implications, but the immediate thing that needs to be determined is security aspects. I can not fathom that the SOS neither sent nor received an sensitive or classified info. And as the GeekWire article says,

These are the facts that we need to focus on from an information security point of view. Because if these facts are true, this can represent one of the most serious breaches in data handling that we’ve ever heard of.

This matters for three reasons.

The Secretary of State is a very “high value target” from the standpoint of nation-state threat actors. The President, Secretary of Defense and the head of the CIA would also qualify in this top tier. These individuals handle the most important, most sensitive, most dangerous and therefore most interesting information to foreign intelligence.
Nation-state threat actors represent the top of the food chain in terms of adversaries in information security. Nation-states can bring the most talent and resources to bear in this arena. For all the worry about cybercriminals and terrorists, everyone in information security looks at nation-state threat actors as the most advanced and sophisticated threat to defend against.
Take #1 and #2 together and you have a situation where the very high value targets are threatened by the most advanced and sophisticated offensive information security capabilities out there. Put another way, the best of the best are gunning for those people to get their information.
The third point is critical: if the best of the best are after your information, you need the best of your best protecting it. And there is simply no way that a “homebrew” server is EVER going to have the security and resources appropriate to defend it adequately.

jhmd2000 · Mar 13, 2015

Sgt Hulka said:
Again, missing the point. This is not a political issue as much as those on the right want it to be and as much as those on the left want to dismiss it. It certainly has political implications, but the immediate thing that needs to be determined is security aspects. I can not fathom that the SOS neither sent nor received an sensitive or classified info. And as the GeekWire article says,

These are the facts that we need to focus on from an information security point of view. Because if these facts are true, this can represent one of the most serious breaches in data handling that we’ve ever heard of.

This matters for three reasons.

The Secretary of State is a very “high value target” from the standpoint of nation-state threat actors. The President, Secretary of Defense and the head of the CIA would also qualify in this top tier. These individuals handle the most important, most sensitive, most dangerous and therefore most interesting information to foreign intelligence.
Nation-state threat actors represent the top of the food chain in terms of adversaries in information security. Nation-states can bring the most talent and resources to bear in this arena. For all the worry about cybercriminals and terrorists, everyone in information security looks at nation-state threat actors as the most advanced and sophisticated threat to defend against.
Take #1 and #2 together and you have a situation where the very high value targets are threatened by the most advanced and sophisticated offensive information security capabilities out there. Put another way, the best of the best are gunning for those people to get their information.
The third point is critical: if the best of the best are after your information, you need the best of your best protecting it. And there is simply no way that a “homebrew” server is EVER going to have the security and resources appropriate to defend it adequately.

Yeah but still. Dems good, Pubs bad (and prolly raciost). So there's always that.

TownieDeac · Mar 13, 2015

jhmd2000 said:
Dems good, Pubs bad

Clinton Email Problem

#iwasright #rjlies

#iwasright #rjlies

#iwasright #rjlies

Well-known member

Well-known member

PM a mod to cement your internet status forever

Well-known member

Well-known member

Well-known member

Board Big Toe

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Board Big Toe

Unacceptably correct

words are futile devices