AP Exclusive: Clinton Server's Software Had Hacking Risk
Source: AP / ABC News
The private email server running in Hillary Rodham Clinton's home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers, according to data and documents reviewed by The Associated Press.
Clinton's server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn't intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders.
Records show that Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet. One contained similar remote-control software that also has suffered from security vulnerabilities, known as Virtual Network Computing, and the other appeared to be configured to run websites.
The new details provide the first clues about how Clinton's computer, running Microsoft's server software, was set up and protected when she used it exclusively over four years as secretary of state for all work messages. Clinton's privately paid technology adviser, Bryan Pagliano, has declined to answer questions about his work from congressional investigators, citing the U.S. Constitution's Fifth Amendment protection against self-incrimination.
Read more: http://abcnews.go.com/Technology/wireStory/ap-clinton-server-ran-software-risked-hacking-34435250
- connected to the Internet in ways that made it more vulnerable to hackers
- appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records
It apparently not only lacked security, it was set up badly with very vulnerable software that was warned against repeatedly.
truthisfreedom
(23,155 posts)Right?
Rafale
(291 posts)But the odds are hugely in favor of hacked. She would be a high-profile target of at least a dozen countries and the Murdock empire.
MADem
(135,425 posts)They'd be looking in DC, not in her basement.
LanternWaste
(37,748 posts)No proof of unicorns, either.
karynnj
(59,504 posts)you don't hit anything. This shows a frightening lack of concern for the security of her email. While it is true, that neither a state.gov account or this one should have ever had any classified information, even the leaking of details of her travel could have put her and others at greater risk if someone had found the impact.
Not to mention, as soon as Bloomenthal's email was hacked - it should not have been hard to figure out who H was on clintonemail.com!
upaloopa
(11,417 posts)Funny thing is nothing illegal was done, nothing was compromised nothing marked secret at the time was sent or received. Everything sent to government officials was stored on their government server.
This is a non story kept alive by folks out to hurt Hillary's campaign and carry water for repubs.
It is a waste of time
magical thyme
(14,881 posts)what classified info was on her server, how did it get there...and where did it go from there.
LiberalArkie
(15,728 posts)hacked into. Those settings are not default. And if turned on they take up disk space pretty quickly. If they had a firewall inlace (it is not mentioned that they did) that would have slowed hackers down a little bit. But I would think that the name "clintonemail.com" would have been easy picking for the NSA or outside governmental organizations.
magical thyme
(14,881 posts)LiberalArkie
(15,728 posts)Their IT consultant is taking the 5th as he knows he did not set up logging and security. I would bet he was asked to set up a family system and the Clintons did not tell him what it would have been used for. I was asked to set it up for what it was really really used for, I would have run as far as I could.
I have a little home web server and email system on a Mac and I guess I have 50-100 attempts a day. I would hate to see how many they have. An attempt does not mean someone got in, it just means that someone found a port on an IP address that they might be able to hack into if they want to put the effort into it. The only way to tell if someone tried its by looking at the logs.
magical thyme
(14,881 posts)"I would bet he was asked to set up a family system and the Clintons did not tell him what it would have been used for."
Good catch. You're probably right.
Elmer S. E. Dump
(5,751 posts)None of this makes any sense.
hughee99
(16,113 posts)snooper2
(30,151 posts)Erich Bloodaxe BSN
(14,733 posts)A good hacker isn't even going to leave tracks in a setup that poorly configured.
blm
(113,091 posts)still_one
(92,394 posts)At times it is hard to tell the difference between the Benghazi commitee, and what some may perceive as LBN
Botany
(70,581 posts)Infiltration of files seen as extensive
Senate panel's GOP staff pried on Democrats
By Charlie Savage, Globe Staff | January 22, 2004
WASHINGTON -- Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media, Senate officials told The Globe.
From the spring of 2002 until at least April 2003, members of the GOP committee staff exploited a computer glitch that allowed them to access restricted Democratic communications without a password. Trolling through hundreds of memos, they were able to read talking points and accounts of private meetings discussing which judicial nominees Democrats would fight -- and with what tactics.
The office of Senate Sergeant-at-Arms William Pickle has already launched an investigation into how excerpts from 15 Democratic memos showed up in the pages of the conservative-leaning newspapers and were posted to a website last November.
With the help of forensic computer experts from General Dynamics and the US Secret Service, his office has interviewed about 120 people to date and seized more than half a dozen computers -- including four Judiciary servers, one server from the office of Senate majority leader Bill Frist of Tennessee, and several desktop hard drives.
http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_files_seen_as_extensive/?page=full
magical thyme
(14,881 posts)But we've already seen repeatedly that Hillary doesn't learn even from her own experience, never mind that of others.
Botany
(70,581 posts)This is made up bullshit! And BTW I am no big fan of HRC but this Benghazi stuff
and what about Hillary's server is nothing more then swiftboating.
OnyxCollie
(9,958 posts)From the Pickle report:
in October or November of 2001. He made this discovery after watching the Committee's
Systems Administrator perform some work on his computer. An admittedly curious person, the
clerk attempted to duplicate what the System Administrator had done. In so doing, he was able
to observe all of the network's other users' home directories. He then clicked on different folders
to see which ones he could access; he was able to access some folders, but not others. The
folders that he could access, he stated, belonged to both Republican and Democratic staff.
The Nominations Unit clerk reported that he had access to the home directories of other
users shortly after beglnning his employment in the fall of 2001 until the spring of 2003. Initially
he printed approximately 100-200 pages ofdocuments pertaining to Judge Pickering's nomination
and gave them to one of his supervisors. Two days later that supervisor and another admonished
him not to use the Democratic documents and those that he had given his supervisor were
shredded.
Manual Miranda joined the staff of the Judiciary Committee in December 2001. A short
time after Mr. Miranda was hired, the clerk showed him how he could access Democratic files.
The clerk who initially discovered how to access the files told investigators that he was not sure
what to look for in the files, so Mr. Miranda would guide him as to what information was helpful.
Mr. Miranda would often suggest which directories he should concentrate on and would
sometimes tell him that there was something new in a particular folder and ask the clerk to print it
for him. Mr. Miranda admitted accessing the computer files of Democratic staff himself on one or
two occasions.
The Nominations Unit clerk explained that he frequently searched the folders of some
Democratic staff on an almost daily basis while working on the nomination of Judge Priscilla
Owen. In fact, over the course of accessing other users' files for approximately 18 months, the
clerk downloaded thousands of documents. Forensics analysis of a compressed zip folder from
his workstation where he kept these documents identified 4,670 flies, the majority of which
appeared to be from folders belonging to Democratic staff. During the approximately 18 months
the clerk accessed other users' files, he stated that he had four or five different computers
assigned to him and that regardless of the hardware he used he was able to access this information.
frylock
(34,825 posts)magical thyme
(14,881 posts)opponents.
And most especially when they are Windows servers that even incompetent hackers can hack.
This is not the Benghazi smear. This is a separate issue and shows very, very poor judgement.
Botany
(70,581 posts)nothingburger
something lame, dead-end, a dud, insignificant; especially something with high expectations that turns out to be average, pathetic, or overhyped.
"much to the team's dismay, the number one pick in this year's draft turned out to be a nothingburger"
from urban dictionary
DURHAM D
(32,611 posts)decided to bring back the old email story. pathetic
MADem
(135,425 posts)And newcomers will enthusiastically fan those flames!
You'd think they'd spend more time touting their preferred candidate's ideas.
magical thyme
(14,881 posts)from the State Dept. will keep it going for months. That is why Hillary is such a deeply flawed candidate.
Yavin4
(35,445 posts)There's no such thing as a "hack proof server".
magical thyme
(14,881 posts)You don't even need to follow the link. Just get past the headline...the 1st couple paragraphs say it all.
Yavin4
(35,445 posts)Any enterprise that handles sensitive information should have strict mandates against allowing employees to use personal devices to conduct business. This is 20/20 hindsight and the witch hunt of Hillary over this is complete utter bullshit.
magical thyme
(14,881 posts)government. And it's not like the government outlawed using common sense.
Darb
(2,807 posts)Oh yeah, from the teabaggers. What gives?
magical thyme
(14,881 posts)at least not the last time I looked.
But nice try at insinuating I'm a teabagger
LiberalArkie
(15,728 posts)in power do not ever believe that the rules pertain to them, just the other people.
cpompilo
(323 posts)hacked or contracted a software virus. Go figure.
Yavin4
(35,445 posts)Not machines. Watch the show, Mr Robot, and you will see how that works.
SmittynMo
(3,544 posts)Not only was it proven there was nothing secret on her emails, she was not hacked. Ok, they didn't put in all the detail required to make it more secure. So friggin what!!!! Life goes on.
Why don't they just leave her alone. By the way, drop the Bengazi crap too. 8 times and she's clean? It's unbelievable what the right will do to make an issue out of NOTHING!!!!
Reminds me of a scene from Police Squad with Leslie Neilson. NOTHING to see here. Please move on!!!
magical thyme
(14,881 posts)release that State confirms were top secret at the time she received them and, in once case, forwarded it on.
Funny how we screamed when Valerie Plame was "outed."
But it's ok for Hillary to email the names CIA agents who are actively in the field on an unsecure server.
p.s. this isn't about the GOP's attempted Benghazi smear. This is a separate issue.
SunSeeker
(51,697 posts)Hillary was not using her server to maliciously out CIA agents like the GOP did with Valerie Plame. Hyperbole much?
magical thyme
(14,881 posts)Clinton's email woes won't go away
An imminent release includes sensitive information on a CIA source.
Gowdy called the human sources identity information Clinton should have known was classified at the time she received it and some of the most protected information in our intelligence community.
Gowdy said Clinton forwarded the email to a colleague.
Read more: http://www.politico.com/story/2015/10/hillary-clinton-emails-cia-214654#ixzz3oSfEpNBP
Btw, Gowdy was going to release the emails yesterday, but apparently decided to hold off. Possibly today. Hillary is a very flawed candidate.
SunSeeker
(51,697 posts)From your own link:
Read more: http://www.politico.com/story/2015/10/hillary-clinton-emails-cia-214654#ixzz3oTR2VZiu
Really sad to see so called progressives repeating right wing talking points from lying GOP dirt bags like Gowdy. So you believe Gowdy but not our leading Democratic Presidential candidate. Got it.
George II
(67,782 posts)....and how many were there?
magical thyme
(14,881 posts)The FBI may or may not report on the results of their investigation into what classified information they find, where it came from and where it went. I have read rumours that they could report as soon as December. But nothing says for sure they'll publicly release anything.
George II
(67,782 posts)magical thyme
(14,881 posts)to use a homebrewed, unprotected, highly vulnerable Windows server for highly sensitive work by an individual that an 8 year old would recognize as a prime target for spies.
Also known are the months and months of stonewalling and attempts to deflect.
Also known is the attempt to make it everybody else's fault. Even Obama is obliquely blamed, since Hillary has pronounced that as President she would have shut the various and sundry investigations down.
All that is unknown is how many more are to come, what secrets and embarassments they contain, and who's hands the top secret info got into.
SunSeeker
(51,697 posts)I guess you must be pretty desperate to be using bullshit Red State talking points like that Hillary's server was "homebrewed, highly vulnerable." It was never hacked, unlike the State Department's servers.
patsimp
(915 posts)hughee99
(16,113 posts)Weakest argument ever. Hopefully you're not consulting with Clinton's team or she's fucked.
Response to magical thyme (Original post)
Name removed Message auto-removed
DhhD
(4,695 posts)geek tragedy
(68,868 posts)randome
(34,845 posts)It's as embarrassing as Jeb Bush coming up with a plan to replace Obamacare. No one gives a shit anymore.
[hr][font color="blue"][center]Stop looking for heroes. BE one.[/center][/font][hr]
George II
(67,782 posts)....the media (and RW) like to say the server was "in her home basement" like the house was some two-bedroom bungalow on a residential street.
Her "home" is a fortress guarded by the Secret Service 24/7.
hughee99
(16,113 posts)really understand the issue.
magical thyme
(14,881 posts)yeah, I didn't think so.
p.s. pretty much everybody understands that Secret Service parked outside your home won't prevent computer hacking.
George II
(67,782 posts)Can you link to the FBI report stating that it WAS hacked? Yeah, I didn't think so.
magical thyme
(14,881 posts)veracity.
Right now, nobody knows and the FBI isn't saying. But since 1. hack attacks are known to be prevalent, and 2. the SOS is a likely target of foreign spies, and 3. it is known that repeated attempts were made on Hillary's server after security was added in 2013, it seems probable that 1. attempts were likely made from 2009-2013 and 2. with a vulnerable and particularly easy Windows server, there's a good chance at least some were successful.
PSPS
(13,614 posts)magical thyme
(14,881 posts)ask tonight.
Surya Gayatri
(15,445 posts)Botany
(70,581 posts)Surya Gayatri
(15,445 posts)That poor defunct horse is so dead he's beginning to stink up the place. Off to the glue factory with him!
we can do it
(12,193 posts)katsy
(4,246 posts)I'm a Bernie supporter! And this is a BS attack lest we forget that Sony was hacked the pentagon target and a gazillions other servers
Make it stop! These attacks on Hillary abt emails and bengazzzzi are really transparent.
I'm a Bernie supporter period. But if Hillary is our candidate I won't be holding my nose or giving her the stink eye. I trust she will uphold our party's goals as best as anyone can in the face of a dog shit congress.
toddwv
(2,830 posts)Either hasn't been paying attention, doesn't know much about IT, or both.
Lychee2
(405 posts)We are all at risk, but are not all equally at risk. It's the same with servers. Some are more protected than others.
fbc
(1,668 posts)Maybe he could have hooked her up with the people that rolled out the Obamacare website.
itcfish
(1,828 posts)keeping beating a dead horse? And why are we helping them?
magical thyme
(14,881 posts)Hillary could have put this to rest months and months ago if she'd followed the advice of her advisors.
Now that Bernie shut it down for her in the debate, maybe it will go away for good. Or maybe not. Only time will tell.
Babel_17
(5,400 posts)They see the public as viewing how you handle security being a metric to judge your competency.
Anyone can have a subordinate make a poor decision. It's the sum total of your subordinates decisions, and your role in overseeing them, that gets judged. Also your wisdom in who you hire, and do or do not fire. The media shouldn't try to capitalize on every little detail. But new developments on the issue of the privately controlled server (which the FBI is running more than just a cursory investigation on) are news in the sense that they are worthy of being recorded.
Probably no new story here except the one that the Clinton staff's inherent tendency for concealment keeps generating controversy. I know, it's a circular thing, enemies ready to pounce are a major factor in this. But the cycle needs to be broken in order for us to ensure our win in 2016.
Babel_17
(5,400 posts)I find it useful to hear what the nerds, many of who are/were employed at this kind of work, have to say when more revelations pop up.
Posted by Soulskill on Tuesday October 13, 2015 @04:57PM from the yeah-this-story-is-still-a-thing dept.
Jim Efaw writes:
Hillary Clinton's home servers had more than just the e-mail ports open directly to the Internet. The Associated Press discovered, by using scanning results from 2012 "widely available online", that the clintonemail.com server also had the RDP port open; another machine on her network had the VNC port open, and another one had a web server open even though it didn't appear to be configured for a real site. Clinton previously said that her server featured "numerous safeguards," but hasn't explained what that means. Apparently, requiring a VPN wasn't one of them.
http://politics.slashdot.org/story/15/10/13/1951232/clinton-home-servers-had-ports-open
Not one of the better threads imo, as I don't see much usable info that adds to the linked story. It's mostly just derision, but with a side order of boredom.
The take away is that plenty of nerds are staying up to date on the details as they emerge. Commentary from knowledgeable sources is always going to be on tap. The thread I linked to is mostly just sniping.