If you were Vladimir Putin, or President Xi of China, what would you do if you had the entire archive of Hillary Clinton’s emails, classified and unclassified, “deleted” and not, in your hands? What value to you would that be in your next round of negotiations with the president of the United States?
Unencrypted Email
Hillary Clinton traveled to 19 foreign locations during her first three months in office, including China, South Korea, Egypt, Israel, Palestine, and a meeting in Switzerland with her Russian counterpart. During that period of time her email system was unencrypted. She transmitted data over wireless networks in those countries, networks almost certainly already monitored 24/7 by intelligence and security officials. To say her email was not collected is to say the Russian, Chinese, Israeli and other intelligence services are complete amateurs.
They are not complete amateurs.
A System Wide Open to Monitoring
While FBI director James Comey said his investigators had no “direct evidence” that Hillary Clinton’s email account had been “successfully hacked,” both private experts and federal investigators, according to the New York Times, “immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”
Comey described a set of email practices that left Clinton’s systems wide open to monitoring. She had no full-time cyber security professional monitoring her system. She took her BlackBerry everywhere she went, “sending and receiving work-related emails in the territory of sophisticated adversaries.” Her use of “a personal email domain was both known by a large number of people and readily apparent… Hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact.”
The FBI director was generous in his assessment. See, no hacking was really necessary.
But No Hacking was Really Needed
Online security company Venafi TrustNet has the world’s largest database of digital certificates and associated metadata, allowing it to go back in time and identify how digital certificates were used in the past, a kind of forensics capability for IT security. Here’s what they found on the clintonemail.com server, and it is not good.
Using non-intrusive Internet scanning tests routinely performed throughout by IT security teams (meaning foreign intelligence agencies have them too), Venafi learned the Clinton server was enabled for logging in via web browser, smartphone, Blackberry, and tablet. That automatically makes it vulnerable to interception, as the information Clinton was sending and receiving abroad was traveling via other nations’ web infrastructure and open-air cellular networks.
Clinton’s email log-in page was also on the web, meaning anyone who stumbled on it could try and log in, or employ the standard array of password hacking and brute force attacks against…