still leaving one mystery device to be identified. ®
Yep that'll be the actual truth of the situation. Unfortunately that will never see the light of day.
Not only did Democratic Party presidential hopeful Hillary Clinton run her own email server while at the State Department: someone, presumably her friendly local sysadmin, decided it needed remote desktop protocol (RDP) and desktop sharing code virtual network computing (VNC) exposed to the Internet. The folks at Associated …
When Russians deal with a foreign country the guy(s) or gal(s) at MGU with a modern history PhD (and optionally history of religion PhD) on the country in question get a call and a FAT check to help with the analysis, selection of the strategy, PR, etc. The result is "successful policy alteration" in most cases - especially when privatisation, mergers, etc are involved. I have a couple of childhood friends which have made some very good money on that and have had their apartments, dachas and the spanking new BMW parked in the private garage under the apartment block paid by that. All stuff you will never get on a professor salary.
When Chinese deal with a foreign country they come with a FAT check. One of the reasons why cleptocracy in Africa will not die any time soon.
When Americans deal with a foreign country they come with arrogance, bulshit and start the conversation with "do not give me this crap about what happened 200 years ago". That used to work when their competition was only USSR which came with the copy of the Das Kapital and AK47s. It does not work any more in the modern world.
So you think bribery of government officials is the way to deal with foreign governments?
Remind me why billions of dollars that were shipped to Iraq didn't make any frigging difference. Remind me why the Egyptian government gets billions in "Aid" from the US Government. Remind me why we gave you European ungrateful bastards billions of aid during WWII and then forgave the "loans". Remind me why we gave Russia tractors and airplanes that they promptly copied as their own. Remind me why we kept England fed at great personal costs during the war.
Because I cant think of single reason why we should have bothered for the simple reason that those acts allowed you useless twats to be born.
Frankly any arrogance is deserved because you people are bunch of double dealing, backstabbing, cheats, thieves and ingrates who should be speaking German today if it wasn't for our help.
And no, no person alive today should have to care what his/her great, great, great, grandparents did 200 years ago. But as far as I am concerned you still owe us billions of dollars and some gratitude
Your arrogance is ridiculous, a front put on by History's only 'superpower' that couldn't establish an empire, whose biggest achievements are based mostly on the work of recent immigrants to that country.
A country whose history stretches back the same length of time as my local haulage company and university, and they're latecomers compared to some of our institutions.
A country whose greatest achievement- the moon landings- would have been unachievable without Nazi scientists. A country who've been undone militarily time and again by underestimating anyone not American.
A country who managed to establish a massive ruling class at the expense of everyone else while fighting Communists, who managed to create a climate of fear while fighting terrorists and who cheer on freedom while clamping down on that of their own people.
You've no military skill besides building big bombs- and the USSR had you beat at that one- as proven by your egregious record for "blue-on-blue" killings and outright defeats at the hands of Vietnam, Iraq, Afghanistan- even the Canadians (backed by the polite, tea-drinking British) beat you at war and burned your capital to the ground.
You've got the Bomb- and large conventional forces- and apparently have no qualms about using them. That makes us fear you, yes. But it's not respect as we have for the Russians (who caught up with 150 years of european technological development in a few short years) or the Germans (who twice bettered France, supposedly their superior in every way). The arrogance we see is that of a child who's found his father's gun.
So sit down and shut up, son, the grown-up countries are talking.
And we Americans twice bettered Germany, dug France out of a hole twice etc. Who liberated whom in two world wars ingrate? Shows what the unfettered military might of the US can accomplish if left alone by the politicians and simpering European aristocrats that tried bargaining with Hitler.
BTW, it was ineffectual DEMOCRAT politicians that meddled with our Military that "lost" wars in Vietnam, Iraq and Afghanistan. France and Russia lost there too and I think some Brits and Aussies lost there too.
Our whole country was based solely on immigrants who came here to better themselves because they got a raw deal in Europe. Seems WE were more tolerant than you ever were, so they came here. THOSE immigrants integrated into our societal "melting pot" (mine came here in 1672 is that old enough for you?) and contributed to our country unlike the ones invading your countries right now. Your so called "history" and age of your countries is certainly nothing to brag about. All you did is fight each other for centuries, keep and trade slaves, keep people in servitude, live too close in unsanitary conditions and subjugate countries. Or did you forget about the "Empire"?
BTW, we never had a "ruling class"; YOU were the idiots with a Monarchy or several.
Speaking of "grownups' you simpering, effete, arrogant twit, your aged European countries (no union there!) have acquired the problems of the Roman and Russian Empires. It appears that emulating your role models Caligula, Nero and Stalin is counterproductive these days and now that you given away every pound and euro to the wastrels and layabouts, there is no one left to tax but successful American companies that you can't even come close to comparing to. But hey let's not let a few facts get in the way of our so called "friendship".
"And no, no person alive today should have to care what his/her[..] grandparents did 200 years ago. But as far as I am concerned you still owe us billions of dollars and some gratitude"
But I don't care what my grandparents did, so you can do one.
Remind me why we gave you European ungrateful bastards billions of aid during WWII and then forgave the "loans".
Britain paid for all of the equipment bought under Lend Lease during WW2, in Gold to start with and credit after spending the entire gold reserves of the British Commonwealth. Loans were paid back in full, something which was completed only a few years ago. Nothing was "given" to the UK, and if you have contrary information then while I hate Wikipedia Citation Needed. is the appropriate term for the situation. Proof please.
If you want to get into things being given during WW2 then you might want to consider things like the cavity magnetron, the jet engine, the design for the 57mm AT gun (British 6 pounder) etc. All of these were given without charge. For the complete avoidance of doubt, these were given from Britain to the US.
Try reading THIS article. You only paid the LOANS we gave you. The Lend Lease aid was mostly free and we also gave you terms of ten cents on the dollar on the LOAN not to mention the cost of hundreds of thousands of American lives.
All to pull you out of a "bad spot" and you wouldn't even bother to help today to do the same in return.
BTW, for the record Radar was developed from Tesla and Marconi's work, that jet engine sucked and it wasn't until the ME-262 engines got copied everywhere did it finally become a commercial success.
They don't compare to the sheer amount of material and personnel we provided but the only reason I commented on it in the first place is because of the continuous ungrateful, rude and downright retarded treatment of a country and it's people that once was your most dependable ally.
How's this for a CITATION? https://en.wikipedia.org/wiki/Lend-Lease
I cherry pick below:
In general the aid was free, although some hardware (such as ships) were returned after the war. In return, the U.S. was given leases on army and naval bases in Allied territory during the war.
A total of $50.1 billion (equivalent to $656 billion today) worth of supplies were shipped, or 17% of the total war expenditures of the U.S.[2] In all, $31.4 billion went to Britain, $11.3 billion to the Soviet Union, $3.2 billion to France, $1.6 billion to China, and the remaining $2.6 billion to the other Allies
Remind me why...
@AC firstly, breath hun. All that anger is not good for you.
Secondly: You gave Russia tractors and kept England fed 'cos we were fighting the Nazis. And their idea of empire building would ultimately have reached across the Atlantic Ocean. FDR compared it to the wisdom of a man lending his neighbour a hose to put out a fire. Churchill called it "The most unsordid act in history".
Thirdly: If you still feel the same read P. J. O'Rourke's rather more humorous take:
https://www.goodreads.com/work/quotes/790662-holidays-in-hell
In intelligence there is the concept of securing your own communications so whomever has to work hard to one get the raw intercept and two decode it. By apparently running an poorly secured server, Hildabeast made everyone's snooping very easy. At some point all the encryption must be removed for a human readable text and it is likely the snoops were sniffing when this happened.
"At some point all the encryption must be removed ..."
For a while this was not a problem. Reports published some time ago had it that for the first few months of operation the server in question lacked a certificate and the ability to encrypt http links.
> I just thought of something else. What do you think google maps wifi scan found when the drove past her house?
Good question. Perhaps I'll see what WiFi Analyzer shows me the next time I'm on that side of town (as much as I despise driving through Chappaqua for *anything* these days).
I makes me sad that this person, who one reasonably supposes declined the advice of the CIO in a sensitive government department, ran an almost certainly unauthorized and apparently quite insecure server on which were stored sensitive government communications, and failed (although quite selectively) to ensure that the department employees followed the laws and regulations governing information assurance, might actually be elected President.
I have as little respect for the State Department CIO who allowed this to happen.
That CIO was a high ranking Foreign Service officer, almost certainly receiving a salary well into six digits (in 2009). If worth her salt, she would have been able to get a comparable job in the private sector or another government department; in the event, she was appointed CIO at the International Monetary Fund in mid-2012. Furthermore, in the worst case she would be protected against retaliation by the applicable whistleblower laws and at worst be assigned, with saved grade and pay, to a null job. Alternatively, since she
The presently incumbent CIO was Deputy CIO and CTO for operations from 2011 until his appointment in 2013 had extensive prior IT experience within the Department of State and has a masters degree in Management Information Systems.
One or the other of these officials should have been aware that Ms. Clinton chose to use a private server for her official email - perhaps advised by a conscientious subordinate or other State Department employee.
Anyone familiar with the Clintons and their modus operandi would NOT reasonably assume the CIO provided such advice. Instead they would assume he wasn't consulted.
Everybody keeps dancing around what we all know: $Hrillary was selling access to State through Bill and Chelsea via the Clinton Foundation. The server was intended to keep all that secret which was why she deleted MORE personal email than she turned over to the government. You don't ask the CIO about something like that because it causes too many plausible deniability problems down the road.
Even the whole one device meme she keeps trying to start is transparently a lie. And I mean beyond the NYT showing her using an iPhone when she was supposedly issued a Blackberry. Because of the Hatch Act, it's illegal to use your government account to engage in fundraising activities of any sort. In fact, an aggressive prosecutor can go after you for posting anything even slightly partisan using a government device (not account). And because of the Presidential Records Act (which means the whole Executive branch, not just the President) you HAVE to use a government account and server. It's not just a guideline, or a regulation. It is in fact the ONLY way you've got a 50/50 shot at complying with the law. So she's now up to two email accounts. Then you get into the whole classified angle and you're up to THREE accounts.
If Hilary's Email is anything like mine then there will be a lot of deleted mail traffic. It won't be super-secret nefarious plans, just never ending pitches for dubious products, phishes, appeals to help get secret funds out of African countries and so on. Junk filters take care of a lot of this before it even hits the in-box. This whole email thing is another Benghazi, just an attempt to make political capital out of a rather ho-hum issue (since there wasn't a specific prohibition on what Hilary was doing until after she left the State Department).
Knowing what we know these days I'm confident that if we really wanted to read all her mail then we'd just have to ask the NSA for a copy.
(since there wasn't a specific prohibition on what Hilary was doing until after she left the State Department)
Another DNC kool-aid drinker I see. NO, it was not an internal prohibition which came into being in 2014. IT IS IN FACT A LONG ESTABLISHED LAW. It's called the Federal Records Preservation Act and its origins are all the way back in WW2.
Here's a little snippet that pretty much puts your lies in the grave:
http://www.ediscoverylaw.com/2004/12/preservation-of-email-required-under-federal-records-act/
To put it simply, in 1993 the DC Circuit Court (so regardless of SCOTUS it has jurisdiction over DC unless reversed) found:
1. Email constitute federal records.
2. The electronic record itself still constitutes a federal record even if paper copies are printed
3. Must be managed and preserved as per the Act's requirements.
Shorter synopsis: There isn't a statement $Hrillary has made about her email which is true.
Clinton's predecessors used personal email *accounts*, not (unauthorized, personally owned, badly configured, and highly vulnerable) *servers*. There is a difference.
In addition, under earlier Secretaries, email was less important compared with old fashioned telex type messaging. This is explained in an interview with the CIO who served from 2009 - 2012, available on youtube at about 13:45:
https://www.youtube.com/watch?v=WmxMRJzQgxU
Nonsense. Everyone knows that all this is a Republican conspiracy to prevent Hillary assuming her rightful place as the Democratic presidential nomnee or, failing that, to gather ammunition for their candidate to use in the election campaign.
A couple of additional observations in non-joke mode:
Based on the information reported in the article, the private server did not comply with FiSMA requirements, and probably was not certified and accredited by the department CIO.
The secure network should not be connected electrically or logically to the non-secure network. Any email capability there should be limited to that network. That classified (and classifiable) messages seem to have been sent or received on the internet and probably the non-secure State Department network suggests fairly widespread ignorance or disregard of proper security behaviour among the employees and, perhaps, by the CIO's office and the CISO or equivalent, who normally would have a (possibly additional) reporting chain that bypasses the CIO.
Surely, it doesn't matter what service is exposed (RDP, SSH, VPN). What matters is how strong the authentication is?
Having a password of, say, "?[au]f'=){p71 F" on RDP is better than a username/password of root/root on VPN?
Unless what is being claimed is that the RDP protocol is weaker than, say, an IPSEC VPN so more hackable?
Password security is only part of the solution. Services like RDP and VNC can be hacked without a password due to widely available exploit code.
If they are stupid enough to allow these ports to be open to the Internet, they are likely to be stupid enough not to patch them against these attacks.
This post has been deleted by its author
Sometimes arguing with idiots is what I do. Here goes....
Remote access over the Internet is bad if you are solely relying on username/password combination and the HOPE that those applicationa do not have vulnerabilities in which allow them to be compromised without user/pass.
VNC and RDP and Telnet and SSH and Remotely Anywhere versions along with a raft of other remote access tools have all been shown to be vulnerable to exploit. Maybe they are running a version which isn't but it will be more by good luck than good management if they are, given the stupidity which led them to doing this in the first place.
Simple user/pass protection is not enough. Best case scenario they iterate through a password list and lock out accounts. Worst case, they find the password and have a ready made remote access tool in place.
If the server is compromised with malware, you don't even have to put a RAT in place as there is already remote access in place for you to use.
Remote access tools should have multi factor authentication. The requirement for additional keys, only accept connections from a specific IP address, banning IP which attempt hacks, VPN only access...
It seems the down voting commentards know a lot less than they think they do. Try googling the Dunning Kruger effect. You are probably overestimating your knowledge and competency.
These articles provide some more details:
http://bigstory.ap.org/article/5ad0f6bb57eb487f84e98fe9a74a08b1/clinton-subject-hack-attempts-china-korea-germany
http://bigstory.ap.org/article/467ff78858bf4dde8db21677deeff101/only-ap-clinton-server-ran-software-risked-hacking
Basically, it seems that like many SME's and home office setups Hilary was calling on different people and so whoever was responsible for the website console preferred VNC, whereas whoever was responsible for the Windows Server (I suspect it was an SBS server) preferred RDP. And probably Hilary's security consultant didn't know about this because they were never sufficiently hands on to get a full understanding of Hilary's actual home set up, rather than the one they had advised her to use.
Been through this with a client who has upgraded/refreshed to WS2012-R2, and who has implemented RDS Server to allow people to work from home. The IT supplier has set this up using MS defaults, so if you attempt an RDP connection to their router you will be automatically forwarded to the RDS server, which as we know from various MS statements over the year is hackable... Similar considerations apply to OWA... So in my experience Hilary having the VNC and RDP ports open on her Internet/firewall/router isn't something to be surprised about, likewise I suspect her email server used the standard ports and wasn't hidden behind a cloud-based mail preprocessor.
Who says it was not the Microsoft scammers who called her up and said "Hello, we are Microsoft, we need to fix your computer, please download this software (VNC) and install it for us to take a look .... the rest is history.
Seeing that VNC stores passwords in clear text, ROFL ...
>Having a password of, say, "?[au]f'=){p71 F" on RDP is better than a username/password of root/root on VPN?
Better, yes, still braindead, though.
We haven't used port 25 on any of our mail servers in at least 5 years. It's too much of a target for hackers.
Oh, and yes, we are a MINIMAL security system. Meaning most of what we do is SUPPOSED to be available to the public. Only salaries, internal discussions about contract awards, and NDAs signed with private companies about their trade secrets are excluded.
To allow Platte River Systems, located in Colorado, to administer the server, which was in New York. Platte River was hired in 2013 to take over administration from Bryan Pagliano, who had been IT manager for the Hillary Clinton's 2008 presidential primary campaign and was hired as a special assistant CIO at the Department of State shortly after Ms. Clinton was confirmed as Secretary of State. According to a spokesman for Ms. Clinton, the Clintons paid him from personal funds to administer the server, although that put him in a fairly obvious, and serious, conflict of interest position.
Ports, plural. The email services would not be isolated to just receiving emails, but also sending. I would love to look at the full list found, because I'm betting that they had TCP 25, 110, and 143 all wide open. I would also think all the NetBIOS ports were open. This is so funny that I'm crying with joy.
The problem is many are missing (deliberately?) the point that very poor security practices were used by HIldabeast and her minions. Good security practices are to isolate the servers as much as possible. Also, to have only those ports needed open and secured with proper authentication. On an email server at most 4 ports are needed and if only pop or imap are support then 2 ports are needed.
I'm so tired of this storm in a teacup.
So far I've seen no evidence that anything at all was sourced from this server as opposed to being sailed on a raft from various other government machines. And if there were so much as a hint of that, it would have been page one at the New York Post, not to mention the flag behind which the committee "investigating" the matter would rally in a storm of self-agrandizing publicity righteous indignation.
It seems, contrary to popular wisdom on the matter, in this case security by (extreme) obscurity worked to prevent any leaks.
Also: "white hat botnet"? Wait, what?
It was the New York Times that broke the story fyi - which created the email firestorm. Everything else snowballed from there, from Hillary lying about it, being flippant, wiping the server, etc. She did it to herself and is not fit to be President if she's that stupid/arrogant.
Also curious about your 'I've seen no evidence' - why would anyone crow about it? That would lead to losing access to a prime target for information and possible retribution.
"Also: "white hat botnet"? Wait, what?"
Yes, they exist. That term would apply to such projects as SETI, Folding@Home, and any other service where you allow a remote system to use resources on your machine. I've known plenty of security researchers that volunteer machines on their networks for such purposes where they all have access to all machines for the purpose of working on specific tasks from multiple angles or to just test firewall / IPS configurations (Being able to test from dozens of different networks / countries is invaluable)
Normally we just call that distributed computing. It's not a white hat bot-net because there are no "bots" involved, it's all voluntary people running software and there are no hackers, white or black with absolutely no hats. The only bit that really applies is the network, and that's just the Internet.
You say you haven't seen any evidence that anything was sourced from the server? I suppose you missed this, which was published here a little over a month ago
http://www.theregister.co.uk/2015/09/04/clinton_email_auction_twist_secure_hacker/
The problem is that a government official set up a server for the specific purpose of attempting to skirt the laws of the nation, got caught doing it, has KNOWINGLY made a number of untrue statements about it, left top secret, classified, and other confidential materials in the hands of those not authorized to access them, and went out of their way to obstruct other government officials from doing their job of securing the materials after the fact.
The knowledge that the server was implemented in an insecure manner is hardly surprising, given the overall situation.
But even a foreign policy expert would struggle to verify the claims here and the whole exercise might just as easily be the work of an enterprising chancer.
I have now. I was taken by the paragraph above in light of the fact no further revelations seem to have transpired.
You are aware the private e-mail server, while unwise, was not against the rules that were in play when it was set up and for most of its life? Sending classified stuff to it was, though the nefarious swath of compromised secrets don't appear to be there in the sort of abundance that was eagerly anticipated by some.
Storm in a teacup judgment still in place. If there was any meat on those bones we'd have seen it trumpeted far and wide by now.
The Federal Information Security Management Act of 2002 (FISMA) covers computer equipment used to store or process government data and reauires NIST to issue implementing technical requirements. NIST did that around 2005 and 2006: FIPS 199, FIPS 200, and SP 800-53 (and possibly others) apply to the server or servers that hosted clintonemail.com beginning in 2009. I do not have to look to be pretty sure they do not allow either RDP or VNC access from the public internet. The server was operated in violation of federal law, probably for its entire service life. And that does not even touch on the fact that, as it turns out, it stored classified (and classifiable) material that never should have been placed on any server connected to the internet.
This is not a "storm in a teacup" but a matter that goes straight to the question of whether Hillary Clinton should be given another public trust position.
A US presidential election is fought almost entirely on the record and personal morals of the candidates. A former senior government appointee operating a non-governmental email account for government business, but also running this on a private server (however secure) is breaking a lot of rules. Yes, she is not the first (I understand Colin Powell did this - for a while and this was why the rules were re-iterated after he left), but this person is now running for president.
Furthermore, this person was not some government newbie, but someone who had been the First Lady for 8 years and so cannot reasonably claim not to have know the issues at hand or the consequences.
This is not a storm in a teacup, but goes straight to the issue of the fitness of this person to be president. This is why it is big news, and will continue to be big news while she is a candidate. Get used to it.
With her money and the sensitivity of the data she was working with, I"d have figured that she would have had at least a layer of Cisco ASA's on the front end, with a layer of Palo Altos behind that for proper defense-in-depth. Then behind those, running a pair of OpenBSD-based mail servers running Dovecot. For authentication, I'd expect nothing less than 1024-bit client certificates with 16-character passwords
She also should have never, ever used that same account for personal email. Use one of the plethora of free email services out there for that, or set up a second account/domain on the mail server for that.
What I suspect happened was that some high level exec at her foundation had a kid "That is good with computers". That kid then proceeded to go to a big-box store, picked up a high-end machine, a copy of Windows Server Small Business Edition, and a Datto backup drive (Which, by the way, this device was sending all her backups to a commercial cloud service)[1].
What angers me the most about this whole thing is that Secretary of State is a very, very sensitive role. Even simple phrases must be carefully considered lest you put your country on the brink of Nuclear Armageddon (See: Khrushchev and "We will bury you"). For all we know the Crimean Crisis could have been started by the Ukrainian ambassador sending an email to Clinton where he says that the Russian ambassador smells like spoiled cabbage, then Clinton agrees. That conversation finding its way into the hands of the Russians could easily cause talks to break down, leading to countries responding by force rather than diplomacy (Its happened over some even pettier reasons before). Of course that is just a theoretical example, but my point is that something like that can have far-reaching and devastating consequences.
[1] http://www.mcclatchydc.com/news/nation-world/national/article37968711.html