Some Email Truths for Hillary Clinton

Uploaded on 2015-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

One thing Hillary Clinton should know is that armed guards aren’t really equipped to stop a data breach.

This week, shortly after former U.S. Secretary of State Hillary Clinton became the poster child for enterprise BYOD issues, she held a news conference to explain and justify her convenience-oriented defense. During that briefing, she said that her private email server “was set up for President Clinton’s office. And it had numerous safeguards. It was on property guarded by the Secret Service. And there were no security breaches.”
That's a frighteningly outdated view of email security. Either Clinton has a woefully inadequate understanding of information security (and to be fair, she would hardly be the only high government official of whom that could be said), or she was deliberately obfuscating the situation. It’s hard not to lean toward the second explanation when you consider that she had days to brief and prep before making this statement on email security.
It’s worthwhile to take a closer look at that brief extract from her statement. Consider these utterances:
The server “was set up for President Clinton’s office.”
There is a high probability that she was referring to her husband and not being presumptive about her next job. But, oh dear, her husband left office in January 2001 — more than 14 years ago. Did the email server setup date to that time? Fourteen years is a lifetime in tech security advances. Well, we do know that the clintonemail.com domain was first registered on Jan. 13, 2009, just around the time that the former first lady and New York senator was nominated as secretary of State, which would make it much more up to date. But as to what measures had been taken to secure the server, Clinton only said, that “it had numerous safeguards.” Like what?
“It was on property guarded by the Secret Service.”
A server’s physical security is a consideration, but it’s not the only consideration, or even the main consideration. Think of it. We live in a time when data breaches happen all the time. But how many of them have involved physical break-ins? Zero. Is there anyone who believes that a data breach involves some guy dressed like a robber in an old New Yorker cartoon, who breaks in and physically attacks servers with a screwdriver and a wrench? The idea that server protection can be delivered in the form of armed guards — even really good armed guards — is ludicrous. A secret Service agent could be standing right next to the server and not know that it’s being breached. And any server that’s handling the email of the U.S. secretary of State and a former U.S. president is going to attract the talents of the world’s best — and best-funded — spy agencies.
Also, Clinton didn’t quite say that the servers were protected by the U.S. Secret Service, but merely that the servers were housed somewhere on a piece of properly that the Secret Service guarded.

“And there were no security breaches.”
Haven’t people learned yet that one can’t prove a negative? If Clinton’s email had indeed been accessed by, say, government agents representing Russia, North Korea or Iran, they would have merely copied files remotely, covered their tracks, deleted parts of key log files and quietly exited. Any secret agent who left evidence of tampering should be drummed out of the Get Smart Fan Club.
Clinton doesn’t necessarily flunk Cybersecurity 101, though. Her staff has said that she never emailed any sensitive information, instead relegating all such matters to handwritten notes that were delivered via secure channels. Email is highly insecure, and not entrusting sensitive information to it is the best way to protect that information. Computerworld: http://ow.ly/KnA3X

 

 

 

« The Internet Of Things TransForms Three Industries!
The CIA Has Been Hacking Your iPhone »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

GISEC Global

GISEC Global

GISEC Global provides vendors and companies from around the world with access to lucrative opportunity to capitalize on what's set to become one of the world's booming markets.

Zeta Sky

Zeta Sky

Zeta Sky offers a full range of IT and cyber-security services for your business.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

Creative Network Innovations (CNI)

Creative Network Innovations (CNI)

Creative Network Innovations is a leader in providing advanced IT and cybersecurity solutions.

Xeliumtech Solutions

Xeliumtech Solutions

Xeliumtech Solutions are a Digital Transformation partner with quality offerings in Mobile App Development, Ecommerce, Devops, RPA, AI, IoT development, Cybersecurity and more.