Some Email Truths for Hillary Clinton

One thing Hillary Clinton should know is that armed guards aren’t really equipped to stop a data breach.

This week, shortly after former U.S. Secretary of State Hillary Clinton became the poster child for enterprise BYOD issues, she held a news conference to explain and justify her convenience-oriented defense. During that briefing, she said that her private email server “was set up for President Clinton’s office. And it had numerous safeguards. It was on property guarded by the Secret Service. And there were no security breaches.”
That's a frighteningly outdated view of email security. Either Clinton has a woefully inadequate understanding of information security (and to be fair, she would hardly be the only high government official of whom that could be said), or she was deliberately obfuscating the situation. It’s hard not to lean toward the second explanation when you consider that she had days to brief and prep before making this statement on email security.
It’s worthwhile to take a closer look at that brief extract from her statement. Consider these utterances:
The server “was set up for President Clinton’s office.”
There is a high probability that she was referring to her husband and not being presumptive about her next job. But, oh dear, her husband left office in January 2001 — more than 14 years ago. Did the email server setup date to that time? Fourteen years is a lifetime in tech security advances. Well, we do know that the clintonemail.com domain was first registered on Jan. 13, 2009, just around the time that the former first lady and New York senator was nominated as secretary of State, which would make it much more up to date. But as to what measures had been taken to secure the server, Clinton only said, that “it had numerous safeguards.” Like what?
“It was on property guarded by the Secret Service.”
A server’s physical security is a consideration, but it’s not the only consideration, or even the main consideration. Think of it. We live in a time when data breaches happen all the time. But how many of them have involved physical break-ins? Zero. Is there anyone who believes that a data breach involves some guy dressed like a robber in an old New Yorker cartoon, who breaks in and physically attacks servers with a screwdriver and a wrench? The idea that server protection can be delivered in the form of armed guards — even really good armed guards — is ludicrous. A secret Service agent could be standing right next to the server and not know that it’s being breached. And any server that’s handling the email of the U.S. secretary of State and a former U.S. president is going to attract the talents of the world’s best — and best-funded — spy agencies.
Also, Clinton didn’t quite say that the servers were protected by the U.S. Secret Service, but merely that the servers were housed somewhere on a piece of properly that the Secret Service guarded.

“And there were no security breaches.”
Haven’t people learned yet that one can’t prove a negative? If Clinton’s email had indeed been accessed by, say, government agents representing Russia, North Korea or Iran, they would have merely copied files remotely, covered their tracks, deleted parts of key log files and quietly exited. Any secret agent who left evidence of tampering should be drummed out of the Get Smart Fan Club.
Clinton doesn’t necessarily flunk Cybersecurity 101, though. Her staff has said that she never emailed any sensitive information, instead relegating all such matters to handwritten notes that were delivered via secure channels. Email is highly insecure, and not entrusting sensitive information to it is the best way to protect that information. Computerworld: http://ow.ly/KnA3X

 

 

 

« The Internet Of Things TransForms Three Industries!
The CIA Has Been Hacking Your iPhone »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Seagate Technology

Seagate Technology

Seagate data storage systems are purpose-built for enterprise and data centre performance, scalability, reliability and security.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

Neya Systems

Neya Systems

Neya Systems, a leader in advanced off-road autonomy and high-level multi-robot mission planning, provides innovative solutions for uncrewed ground, aerial, and surface vehicles.

Rite-Solutions

Rite-Solutions

Rite-Solutions is an award-winning software development, systems engineering, and information technology firm.