Some Email Truths for Hillary Clinton

Uploaded on 2015-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

One thing Hillary Clinton should know is that armed guards aren’t really equipped to stop a data breach.

This week, shortly after former U.S. Secretary of State Hillary Clinton became the poster child for enterprise BYOD issues, she held a news conference to explain and justify her convenience-oriented defense. During that briefing, she said that her private email server “was set up for President Clinton’s office. And it had numerous safeguards. It was on property guarded by the Secret Service. And there were no security breaches.”
That's a frighteningly outdated view of email security. Either Clinton has a woefully inadequate understanding of information security (and to be fair, she would hardly be the only high government official of whom that could be said), or she was deliberately obfuscating the situation. It’s hard not to lean toward the second explanation when you consider that she had days to brief and prep before making this statement on email security.
It’s worthwhile to take a closer look at that brief extract from her statement. Consider these utterances:
The server “was set up for President Clinton’s office.”
There is a high probability that she was referring to her husband and not being presumptive about her next job. But, oh dear, her husband left office in January 2001 — more than 14 years ago. Did the email server setup date to that time? Fourteen years is a lifetime in tech security advances. Well, we do know that the clintonemail.com domain was first registered on Jan. 13, 2009, just around the time that the former first lady and New York senator was nominated as secretary of State, which would make it much more up to date. But as to what measures had been taken to secure the server, Clinton only said, that “it had numerous safeguards.” Like what?
“It was on property guarded by the Secret Service.”
A server’s physical security is a consideration, but it’s not the only consideration, or even the main consideration. Think of it. We live in a time when data breaches happen all the time. But how many of them have involved physical break-ins? Zero. Is there anyone who believes that a data breach involves some guy dressed like a robber in an old New Yorker cartoon, who breaks in and physically attacks servers with a screwdriver and a wrench? The idea that server protection can be delivered in the form of armed guards — even really good armed guards — is ludicrous. A secret Service agent could be standing right next to the server and not know that it’s being breached. And any server that’s handling the email of the U.S. secretary of State and a former U.S. president is going to attract the talents of the world’s best — and best-funded — spy agencies.
Also, Clinton didn’t quite say that the servers were protected by the U.S. Secret Service, but merely that the servers were housed somewhere on a piece of properly that the Secret Service guarded.

“And there were no security breaches.”
Haven’t people learned yet that one can’t prove a negative? If Clinton’s email had indeed been accessed by, say, government agents representing Russia, North Korea or Iran, they would have merely copied files remotely, covered their tracks, deleted parts of key log files and quietly exited. Any secret agent who left evidence of tampering should be drummed out of the Get Smart Fan Club.
Clinton doesn’t necessarily flunk Cybersecurity 101, though. Her staff has said that she never emailed any sensitive information, instead relegating all such matters to handwritten notes that were delivered via secure channels. Email is highly insecure, and not entrusting sensitive information to it is the best way to protect that information. Computerworld: http://ow.ly/KnA3X

 

 

 

« The Internet Of Things TransForms Three Industries!
The CIA Has Been Hacking Your iPhone »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.