Tuesday, October 13, 2015

Clintonemails.Com Had Wide-Open Remote Control Access

by JASmius



Any server can theoretically be hacked, even the most secure one imaginable.  The whole point of security measures is not to make it impossible to do so, but as difficult as possible so as to deter all but the most capable (i.e. state-level) hackers, and make even their task prohibitive.

A private server cannot be made that secure, which is why there are rules and laws in place requiring high-level government electronic communications to go through maximally secured government servers.  But even in the private sector, there are security measures that can be taken to protect electronic correspondence from external penetration.

Mrs. Clinton not only did not take even minimal steps in that direction with her "homebrew" server - she made it easy and effortless to remotely access her server for herself, her minions, and everybody else on the planet - for "convenience's sake," of course:

[Mrs.] Clinton’s server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn’t intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders....

Records show that [Mrs.] Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet. One contained similar remote-control software that also has suffered from security vulnerabilities, known as Virtual Network Computing, and the other appeared to be configured to run websites.

I will be the first one to admit that the ability to remote-control one's desktop is both convenient, saves commuting time, and is really, really cool.  I've used those capabilities myself for years.

But I was not a Cabinet-level government official sending and receiving top-secret and other classified information, which is why there are rules against not using secured government servers and against precisely this kind of remote-access software even for Foggy Bottom's non-classified systems.

Just as with all of Barack Obama's scandals, there is a threshold, a Rubicon beyond which one has to move beyond ascribing the wrongdoing to "incompetence" and being "in over her head" and such, and come to grips with the likely possibility that the malefeasant actions were taken with malice aforethought.

Evidently I'm at least one of the first analysts to arrive there, because the "incompetence" meme still appears to be ascendant:

“That’s total amateur hour,” said Marc Maiffret, who has founded two cyber security companies. He said permitting remote-access connections directly over the Internet would be the result of someone choosing convenience over security or failing to understand the risks. “Real enterprise-class security, with teams dedicated to these things, would not do this,” he said. …

The findings suggest [Mrs.] Clinton’s server “violates the most basic network-perimeter security tenets: Don’t expose insecure services to the Internet,” said Justin Harvey, the chief security officer for Fidelis Cybersecurity.

The Clintons have been accused of a great many things, but "incompetence" is not one of them.  And I don't believe it applies here, either.  I think Mrs. Clinton knew about the risks and simply didn't care about them.  She wanted the convenience and the "coolness" and didn't give a Cleveland steamer about the gaping security vulnerabilities.  "In for a penny, in for a pound," as it were.  And that's the best-case scenario; at worst, she deliberately exposed every last U.S. state secret to all our enemies in order to deal a crippling blow to U.S. national security in keeping with the Obama Doctrine (reducing America to the level of the rest of the world).  In which case, there's one more "mission accomplished" banned to hang in the Oval Office, whether or not (and much more likely not) the Empress ever gets there.

The only real question here is whether there still might be a threshold beyond which criminal charges will have to be brought even against her.  I won't believe it even after I ever see it, and stranger things have NOT happened before, and some things really are impossible, but....well, Halloween is coming up.  Maybe some supernatural help isn't completely out of the equation.

No comments: