Some Email Truths for Hillary Clinton

Uploaded on 2015-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

One thing Hillary Clinton should know is that armed guards aren’t really equipped to stop a data breach.

This week, shortly after former U.S. Secretary of State Hillary Clinton became the poster child for enterprise BYOD issues, she held a news conference to explain and justify her convenience-oriented defense. During that briefing, she said that her private email server “was set up for President Clinton’s office. And it had numerous safeguards. It was on property guarded by the Secret Service. And there were no security breaches.”
That's a frighteningly outdated view of email security. Either Clinton has a woefully inadequate understanding of information security (and to be fair, she would hardly be the only high government official of whom that could be said), or she was deliberately obfuscating the situation. It’s hard not to lean toward the second explanation when you consider that she had days to brief and prep before making this statement on email security.
It’s worthwhile to take a closer look at that brief extract from her statement. Consider these utterances:
The server “was set up for President Clinton’s office.”
There is a high probability that she was referring to her husband and not being presumptive about her next job. But, oh dear, her husband left office in January 2001 — more than 14 years ago. Did the email server setup date to that time? Fourteen years is a lifetime in tech security advances. Well, we do know that the clintonemail.com domain was first registered on Jan. 13, 2009, just around the time that the former first lady and New York senator was nominated as secretary of State, which would make it much more up to date. But as to what measures had been taken to secure the server, Clinton only said, that “it had numerous safeguards.” Like what?
“It was on property guarded by the Secret Service.”
A server’s physical security is a consideration, but it’s not the only consideration, or even the main consideration. Think of it. We live in a time when data breaches happen all the time. But how many of them have involved physical break-ins? Zero. Is there anyone who believes that a data breach involves some guy dressed like a robber in an old New Yorker cartoon, who breaks in and physically attacks servers with a screwdriver and a wrench? The idea that server protection can be delivered in the form of armed guards — even really good armed guards — is ludicrous. A secret Service agent could be standing right next to the server and not know that it’s being breached. And any server that’s handling the email of the U.S. secretary of State and a former U.S. president is going to attract the talents of the world’s best — and best-funded — spy agencies.
Also, Clinton didn’t quite say that the servers were protected by the U.S. Secret Service, but merely that the servers were housed somewhere on a piece of properly that the Secret Service guarded.

“And there were no security breaches.”
Haven’t people learned yet that one can’t prove a negative? If Clinton’s email had indeed been accessed by, say, government agents representing Russia, North Korea or Iran, they would have merely copied files remotely, covered their tracks, deleted parts of key log files and quietly exited. Any secret agent who left evidence of tampering should be drummed out of the Get Smart Fan Club.
Clinton doesn’t necessarily flunk Cybersecurity 101, though. Her staff has said that she never emailed any sensitive information, instead relegating all such matters to handwritten notes that were delivered via secure channels. Email is highly insecure, and not entrusting sensitive information to it is the best way to protect that information. Computerworld: http://ow.ly/KnA3X

 

 

 

« The Internet Of Things TransForms Three Industries!
The CIA Has Been Hacking Your iPhone »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Eversheds Sutherland

Eversheds Sutherland

Eversheds Sutherland is a global multinational law practice offering a full range of commercial and IT law services including Privacy, Data Protection and Cyersecurity.

Logpoint

Logpoint

Logpoint is a creator of innovative security platforms to empower security teams in accelerating threat detection, investigation and response with a consolidated tech stack.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

Terra Quantum

Terra Quantum

Terra Quantum is a deep tech pioneer, developing revolutionary quantum applications to shape the technology of the future.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

Sidcon International Consulting Company

Sidcon International Consulting Company

SIDCON International Consulting Company has been providing consulting services since 2002 for private and public organizations in Ukraine and other countries.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

IDCARE

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. Our service is the only one of its type in the world.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.