According to a report by the Associated Press, Hillary Clinton’s private server was set up in a way that made it extremely vulnerable to hackers. Apparently it used Microsoft remote desktop with out the additional protective measures recommended to go with its use, leaving the desktop easily hackable by even the most lame and inexperienced hacker.
Records show that Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet. One contained similar remote-control software that also has suffered from security vulnerabilities, known as Virtual Network Computing, and the other appeared to be configured to run websites.
The new details provide the first clues about how Clinton’s computer, running Microsoft’s server software, was set up and protected when she used it exclusively over four years as secretary of state for all work messages. Clinton’s privately paid technology adviser, Bryan Pagliano, has declined to answer questions about his work from congressional investigators, citing the U.S. Constitution’s Fifth Amendment protection against self-incrimination.
Remote-access software such as Microsoft remote desktop allows users to control one computer from another via the internet. Generally they are used through a virtual private network known as a VPN. But Clinton’s server allowed remote-access connections without the safety of a VPN.
We already know that Ms. Clinton had at least two emails on her server that were top secret before they were sent, that her buddy Sidney Blumenthal sent an email to her server which contained the real name of an undercover CIA operative, had other classified information and of course some of the emails that were classified after she sent them should have been classified based on State Dept. rules.
Clinton has said that her server featured “numerous safeguards,” but she has yet to explain how well her system was secured and whether, or how frequently, security updates were applied.
We now know the safeguards weren’t used in all cases.
Clinton spokesman Brian Fallon said late Monday that “this report, like others before it, lacks any evidence of an actual breach, let alone one specifically targeting Hillary Clinton. The Justice Department is conducting a review of the security of the server, and we are cooperating in full.”
In other words, Fallon is saying this woman who as a former first lady and Secretary of State should have known better, kept classified information on a vulnerable server and now wants to have access to more of the nation’s secrets as President of the United States, but we shouldn’t worry because we don’t know for sure if she was hacked. Whew! That makes me feel a lot better (NOT).
“That’s total amateur hour,” said Marc Maiffret, who has founded two cyber security companies. He said permitting remote-access connections directly over the Internet would be the result of someone choosing convenience over security or failing to understand the risks. “Real enterprise-class security, with teams dedicated to these things, would not do this,” he said.
The government and security firms have published warnings about allowing this kind of remote access to Clinton’s server. The same software was targeted by an infectious Internet worm, known as Morta, which exploited weak passwords to break into servers. The software also was known to be vulnerable to brute-force attacks that tried password combinations until hackers broke in, and in some cases it could be tricked into revealing sensitive details about a server to help hackers formulate attacks.
(…) Mikko Hypponen, the chief research officer at F-Secure, a top global computer security firm, said it was unclear how Clinton’s server was configured, but an out-of-the-box installation of remote desktop would have been vulnerable. Those risks — such as giving hackers a chance to run malicious software on her machine — were “clearly serious” and could have allowed snoops to deploy so-called “back doors.”
I have worked for companies with various levels of computer sophistication. Every company for the past 25 years had a way for me to access my computer, or the company’s network remotely. But even the least sophisticated employer ensured that any remote access was through a VPN.
Either she was lazy or Mrs. Clinton didn’t care about national security. And don’t let the progressive Democrats tell you that this is all about politics, this is all about national security and protecting our families.