October 13, 2015

AP Report: Clinton’s Email Was Vulnerable To Attack

A new report from The Associated Press reveals Hillary Clinton’s private email that she used exclusively for State Department business was “more vulnerable to hackers” due to a feature allowing others to connect to her server and control it remotely:

Clinton’s server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn’t intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders.

Records show that Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet. One contained similar remote-control software that also has suffered from security vulnerabilities, known as Virtual Network Computing, and the other appeared to be configured to run websites.

That’s right—“even low-skilled intruders” would have had little trouble cracking into Clinton’s server.

Many office workers are familiar with accessing work-related email through a virtual private network, or VPN. Clinton had no such safeguard in place, and simply logged on to her email via the Internet.

“That’s total amateur hour,” said Marc Maiffret, who has founded two cyber security companies. He said permitting remote-access connections directly over the Internet would be the result of someone choosing convenience over security or failing to understand the risks. “Real enterprise-class security, with teams dedicated to these things, would not do this,” he said.

Read the full AP story here.