Tag Archives: Hillary Clinton

Hillary Clinton’s Home Server: It’s Really Not About the Emails

A recent article posted in the Huffington Post (http://www.huffingtonpost.com/h-a-goodman/why-did-hillary-clinton-need-a-private-server-the-answer-makes-bernie-sanders-president_b_9397304.html) got me thinking: it’s really not about the emails – its about the network she used away from the State Department offices.

So as to keep the ‘geek speak’ to a minimum (and please, this isn’t about partisan politics: it’s about the network and security that’s being used) here’s the deal,…

The point this article brings up is that Clinton never once utilize her government issued email address – in fact, no official state department email addresses – was utilized by her during her tenure as Secretary of State. The Secretary instead utilized her private e-mail to conduct official state department business.

This naturally lends to several key questions – these being the following:

1) Private or Public service? Utilizing a private service / server in the conducting of official business leaves open questions of propriety: did any ‘spill-over’ take place? Did any (for example) Clinton Foundation work spillover into official State Department? Rule of thumb is (as many of you would agree) separate e-mails insure (for purpose of e-discovery) a separation of business and private work in the event of any legal actions. If there were private / foundational emails on the very same server (and using the same e-mail address; more on that shortly) then in the event of legal discovery it would leave open the possibility of classified e-mails being accessed in the course of answering a legal action.

Also, it all leads open the elephant in the room: how much work was done on the server that was foundational versus that of official state department business? Did ever the two get mixed in? One approach would be to have two totally separate servers utilizing a single switch: the two servers would be on two totally separate ‘virtual’ networks (an industry standard) and thus there would be no question of anything ‘spilling over’ while insuring far superior security. This is network management 101; was this done? And this is important to ask for,…

2) Was practicing safe emailing conducted? Separate e-mails create a ‘firewall’ in terms of keeping things said in the course of official business from that of anything that could be contrued as ‘classified’. With one using the same e-mail for governmental, private work or even personal work, such a practice can lead to potentially confusing scenarios (‘hey, where’s that e-mail about the latest bombing raid? Oh, its next to the e-mail about getting that new sofa we ordered for the living room’ and that meeting we got regarding the foundation). And speaking of e-mails,…

3) Got good security? You got some pretty big wolves out there in the Internet and frankly, it’s probably a good rule of thumb to insure a greater (note that I did not say complete) level of security. Every computer – regardless if it’s a Power Edge Server or a more modest system – has some 65,000+ ‘ports’ that are readily targeted by hackers.

Given the fact that Clinton uses a private server at her home I’d be willing to wager that her home server / network was, at some point, successfully hacked; it’s just the odds. On average there are over 50,000 types of ‘malware’ and ‘attack software’ developed every day (Don’t take my word – Google it; incredible). Think about that for a minute and let it sink in,…

And BTW: did anyone ever conduct a ‘pen test’ – a penetration test – to insure that the home system was secured? I’d be curious to know if the IT staff at State did their due diligence and kept a log of their security checks as they are required to do so (standard professional practice).

And understand this: with all the malware out there, if the Secretary was conducting any business at all – state department, ordering home furnishings or foundational work or whatever – then all it takes is one (1) bad e-mail with a virus / malware / bot – to truly wreck havoc. More often than not, not all anti-virus systems catch every ‘bad’ software that’s out there. Nobody and nothing is totally perfect or secure: its the nature of the software security beast.

4) What are the hardware and network schematics? Love to see the network schematic. I’m curious: was there a Cisco (or even Juniper) switch installed on her home system? If there was (and I would expect it to be) odds are (as recently reported) Cisco switches (the industry standard and most prevalent) were exposed to have a ‘zero day’ exploit – the very same exploit that virtually shut down the Australian national network not too long ago (seems as though somebody at the Cisco factory literally installed a “back door” – and then failed to mention it, leaving it wide open for access!). We can naturally assume that there was some kind of DMZ – i.e., a server (usually a proxy server or some such thing) placed on the ‘edge’ of the home network that would require to be accessed before the server containing the actual emails was accessed.

5) Adhering to federal records requirements. According to the article, if there are some 33,000 e-mails deleted, this is not good; this would be in clear violation of Federal records management standards as unless there is a duly submitted and processed ‘records destruction request’, then deletions are considered illegal. Bad enough that the creeps during the recent Bush administration did this; no reason to excuse another’s actions just because the creeps (who rightfully belong in jail) did so. Two wrongs don’t make a right.

6) Why not letting somebody else assume the responsibility and the blame? Assuming that the Secretary of State purchased the home server and network on her own dime, why not instead let the government professionals and the taxpayer pay for all of this? Save money, time and hassle. Avoid all of this nonsense and be assured that if things do go south, it’s not the candidates fault and thus avoid the hassle of this entire subject matter.

7) Any backups? In the event of a power surge, a lightning strike or some other act of God taking place at the Clinton home, were there any backups conducted with regard to the home server so that any official emails wouldn’t be lost? If so, where are those backups and how are they secured? Are they backed up on tape? In the cloud? In another server? And how are those back ups (if any) secured? And if there are no backups, what the hell: don’t we want to insure that we don’t lose official state department e-mails that could be important for future reference?

In the end, that’s what this all is: a distraction. There’s a lot to be done and a lot to be focused on, but frankly, somebody wasn’t thinking when they undertook this approach of using a dedicated home system: it only raise more questions than answers.

Put it this way: I don’t think a private financial firm or a health service would utilize a home server in the course of conducting business.

In the meantime, I truly hope that nothing comes of this – and that somewhere out there, we won’t later hear about how Clinton’s home system was hacked and the resulting exposure akin to a ‘Snowden’ effect, with classified state department e-mails spilling all over the internet. After all, far bigger players – both private and government – have been hacked.

As to this issue insuring Sander’s getting the Presidency? Well, I personally think it’ll take more than just what’s being said in here – but it certainly does not diminish the importance of the issue and does indeed raise a series of concerns, especially as it relates to matters of national security.

Please set aside your partisan arguments or denouncements; I’m merely asking some basic 101 hardware and software questions that are standard for anyone working within the realm of computer security, particularly as it relates to higher level governmental service.

These points need to be answered. As a taxpayer (and a professional) I’d like to make sure that nothing comes out of this that would hurt Clinton’s fair chance at getting a higher office, nor expose me or my community to any dangers lurking by way of individuals seeking to harm my country.

But if this is turns out to be standard practice by Mrs. Clinton, I have to ask: what else is taking place and are we all being placed at risk?

Advertisements

Shadow IT and Home Streaming

091112-03-submarine-wreck_big

Torpedoes in the water!

Several remarkable developments took place this past week that are guaranteed to rock some boats:

1) Streaming gains greater steam. HBO and Apple are near agreement in streaming HBO. The significance is substantial. Subscribers need no longer be directly subscribed to their cable / Fios provider to watch HBO. Arguably, once HBO goes than the others will follow suit, raising the number of streaming services – and with that the death knell of traditional cable / FIOS television viewing rings ever louder. After all, why pay for ‘premium’ cable / Fios service to get the channels for the shows you want to watch when you can simply pay a far smaller fee to simply stream directly. No longer will you have to subscribe to a specific channel and wait for when your show comes on when you can simply stream, pick and choose what you want when you want it?

It should also be noted that this is not only impactful for Apple TV users, but others – Roku top among them – are also going to find this development very fruitful and in turn, continue the growing collapse of traditional television viewing that has been in place now for well over 40 years since cable first started appearing in selected suburban locales.

2) Net neutrality is reinforced. The growing presence of internet streaming perhaps is why some corporate folks are not taking this development too well. Witness Verizon and Comcast’s reaction to the recent FCC ruling regarding ‘net neutrality’, where the cable providers are denied the ability to charge a higher fee for those subscribers who seek faster Internet (ostensibly to stream).

In the meantime, Comcast and Sony continue their sniping, denying PS4 users direct access to view HBO Go (http://www.theverge.com/2015/3/5/8156025/comcast-blocks-hbo-go-sony-ps4) – underscoring precisely why this is a good reason why net neutrality is critical for free enterprise and the curbing of monopolies. While Verizon argues that the FCC is harkening back to the 1930’s with their snide press release written in 1934 type, Verizon is being disingenuous (putting it politely) at best for they ignore the reality that the rules changed back during the Clinton Era and then again in 2007 to account for the reality of DSL (Digital Subscriber Lines) readily brings federal legislation up to the 21st century. With sore losers as these, we should be thankful for the FCC being proactive and progressive.

3) The Growing Presence of Shadow IT. Interestingly, it was revealed our Secretary of State Hillary Clinton allegedly used her office IT services to conduct personal business when in reality, it’s a little more complicated than that (http://www.zdnet.com/article/hillary-clinton-takes-shadow-it-mainstream/). Regardless of your partisan position regarding Ms. Clinton, what’s remarkable is the fact that her home office revealed usage of a home network – something which we’ve written about in the past here on Shockwaverider (“The Office is Dead; Long Live The Virtual Office”). What’s remarkable is that we’re seeing the growth of a phenomenon: the office as no longer being defined by any one location. Consider: what Ms. Clinton basically did was connect her home office to that of her professional office into a network ostensibly allowing her to continue her work away from the main office.

This is nothing new. To a lesser degree many executives practice shadow IT now, taking with them on the weekends home their company phones, tablets and laptops. Now, we’re seeing a new aspect of this trend: creating home networks that in turn, link to the office. This trend underscores an overlooked point: what is practiced or utilized at home inevitably influences what takes place at work. It’s widely known that the growth of iPads and iPhones in the office were largely attributed to executives having their own personal items, only to become enamored of them to the point where they would insist on utilizing the same in the office.

Now take it one step further.

With the rise of Internet streaming, more and more people are finding the need for home networks, whether they did basic such as a Roku or a series of personal laptops and desktops connected via wireless to a single Internet / web portal access point – to something ala Madame Secretary of State, a full-fledged home computer network (for the record, I do the same via a home network, utilizing a 6 terabyte RAID system. It’s really not that hard to do at all and you’ll find a lot of advantages in doing so,…).

Which is apparently what Madame Clinton found, but with the catch of mix and mis-matching: work email spilling over into non-work. It’s always best to practice safe e-mailing. As a former governmental Records Manager, we can expect to see more of these snafus coming up, so expect to see here at Shockwaverider a posting about practicing safe records management in the not so far future.

In the meantime, expect to see more torpedoes and explosions on the horizon as our world continues its evolutionary arc – but have no fear: the Shockwaverider crow’s nest is always on the lookout,…