Mail server

Security of Hillary Clinton’s private email server comes under scrutiny

The private email server used by Hillary Rodham Clinton certainly lacked the level of security employed by the government and could have been hacked fairly easily by determined foreign intelligence services, national security and cybersecurity experts said.

Following last week’s revelation that Clinton used a private email account as secretary of state, critics questioned whether the move left sensitive government communications vulnerable to hackers. At a press conference on Tuesday, Clinton said the server was installed for her husband, former President Bill Clinton, at their home in Chappaqua, NY, which she said was guarded by the Secret Service.

“I think . . . server usage . . . proved to be effective and secure,” she said.

But such assurances did not convince the technical experts.

“The layers of security that would have to be used to make a private exchange server as secure as something that is secured by the federal government would be quite significant,” said Timothy Ryan, a former FBI supervisory special agent who now manages cyber investigations. for Kroll. “It’s not that it can’t be done. I just find it unlikely.

In a question-and-answer sheet released Tuesday, Clinton’s office said “robust safeguards” had been put in place and “upgrades and techniques employed over time as they became available, including consultation and employment of third party experts”.

The bureau said “there is no evidence there was ever a breach” of the server.

Some experts said it was impossible to know for sure if that was the case. Clinton, according to at least a judicial accountused a standard commercial server running on Microsoft software which, like all widely available software, has vulnerabilities.

“If all she had was standard technology . . . it would just be a speed bump for a sophisticated adversary to gain access to everything there,” said Richard C. Schaeffer Jr., former director of information assurance at the National Security Agency.

Federal mail systems are hardly impervious to hackers. In November, the State Department shut down its unclassified email system after finding evidence that hackers had broken into it. target of cyberattacks” and officials “have had to fend off increasingly sophisticated email intrusions and phishing attempts.”

Some experts have said that the claim that government mail servers are more secure is a mistake. And a former NSA official said a private mail server could have provided Clinton with at least one benefit: obscurity.

“By having a [private] email system, you basically filter out 90% of the attackers,” said the former NSA official, who spoke on condition of anonymity because his current employer has not cleared him to speak officially. The State Department’s system, by contrast, he said, “is a big, big, big bull’s-eye to aim for.”

Even so, Clinton’s email account would not have remained completely off the radar of would-be hackers. She was communicating with other ministry officials, who would be targets.

“On a [target] on a scale of 1 to 10, she’s a 10,” said Schaeffer, who is now in the cybersecurity industry. “When you think about treaties, trade talks, anything the secretary of state would be involved in, she would be an incredibly lucrative target — maybe even more so than the president.”

Since Clinton exchanged emails with other senior officials, as well as President Obama, foreign spy services could also have attempted to spoof her account and send malicious software to the recipients in an attempt to to compromise their accounts, said Christopher Soghoian, senior technologist at the American Civil Liberties Union.

Clinton said Tuesday that she did not email classified material with her personal account.

PJ Crowley, a former State Department spokesman who worked with Clinton, said confidential discussions with her took place largely in person and over the phone rather than via email. When he emailed her, he said, “For the most part, I gave her her perspective on things that were in the public domain.”

Yet even unclassified emails would be attractive to a spy service – the NSA tapped German Chancellor Angela Merkel’s personal cell phone – because of the information it could glean about Clinton, her activities and those of his associates. Often, disparate pieces of unclassified data, when put together, can provide useful information, intelligence analysts say.

Some experts say it takes great discipline on the part of a public official to completely exclude sensitive information from emails. “I believe it is very likely that – even inadvertently – there is classified information in these emails,” said J. William Leonard, former director of the Information Security Oversight Office at the Archives. national.

He added that the government term for this is “spill” – when someone introduces, often inadvertently, classified information into an unclassified system.

Julie Tate contributed to this report.