Hackers tried to breach Clinton's private server with malicious emails

Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper
September 30, 2015
Hackers steal 15 million T-Mobile customers' data from Experian credit bureau
October 2, 2015

|A new set of Hillary Clinton’s emails shows she encountered security threat to her private server while she was secretary of state. Officials believe the hacking attempt was connected to Russia. Also, there was uproar over the House committee investigating Benghazi, after Rep. Kevin McCarthy seemed to acknowledge its purpose was to bring Clinton down. Nancy Cordes reports.

 

The recent news about Hillary Clinton receiving spam might be overblown but let’s dig a little deeper:

1)   Yes, the 5 Russian emails were “SPAM” but also known as “PHISHING”.  They also contained a RAT (malware – remote access Trojan) attachment.

2)   If you open the attachment, your windows computer gets infected and secretly phones home to one of three servers, and Sophos pointed out that the main one was in Russia.

3)   While Al Gore said Bill Clinton “NEVER” used email.  NY times, WSJ and other believe he has officially sent two emails as president – that’s it over 8 years!  http://blogs.wsj.com/washwire/2015/03/10/bill-clinton-still-doesnt-use-email/  – kind of funny tie in “Bill only sent 2 emails in 8 years as president and hillary has 60,000 ‘disappear’ from ‘wiping’ (you mean ‘with a cloth’ she says)…

4)   Spear Phishing (which may be discovered in her emails as FBI continues to probe) are very dangerous because you think ‘I need to open this now’ because it looks so real and is based on eavesdropping of unencrypted emails over internet to learn who you talk to, etc.

5)   Facebook, LinkedIn and Twitter usually link to your email and they can be hacked to find out people’s email and many accidentally keep that and other info in their public facing profile.

6)   There are four laws this issue comes under (see below “The Laws”)

7)   Under a program that took place under President G.W. Bush called “Total Information Awareness” aka TIA there have been numerous ‘eavesdropping’ and ‘intrusion detection systems’ that are very advanced placed on .mil and .gov and elsewhere to dig into emails – remember carnivore? or Einstein? so why would we want emails to not be protected by our government.  US Gov can detect in most cases when an email results in traffic flowing to Russia or china…if not sleeping at wheel as in OMB case recently.

8)  Yes, OMB, White House under POTUS Obama and more agencies get hacked all the time now.  It’s spear phishing and RATS.  Bottom line, it’s on the UNCLASSIFIED and unencrypted channels but still risky.  Ultimately Hillary emails during time in US Gov should stay under state.gov not clintonemail.com  more details: https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy

Here are the Laws she’s risked breaching…

The Laws

At issue are four sections of the law: the Federal Records Act, the Freedom of Information Act (FOIA), the National Archives and Records Administration’s (NARA) regulations and Section 1924 of Title 18 of the U.S. Crimes and Criminal Procedure Code.

In short:

  • The Federal Records Act requires agencies hold onto official communications, including all work-related emails, and government employees cannot destroy or remove relevant records.
  • FOIA is designed to “improve public access to agency records and information.”
  • The NARA regulations dictate how records should be created and maintained. They stress that materials must be maintained “by the agency,” that they should be “readily found” and that the records must “make possible a proper scrutiny by the Congress.”
  • Section 1924 of Title 18 has to do with deletion and retention of classified documents. “Knowingly” removing or housing classified information at an “unauthorized location” is subject to a fine or a year in prison.

This is a big deal.  Just read this:

http://www.cyberdefensemagazine.com/opm-stolen-data-includes-5-6-million-fingerprints/

and

https://www.snoopwall.com/us-government-databreach-four-times-larger-than-originally-estimated/

It’s also part of a bigger wakeup call to the US Government about better training staff on INFOSEC policies, implementing them across the board, even in unencrypted and open channels and being one step ahead of the Year of The RAT, see:

https://www.snoopwall.com/wp-content/uploads/2014/12/2015-Year-of-The-Rat-by-Gary-S-Miliefsky-SnoopWall_downloadPDF.pdf and https://www.snoopwall.com/wp-content/uploads/2015/01/SnoopWall-Supplement-to-Year-of-the-RAT-Threat-Report-Email-Spear-Phishing-and-Email-Tracking-Attacks-Defenses-20151.pdf

Comments are closed.

Request Demo