Bill Clinton Staffer’s Email Was Breached on Hillary's Private Server, FBI Says
https://www.wired.com/2016/09/fbi-says-bill-clinton-staffers-email-breached-private-server/
Since it came to light that Hillary Clinton ran a private email server during her time as Secretary of State, that computer’s security has become a subject of controversy among politicos whose only notion of a “server” until recently was a waiter carrying canapés at a fundraising dinner. But now the FBI has released the first hint that Clinton’s private server may have been compromised by hackers, albeit only to access the email of one of former president Bill Clinton’s staffers. And though there’s no evidence the breach went further, it’s sure to offer new fodder to critics of Clinton’s handling of classified data. On Friday afternoon, the FBI released a new set of documents from its now-concluded investigation into Clinton’s private email server controversy. The 60-page report includes a description of what sounds like an actual hacker compromise of one of Bill Clinton’s staffers. It describes that in early January 2013, someone accessed the email account of one of his female employees, whose name is redacted from the report. The unnamed hacker apparently used the anonymity software Tor to browse through this staffer’s messages and attachments. The FBI wasn’t able to determine how the hacker would have obtained the her username and password to access her account, which was also hosted on the same private server used by then-Secretary of State Clinton.“The FBI’s review of available…web logs showed scanning attempts from external IP addresses over the course of [IT manager Bryan] Pagliano’s administration of the server, only one appears to have resulted in a successful compromise of an email account on the server,” the report reads. “Three IP addresses matching known Tor exit nodes were observed accessing an e-mail account on the Pagliano Server believed to belong to President Clinton staffer [redacted].” In a press conference in July, FBI director James Comey said that how presidential candidate Clinton mishandled classified documents stored in emails on that private server didn’t warrant criminal charges, but nonetheless called her behavior “extremely careless.” And the FBI’s investigation did, in fact, turn up dozens of email chains that contained classified documents, including eight whose contents were “top secret.” The FBI could find no evidence that any of those classified documents had been compromised, but also cautioned that it might lack the forensic records to know if they had been. The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security. “Clinton’s reckless conduct and dishonest attempts to avoid accountability show she cannot be trusted with the presidency and its chief obligation as commander-in-chief of the U.S. armed forces,” wrote Donald Trump campaign communications staffer Jason Miller in response to the FBI’s release of more documents from its investigation. The Clinton campaign didn’t immediately respond to a request for comment. Though the single-user email breach doesn’t indicate any inherent vulnerability in the Clintons’ server, it does show a lack of attention to its access logs, says Dave Aitel, a former NSA security analyst and founder of security firm Immunity. “They weren’t auditing and restricting IP addresses accessing the server,” Aitel says. “That’s annoying and difficult when your user is the Secretary of State and traveling all around the world…But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” Often overlooked in Clinton’s email scandal, however, is the fact that the official State Department IT systems have suffered terrible breaches of their own. Since it first came to light, the security community has roundly criticized Clinton for the reckless move of hosting her own email outside of scrutiny of federal government security efforts like those at the NSA. But often overlooked in Clinton’s email scandal, however, is the fact that the official State Department IT systems have suffered terrible breaches of their own. In 2014 and 2015, hackers believed to be based in Russia accessed State unclassified email systems so thoroughly that in November of 2014, the Department’s security staff were forced to take the email servers offline to try to root out the hackers. On Clinton’s private server, other than that single staffer’s compromised account, the FBI’s report notes only multiple hacking attempts in the form of “brute force” guessing of login credentials. Those attempts increased when the existence of the server was exposed by the New York Times in the spring of last year. But none of the recorded attempts seem to have succeeded. At one point, the FBI record notes, Clinton did receive an email containing a malicious link, sent from the apparently hijacked or spoofed personal account of a State Department staffer. Clinton responded, “Is this really from you? I was worried about opening it!” But the FBI found no evidence of malware on Clinton’s server or any of her personal devices. For all her security snafus, give Clinton this much credit: she can at least spot a phishing email when she sees it.