Clinton Email: Clinton's Private Email Server Extremely Vulnerable To Hackers, According To Report

The private home-based email server Hillary Clinton used during her tenure as secretary of state was set up in a way that made it more vulnerable to hackers by appearing "to allow user to connect openly over the Internet to control it remotely," according to a new Associated Press report.

Clinton seems to have decided not to use an encrypted connection such as a virtual private network (VPN) with her server, which was used for her personal and State Department correspondence. The lack of a VPN allowed the server to accept commands directly from the Internet.

Experts told AP that the remote desktop software on Clinton's server was extremely vulnerable to even low-skilled hackers. Several federal agencies including the State Department explicitly warned about using such unsecured systems.

"An attacker with a low skill-level would be able to exploit this vulnerability," the Homeland Security Department's U.S. Computer Emergency Readiness Team said in 2012.

Also in 2012, the State Department "outlawed use of remote-access software for its technology officials to maintain unclassified servers without a waiver. It had banned all instances of remotely connecting to classified servers or servers located overseas," according to AP.

The vulnerability in Clinton's server was pointed out by an anonymous hacker-researcher who three years ago used a computer in Serbia to scan hundreds of millions of Internet Protocol addresses and then released an Internet "census" of accessible ports. Clinton's server, which was kept in the basement of her home in Chappaqua, N.Y., was scanned at least twice in 2012, according to the census, which is widely available online and is how AP learned of the vulnerability. It's not clear if the hacker knew the server belonged to the U.S.'s top diplomat.

"That's total amateur hour," cybersecurity entrepreneur Marc Maiffret told AP. "Real enterprise-class security, with teams dedicated to these things, would not do this."

The FBI is currently conducting an investigation into whether Clinton's email use compromised any classified information or put national security at risk.

Two government inspectors general have concluded that Clinton sent at least two emails that were classified as top secret at the time they were sent. Scores of others emails included confidential or sensitive information, and more than 400 have now been classified by the State Department, according to Politico.

A number of security experts, and even former Defense Intelligence Agency Director Mike Flynn, believe Clinton's server was very likely hacked by adversarial foreign governments, like China, Russia, Iran or North Korea, reported the National Review.

The Senate Homeland Security and Government Affairs Committee recently noted that the server was the subject of attempted hacks by China, South Korea and Germany after Clinton left office in 2013.

Clinton campaign spokesman Brian Fallon said the AP report "lacks any evidence of an actual breach, let alone one specifically targeting Hillary Clinton. The Justice Department is conducting a review of the security of the server, and we are cooperating in full."

Tags
Hillary Clinton, State department, Hacking
Real Time Analytics