scorecard
  1. Home
  2. tech
  3. Cybersecurity expert: Here's how the GOP could 'have a field day' with Hillary Clinton's email scandal

Cybersecurity expert: Here's how the GOP could 'have a field day' with Hillary Clinton's email scandal

Natasha Bertrand,Michael B Kelley   

Cybersecurity expert: Here's how the GOP could 'have a field day' with Hillary Clinton's email scandal
Tech6 min read

Hillary Clinton

Ethan Miller/Getty Images

Democratic presidential candidate and former U.S. Secretary of State Hillary Clinton speaks at the National Association of Latino Elected and Appointed Officials' (NALEO) 32nd Annual Conference at the Aria Resort & Casino at CityCenter on June 18, 2015 in Las Vegas, Nevada.

The FBI is now in possession of the private email server Hillary Clinton used for work-related correspondences while she served as secretary of state during the first term of the Obama administration.

And what they find could give Clinton's political rivals the ammunition they need to forcefully attack her presidential campaign.

"If investigators find that her server was ever compromised, the GOP is going to have a field day," cybersecurity expert Alex McGeorge, a senior security researcher at Immunity, Inc., told Business Insider.

Though Clinton's use of a private email address was not illegal and permitted by State Department rules, the federal government has standards for how servers are built, how they are secured, and how their data is stored.

If Clinton failed to take one or all of the required steps to secure her private server - and if it is confirmed that classified information made its way into an insecure inbox - proving that this sensitive intelligence might be in the hands of foreign adversaries would be the GOP's "fastest path to victory" in the 2016 presidential election, McGeorge said.

Furthermore, demonstrating that the "clintonemail.com" server was hackable would be relatively easy, he said.

"Subpoena the exact configuration of the Clinton email server, and create a duplicate system as best as you are able," McGeorge said. "Put a legitimate bug bounty on it for real money (over $100k), to the first person who's able to get emails off of it. This gives the GOP proof that the system was hackable as configured."

'Top Secret/Sensitive Compartmented Information'

Clinton, the Democratic presidential front-runner in the 2016 election, has repeatedly said as recently as late July that she was "confident" she did not send or receive classified information by email.

However, Charles McCullough, the inspector general for the US intelligence community, recently said the server potentially included hundreds of classified emails, some of which include information derived from US intelligence agencies.

And this week, McCullough told Congress that he discovered two emails that are classified as 'Top Secret/Sensitive Compartmented Information," which is one of the government's highest levels of classification. Those two emails were drawn out of a batch of 40 emails randomly selected from about 30,000 "work-related" emails Clinton turned over to the State Department.

The Associated Press reports that the two emails "include a discussion of a news article detailing a US drone operation and a separate conversation that could point back to highly classified material in an improper manner or merely reflect information collected independently."

What's still unclear is how much classified information was consciously shared in the tens of thousands of emails - or what particular safeguards were taken to protect it.

"If Clinton knowingly used her private server to handle classified information she could have a problem," TIME senior correspondent explained recently. "But if she didn't know the material was classified when she sent or received it she's safe."

hillary clinton

REUTERS/Brian Snyder

U.S. Democratic presidential candidate Hillary Clinton holds a campaign town hall meeting in Claremont, New Hampshire August 11, 2015.

'Hillary Clinton's big problem now is legal'

"Hillary Clinton's big problem now is legal," Charles Lipson, a professor of international politics at the University of Chicago, argued in RealClearPolitics. "And it could well be insurmountable politically."

Lipson, the director of the Program on International Politics, Economics and Security at the University of Chicago, then listed. several "legal questions with huge political ramifications."

"Did the Clinton server meet the federal government's standards for how servers are built, how they are secured, and how data is retained? Was all sensitive material encrypted or did it circulate without those protections?" he wrote.

"Did anybody hack into the server? Did Secretary Clinton, who says she erased all 'personal' emails from the server, actually erase some government documents? If so, was that inadvertent or a possible cover-up? Who handled IT security for this server? Could he read the materials if he wished?"

Clinton's unusual email system was originally set up by a staffer during Clinton's 2008 presidential campaign, replacing a server used by her husband, former President Bill Clinton.

The new server was run by Bryan Pagliano, who had worked as the IT director on Hillary Clinton's campaign before joining the State Department in May 2009. In 2013 - the same year she left the State Department - Clinton hired the Denver-based company Platte River to oversee the system.

It's possible that Clinton's private server was more secure than the private email accounts of the nation's other top officials, "purely because it's a smaller target," cybersecurity expert Joe Loomis, the founder and CEO of Cybersponse, told Business Insider.

"Only she and a few other people are using it," he said.

hillary clinton

Mario Anzuoni

Democratic presidential candidate Hillary Clinton speaks at a Service Employees International Union roundtable

'A serious management mistake'

"Even if Secretary Clinton or her aides didn't run afoul of any criminal provisions, the fact that classified information was identified within the emails is exactly why use of private emails ... is not supposed to be allowed," Bradley Moss, a Washington attorney who specializes in national security matters, told McClatchy recently.

"Both she and her team made a serious management mistake that no one should ever repeat."

And Clinton's choice to eschew the State Department's email system looks particularly egregious, given her standing within the department.

If she felt the State Department's server wasn't secure enough, she "would have been in a good position to demand change," said McGeorge, the senior security researcher at Immunity, Inc. "But if it was a problem, and you decided to use your own server, then what did you do for your department?"

Former U.S. Secretary of State Hillary Clinton (2nd R) and current U.S. Secretary of State John Kerry (R) talk during a ceremony before breaking ground for the U.S. Diplomacy Center at the State Department in Washington September 3, 2014.

Reuters

Former U.S. Secretary of State Hillary Clinton (2nd R) and current U.S. Secretary of State John Kerry (R) talk during a ceremony before breaking ground for the U.S. Diplomacy Center at the State Department in Washington September 3, 2014.

And then there are the deleted emails.

Last October, the House of Representatives committee dedicated to investigating the 2012 terrorist attack on the US diplomatic compound in Benghazi asked Clinton for any emails she had relating to the attack.

Clinton obliged a separate request from the State Department, handing over roughly 55,000 pages of emails - about 60,000 emails in total. She deleted around 30,000 others that were "personal" in nature.

The fact that the State Department has no record of Clinton's email exchanges now that she has wiped her server clean also means that Clinton may have skirted the rules governing federal-records management, which require that anything relating to agency activity be captured on the department's server.

Interestingly, McGeorge said, "the FBI can now only investigate anything Clinton didn't take the time to erase" because she used the "clintonemail.com" address.

NOW WATCH: More trouble for Subway's Jared Fogle...

READ MORE ARTICLES ON


Advertisement

Advertisement