+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

'Like inviting spies over to dinner': Cyber experts are stunned by Hillary Clinton's security choices

Oct 13, 2015, 23:19 IST

Hillary Clinton listens to a question at a campaign event in Davenport, Iowa October 6, 2015.Jim Young/Reuters

Cyber security experts are skeptical of the companies Hillary Clinton chose to oversee her private email server, which allegedly contained classified and top secret national security information from when she served as Secretary of State.

Advertisement

After she left the State Department in 2013, Clinton - now under fire for using a personal email account for work-related correspondences while serving as America's top diplomat - hired at least three separate firms to manage different aspects of her server.

The firms included Platte River Networks, a Denver-based firm that hosted her server; SECNAP, which sold her a firewall program known as CloudJacket SMB to detect hackers; and Datto, Inc., a cloud storage company that backed up Clinton's emails in case her server crashed.

The companies, which are relatively unknown, have been described by some cyber security experts as odd choices for such a high-level public figure.

"I've never heard of SECNAP or CloudJacket SMB, which says a lot right there," Michael Borohovski, CEO and founder of TinFoil Security, told Business Insider. "But the 'SMB' in 'CloudJacket SMB' means Small Medium Business, which Hillary Clinton is not."

Advertisement

"She was evidently using the cheapest plan of this tool, which is a run-of-the-mill firewall to begin with," Borohovski added. "If you're Secretary of State, or running for President, I wouldn't recommend it."

Joe Loomis, CEO of CyberSponse, hadn't heard of SECNAP or its threat monitoring tool, either.

"It's pretty shocking," Loomis told BI. "Why entrust this small, unknown company with protecting the data of a former Secretary of State?"

Democratic presidential candidate Hillary Clinton speaks to supporters at the Human Rights Campaign Breakfast in Washington, October 3, 2015.Joshua Roberts/Reuters

Clinton's unusual email system was originally set up by a staffer during Clinton's 2008 presidential campaign, replacing a server used by her husband, former President Bill Clinton.

Advertisement

Facing criticism earlier this year for her use of the server, Clinton handed over about 30,000 work-related emails for the State Department to make public and deleted about 31,000 emails she says were personal.

Facing mounting criticism over her use of the server while she served as Secretary of State, Clinton handed over the server to the FBI in August and defended herself earlier this month on Meet The Press by saying she was unfamiliar with the server's "technical aspects."

She added that she "was not that focused" on the server, which she left in the hands of experts when it came to security.

Former Secretary of State Hillary Clinton.NBC/screengrab

But because Clinton made a conscious decision to bypass the State Department's server - and the millions the government has spent to protect it - in favor of her own risky setup, her ignorance of the technological particulars a poor excuse, Loomis said.

"The fact that Clinton chose to use her personal email instead of a .gov account shows that she obviously doesn't understand security," Loomis added. "What she did is like inviting spies over to dinner - every device connected to the internet is an opportunity for them to collect intelligence."

"This world is full of cyber warfare, and your computer is a part of that warzone."

'Potential negligence'

U.S. Democratic presidential candidate Hillary Clinton greets audience members at the Boston Community Forum on Substance Abuse in Boston, Massachusetts October 1, 2015.Brian Snyder/Reuters

Another company, Datto, Inc.- founded eight years ago by Austin McChord out of his parents' basement - was hired by Clinton in June 2013 to store and back up her emails on a cloud in case her server crashed.

But Platte River, which has housed Clinton's server since 2013, told Politico last week that Datto "was never supposed to have a cloud."

Advertisement

In response to the controversy, McChord posted a statement on Datto's website ensuring clients that "the privacy and security of our customers' data is paramount ... Datto, by virtue of our channel model, does not generally know who our end users are or have the ability to access their data stored in our cloud."

And while cloud storage itself is not inherently dangerous, extra steps should be taken to secure the data of any high profile client, which makes it important for the company to know who it is serving.

'Total amateur hour'

US Government photo

Clinton's use of the server was allowed under State Department regulations, but there are rules governing how the server should be configured and protected so it is not vulnerable to cyberattacks.

Reports that hackers in China, South Korea, Germany, and Russia tried to break into Clinton's server have raised questions about the kind of security precautions the 2016 presidential candidate and her team took to safeguard the sensitive information that sometimes passed through her inbox.

Advertisement

But the malicious emails highlight the fact that Clinton's server was at least vulnerable.

And according to a new AP investigation, the way Clinton's server was connected to the internet - via a Microsoft remote desktop service that permitted remote access connections without additional protective measures - made it particularly vulnerable to hackers, which is something her security experts should have known.

President Barack Obama and then Secretary of State Hillary Clinton in 2011.AP/Charles Dharapak

"That's total amateur hour," Marc Maiffret, Chief Technology Officer at BeyondTrust, told AP. "Real enterprise-class security, with teams dedicated to these things, would not do this."

Advertisement

"It's possible Clinton's server was breached before she even sent her first email," Borohovski said.

"She probably didn't mean to put government at risk, but she ended up doing it by running an external mail server that was secured with questionable resources."

NOW WATCH: Obama has been getting the best of Trump for years

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article