The Clinton email scandal continues to deteriorate. Most people following the issue will be aware of the review by the inspector general which was released yesterday. In part it said:
Two staff in S/ES-IRM reported to the OIG that, in late 2010, they each discussed their concerns about Secretary Clinton’s use of a personal email account in separate meetings with the then-Director of S/ES-IRM. In one meeting, one staff member raised concerns that information sent and received on Secretary Clinton’s account could contain Federal records that needed to be preserved in order to satisfy Federal recordkeeping requirements. According to the staff member, the Director stated that the Secretary’s personal system had been reviewed and approved by Department legal staff and that the matter was not to be discussed any further. As previously noted, OIG found no evidence that staff in the Office of the Legal Adviser reviewed or approved Secretary Clinton’s personal system. According to the other S/ES-IRM staff member who raised concerns abut the server, the Director stated that the mission of S/ES-IRM is to support the Secretary and instructed the staff never to speak of the Secretary’s personal email system again.
Ms.Clinton has also publically stated it was reviewed and approved. There are lots of other damning items in the review. And we haven’t even seen the results of the FBI investigation yet. Interesting time are ahead for “Crooked Clinton”.
But unless you “have your finger on the pulse” of some other sources you wouldn’t know that some really mindboggling stupid computer security practices were in place at the Clinton residence:
According to historic Internet address maps stored by San Mateo, Calif. based Farsight Security, among the handful of Internet addresses historically assigned to the domain “clintonemail.com” was the numeric address 184.108.40.206. The subdomain attached to that Internet address was….wait for it…. “printer.clintonemail.com“.
Ronald Guilmette, a private security researcher in California who prompted me to look up this information, said printing things to an Internet-based printer set up this way might have made the printer data vulnerable to eavesdropping.
“Whoever set up their home network like that was a security idiot, and it’s a dumb thing to do,” Guilmette said. “Not just because any idiot on the Internet can just waste all your toner. Some of these printers have simple vulnerabilities that leave them easy to be hacked into.”
More importantly, any emails or other documents that the Clintons decided to print would be sent out over the Internet — however briefly — before going back to the printer. And that data may have been sniffable by other customers of the same ISP, Guilmette said.
“People are getting all upset saying hackers could have broken into her server, but what I’m saying is that people could have gotten confidential documents easily without breaking into anything,” Guilmette said. “So Mrs. Clinton is sitting there, tap-tap-tapping on her computer and decides to print something out. A clever Chinese hacker could have figured out, ‘Hey, I should get my own Internet address on the same block as the Clinton’s server and just sniff the local network traffic for printer files.’”
I repeat, “Whoever set up their home network like that was a security idiot…”. It’s stupid to route your printer traffic via an outside network unless you are only printing the most vanilla of materials and need for people in the outside world to use your printer. Clinton had material on her email server that was highly classified. If she used the printer in this way it’s difficult to imagine that her printer traffic was not intercepted by unauthorized people. This is, in part, because whoever created the amazingly insecure system, essentially, advertised it to the public with the public subdomain records.
People need to go to jail over this.
Our country is in the best of hands.