Thursday, March 05, 2015

bank on bill: keeping cashflows, sidechicks, and high-drama straight for generations....,

wired |  For a secretary of state, running your own email server might be a clever—if controversial—way to keep your conversations hidden from journalists and their pesky Freedom of Information Act requests. But ask a few security experts, and the consensus is that it’s not a very smart way to keep those conversations hidden from hackers.

On Monday, the New York Times revealed that former secretary of state and future presidential candidate Hillary Clinton used a private email account rather than her official email address while serving in the State Department. And this was no Gmail or Yahoo! Mail account: On Wednesday the AP reported that Clinton actually ran a private mail server in her home during her entire tenure leading the State Department, hosting her email at the domain

Much of the criticism of that in-house email strategy has centered on its violation of the federal government’s record-keeping and transparency rules. But as the controversy continues to swirl, the security community is focused on a different issue: the possibility that an unofficial, unprotected server held the communications of America’s top foreign affairs official for four years, leaving all of it potentially vulnerable to state-sponsored hackers.

“Although the American people didn’t know about this, it’s almost certain that foreign intelligence agencies did, just as the NSA knows which Indian and Spanish officials use Gmail and Yahoo accounts,” says Chris Soghoian, the lead technologist for the American Civil Liberties Union. “She’s not the first official to use private email and not the last. But there are serious security issue associated with these kinds of services…When you build your house outside the security fence, you’re on your own, and that’s what seems to have happened here.”

The most obvious security issue with Clinton running her own email server, says Soghoian, is the lack of manpower overseeing it compared with the State Department’s official email system. The federal agency’s own IT security team monitors State Department servers for possible vulnerabilities and breaches, and those computers fall under the NSA’s protection, too. Since 2008, for instance, the so-called Einstein project has functioned as an umbrella intrusion-detection system for more than a dozen federal agencies; Though it’s run by the Department of Homeland Security, it uses NSA data and vulnerability-detection methods.

Clinton’s email wouldn’t have the benefit of any of that expensive government security.


Dale Asberry said...

Quit playin' wit dat title...