JimBowie1958
Old Fogey
- Sep 25, 2011
- 63,590
- 16,767
- 2,220
There are a number of nations that have openly been conducting cyberwarfare, or internet warfare; Russia, China, North Korea, Iran, even some of our allies engage in it to benefit their corporations.
Since Hillary's email address indicated that she had this private email server, what is the likelihood of a nation getting access to it via spoofing a friendly account from another site?
FBN Exclusive: DOJ Officials Fear Foreign Telecoms Hacked Clinton Emails, Server | Fox Business
Officials close to the matter at the Department of Justice are concerned the emails Hillary Clinton sent from her personal devices while overseas on business as U.S. Secretary of State were breached by foreign telecoms in the countries she visited—a list which includes China.
“Her emails could have easily been hacked into by telecoms in these countries. They got the emails first, and then routed them back to her home server. They could have hacked into both,” one Justice Department official close to the matter says.
Another Justice Department official adds: “Those telecommunications companies over there often have government workers in there. That telecom in that foreign country could then follow the trail of emails back to her server in the U.S. and break into the server” remotely over the Internet. At various points in this process, there were multiple entry points to hack into Clinton’s server to steal information, as well as eavesdrop, the Justice Department officials say.
Clinton server faced hacking from China, South Korea and Germany
Clinton server hack attempts came from China, Korea, Germany
http://gawker.com/how-unsafe-was-hillary-clintons-secret-staff-email-syst-1689393042
"It is almost certain that at least some of the emails hosted atclintonemails.com were intercepted," independent security expert and developer Nic Cubrilovic told Gawker.
Within the instant classic "ClintonEmail.com" domain, it appears there are three separate servers. The domain's blank landing page is hosted by Confluence Networks, a web firm in the British Virgin Islands, known for monetizing expired domain names and spam.
But the real worry comes from two other public-facing ClintonEmail.com subdomains, which can allow anyone with the right URL to try to sign in.
One is sslvpn.clintonemail.com, which provides a login page that apparently uses an SSL VPN—a protocol that allows your web browser to create an encrypted connection to a local network from any internet connection—to users to access their email. That sounds secure, and under the right circumstances, for regular users, it can be. But there are two huge problems with using it for the Secretary of State's communications with her staff and others.
First: Anyone in the world with that URL can attempt to log in. It's unclear what exactly lies on the other side of this login page, but the fact that you could log into anything tied to the Secretary of State's email is, simply, bad. If the page above is directly connected to Clinton's email server, a login there could be disastrous, according to Robert Hansen, VP of security firm WhiteHat Labs:
It might be the administrative console interface to the Windowsmachine or a backup. In that case, all mail could have been copied.
What's more troubling is the fact that, at least as of yesterday, the server at sslvpn has an invalid SSL certificate. Digital certificates are used to "sign" the encryption keys that servers and browsers use to establish encrypted communications. (The reason that hackers can't just vacuum the internet traffic between your browser and Google's Gmail servers and read your email is that your browser is encrypting the data to a public encryption key. The reason that you know that you are encrypting to Google's key and not to, say, the People's Liberation Army's, is that the Gmail servers have a digital certificate from a trusted third-party confirming that the key is theirs.)
The potential harm was enormous, as the following story illustrates one concern regarding lost data.
The Spy Satellite Secrets in Hillary’s Emails
Since Hillary's email address indicated that she had this private email server, what is the likelihood of a nation getting access to it via spoofing a friendly account from another site?
FBN Exclusive: DOJ Officials Fear Foreign Telecoms Hacked Clinton Emails, Server | Fox Business
Officials close to the matter at the Department of Justice are concerned the emails Hillary Clinton sent from her personal devices while overseas on business as U.S. Secretary of State were breached by foreign telecoms in the countries she visited—a list which includes China.
“Her emails could have easily been hacked into by telecoms in these countries. They got the emails first, and then routed them back to her home server. They could have hacked into both,” one Justice Department official close to the matter says.
Another Justice Department official adds: “Those telecommunications companies over there often have government workers in there. That telecom in that foreign country could then follow the trail of emails back to her server in the U.S. and break into the server” remotely over the Internet. At various points in this process, there were multiple entry points to hack into Clinton’s server to steal information, as well as eavesdrop, the Justice Department officials say.
Clinton server faced hacking from China, South Korea and Germany
Clinton server hack attempts came from China, Korea, Germany
http://gawker.com/how-unsafe-was-hillary-clintons-secret-staff-email-syst-1689393042
"It is almost certain that at least some of the emails hosted atclintonemails.com were intercepted," independent security expert and developer Nic Cubrilovic told Gawker.
Within the instant classic "ClintonEmail.com" domain, it appears there are three separate servers. The domain's blank landing page is hosted by Confluence Networks, a web firm in the British Virgin Islands, known for monetizing expired domain names and spam.
But the real worry comes from two other public-facing ClintonEmail.com subdomains, which can allow anyone with the right URL to try to sign in.
One is sslvpn.clintonemail.com, which provides a login page that apparently uses an SSL VPN—a protocol that allows your web browser to create an encrypted connection to a local network from any internet connection—to users to access their email. That sounds secure, and under the right circumstances, for regular users, it can be. But there are two huge problems with using it for the Secretary of State's communications with her staff and others.
First: Anyone in the world with that URL can attempt to log in. It's unclear what exactly lies on the other side of this login page, but the fact that you could log into anything tied to the Secretary of State's email is, simply, bad. If the page above is directly connected to Clinton's email server, a login there could be disastrous, according to Robert Hansen, VP of security firm WhiteHat Labs:
It might be the administrative console interface to the Windowsmachine or a backup. In that case, all mail could have been copied.
What's more troubling is the fact that, at least as of yesterday, the server at sslvpn has an invalid SSL certificate. Digital certificates are used to "sign" the encryption keys that servers and browsers use to establish encrypted communications. (The reason that hackers can't just vacuum the internet traffic between your browser and Google's Gmail servers and read your email is that your browser is encrypting the data to a public encryption key. The reason that you know that you are encrypting to Google's key and not to, say, the People's Liberation Army's, is that the Gmail servers have a digital certificate from a trusted third-party confirming that the key is theirs.)
The potential harm was enormous, as the following story illustrates one concern regarding lost data.
The Spy Satellite Secrets in Hillary’s Emails
