Hillary's Private Server a Foreign Spy Magnet
Hillary Clintonâ€™s private email server was a spy magnet for the Russian, Chinese, Iranian and other intelligence services, say current and former intelligence officials.
As secretary of state, Clinton routed all her government-related email through the server, based in her house in Chappaqua, New York. She reportedly hired a Cablevision (NYSE:CVC) subsidiary to run the server, with antivirus protection from Intelâ€˜s (NASDAQ:INTC) McAfee. And she registered her domain name, clintonmail.com, through Network Solutions.
Intelligence professionals fear that the use of the privately installed server, free of certified government defenses against foreign interception, has been a boon to foreign cyberspies.
â€œBy using her own private server with email â€” which we now know was wholly unencrypted for the first three months of Hillary Clintonâ€™s tenure as secretary of state â€” she left this easily interceptable by any decent 21st century SIGINT service,â€ said John Schindler, a former National Security Agency counterintelligence officer. SIGINT is shorthand for signals intelligence, or electronic spying.
â€œThe name Clinton right on the email handle meant this was not a difficult find,â€ Schindler said. â€œWe should assume Russians, Chinese and others were seeing this.â€
â€˜Epicâ€™ Counterintelligence Disaster
â€œIn all, this is a counterintelligence disaster of truly epic proportions, not to mention that, since Clinton admitted she did not use higher-classification email systems at allâ€ â€” systems like SIPR and JWICS, Schindler said â€” â€œwe have to assume some bleed-over into her unsecured private email too, which makes this even worse.â€
SIPR is the Secret Internet Protocol Router network that the Department of Defense runs to ensure secret communications for the U.S. military, other agencies and certain allies. JWICS is the Joint Worldwide Intelligence Communications System for top-secret government communication. Both provide secure communications for the State Department and secretary of state. Clintonâ€™s private server was not protected by the Department of Homeland Securityâ€™s Einstein intrusion detection system, which relies on NSA systems, for official State Department emails.
â€œShe may have deleted 30,000 e-mails before turning her files over to the State Department, but that doesnâ€™t mean that the Russians and the Chinese donâ€™t have them,â€ said Michelle Van Cleave, former U.S. National Counterintelligence Executive.
Others say that the potential damage to U.S. national security is so grave that the FBI should seize the server and conduct a forensic analysis to determine the extent of foreign penetration. That analysis would be part of what is called a damage assessment, which is routine after any suspected security breach.
FBI Forensic Analysis
However, the FBI might not find anything now, according to Rep. Trey Gowdy, R-S.C., chairman of a House investigative panel, who says that Clinton had the server wiped clean. Still, the forensic analysis by trained personnel could yield valuable clues about foreign spies gaining access to Americaâ€™s most fiercely guarded secrets. Gowdy has called on Clinton to appear before his committee for what he called a â€œtranscribed interview regarding her use of private email and a personal server for official State Department business.â€
Rep. Ken Buck, R-Colo., a former prosecutor, said that the FBI should conduct a forensic analysis of any attempted foreign penetrations, to determine which foreign intelligence services might have hacked into Clintonâ€™s email server.
â€œDenying a legitimate request by the Bureau to examine her computer would certainly suggest that Americaâ€™s security is not Clintonâ€™s highest priority,â€ Buck said.
â€œThe FBI investigated a sitting CIA director for intentionally disclosing classified information. The Bureau can certainly investigate whether a former secretary of state unintentionally disclosed classified information,â€ Buck said. â€œThe motive may be different, but the potential damage to national security is similar.â€
Why Clinton hasnâ€™t offered to turn over the server to the FBI, or why the FBI has not seized it to assess the damage to national security, is unclear. A Clinton spokesperson declined to comment.
In a question-and-answer sheet provided to reporters, Clinton did not address the issue. The FBI wonâ€™t say whether or not it made a request or took possession of the server. The Bureau does not have the device, according to a highly placed FBI source. That source is not cleared to speak to the press and could not speak on the record.
The lure of reading a secretary of stateâ€™s emails would exert a pull on any foreign spy, intelligence officials say.
Where, on a scale of one to 10, would any sitting secretary of state rank as a target of foreign spies? â€œ10, of course,â€ said Van Cleave. â€œThat being the case, all of her e-mails would have been potentially of interest to any number of foreign parties.â€
â€œA target like this would be at least a 10, maybe 10-plus if the enemy knew the email address and server,â€ said Robert W. Stephan, a former counterintelligence analyst at the Defense Intelligence Agency who also served 19 years in the CIA. â€œIf a foreign intelligence service determines that it is indeed the secretary of stateâ€™s private communications/e-mail/server and even given the security measures that were set up, it would still be a top target for some sophisticated services,â€ Stephan said. â€œObviously Chinese, Russian, and Cuban, and possibly Iranians and North Koreans.â€
That statement presumes that the server was strongly protected against outside penetration, which does not seem to be the case. News reports indicate that the serverâ€™s security configurations were done improperly, protecting Clintonâ€™s personal privacy and not national security, and that, even if everything was done by the book, that type of server and software package remains vulnerable to a good hacker.
â€œA 16-year-old can break into a server, and certainly a government sophisticated enough to break into the Sony (NYSE:SNE) system can break into Hillary Clintonâ€™s system,â€ said Rep. Buck. â€œThatâ€™s a no-brainer.â€
How would adversary spy services exploit this intelligence? â€œThe positions, the interests, the communications between the secretary of state and her staff are of great interest to any foreign intelligence service, whether hostile or friendly,â€ said Paul Joyal, former director of security of the Senate Select Committee on Intelligence.
â€œThe American secretary of state using an open, unprotected server? Thatâ€™s an invitation to a party,â€ said a veteran intelligence officer who asked for anonymity because he still holds active clearances. â€œAll of her private musings. Thereâ€™s no secretary of state who doesnâ€™t communicate with classified information. How the hell could she do her job without it?â€
Gateway To Government Systems?
â€œFrom a counterintelligence perspective, (for) anyone with any responsibility for intelligence, counterintelligence and security, this thing is a monumental disaster,â€ the longtime senior intelligence officer said. â€œItâ€™s a disaster for U.S. policy. Itâ€™s a huge boon for the former KGB and the Iranians.â€
Some experts are concerned that foreign spies could have penetrated the server as a gateway to breaking into other government systems, including classified communications.
â€œThe real question is, what if any intelligence collection was being done on a private server somewhere?â€ Joyal said. â€œThe only way to know is for the proper federal authorities to impound the server and do a forensic analysis.â€
â€œIt would be possible for a hostile service to use the server as a platform to deliver other malware to other targets of their choosing, based on their knowledge of whom the former secretary and president were communicating with,â€ Joyal said.
â€˜Vast Deception Potentialâ€™
Foreign spies could use their access to Clintonâ€™s server to warp or distort information that government officials rely on. â€œIf theyâ€™re getting into her server, theyâ€™re not just extracting stuff,â€ said a senior former Defense Department official who spoke on condition of anonymity. â€œTheyâ€™re going to do things that could be planted from other sources.â€
â€œThe denial and deception potential here is vast,â€ said John Schindler, referring to intelligence tradecraft in which a spy service denies or conceals information, and seeks to deceive other countries. â€œNot to mention that any shady games playedâ€ by the Obama Administration â€œwould be known to Moscow and Beijing â€” but not to the American public.â€
â€œIt could affect a number of people within the U.S. government and, for that matter, people around the world,â€ Joyal said. â€œIt would behoove the federal government to conduct a forensic analysis of the server itself.â€
Until such a forensic analysis is done, he said, authorities simply will not know the answer.
â€œThis should not be politicized,â€ said Joyal. â€œIt should be done with hard-nosed national security interests driving the forensic analysis.â€