Catherine Herridge and Pamela Browne advance the mind-boggling story of Hillary Clinton’s use of a private email server to conduct official business as Secretary of State with a blockbuster. We noted their report that the the Romanian hacker Guccifer was extradited to the United States last month in “Enter Guccifer.”. Guccifer is in detention at a federal facility in Virginia.
Herridge and Browne have now interviewed Guccifer on one occasion in person and subsequently in recorded phone calls. They report that Guccifer claims to have hacked Clinton’s server. He says it was easy and that he saw evidence of hacking by others:
The infamous Romanian hacker known as “Guccifer,” speaking exclusively with Fox News, claimed he easily – and repeatedly – breached former Secretary of State Hillary Clinton’s personal email server in early 2013.
“For me, it was easy … easy for me, for everybody,” Marcel Lehel Lazar, who goes by the moniker “Guccifer,” told Fox News from a Virginia jail where he is being held.
Guccifer’s potential role in the Clinton email investigation was first reported by Fox News last month. The hacker subsequently claimed he was able to access the server – and provided extensive details about how he did it and what he found – over the course of a half-hour jailhouse interview and a series of recorded phone calls with Fox News. Fox News could not independently confirm Lazar’s claims.
The former secretary of state’s server held nearly 2,200 emails containing information now deemed classified, and another 22 at the “Top Secret” level.
The 44-year-old Lazar said he first compromised Clinton confidant Sidney Blumenthal’s AOL account, in March 2013, and used that as a stepping stone to the Clinton server. He said he accessed Clinton’s server “like twice,” though he described the contents as “not interest[ing]” to him at the time.
“I was not paying attention. For me, it was not like the Hillary Clinton server, it was like an email server she and others were using with political voting stuff,” Guccifer said.
The hacker spoke freely with Fox News from the detention center in Alexandria, Va., where he’s been held since his extradition to the U.S. on federal charges relating to other alleged cyber-crimes. Wearing a green jumpsuit, Lazar was relaxed and polite in the monitored secure visitor center, separated by thick security glass.
In describing the process, Lazar said he did extensive research on the web and then guessed Blumenthal’s security question. Once inside Blumenthal’s account, Lazar said he saw dozens of messages from the Clinton email address.
Asked if he was curious about the address, Lazar merely smiled. Asked if he used the same security question approach to access the Clinton emails, he said no – then described how he allegedly got inside.
“For example, when Sidney Blumenthal got an email, I checked the email pattern from Hillary Clinton, from Colin Powell from anyone else to find out the originating IP. … When they send a letter, the email header is the originating IP usually,” Lazar explained.
He said, “then I scanned with an IP scanner.”
Lazar emphasized that he used readily available web programs to see if the server was “alive” and which ports were open. Lazar identified programs like netscan, Netmap, Wireshark and Angry IP, though it was not possible to confirm independently which, if any, he used.
In the process of mining data from the Blumenthal account, Lazar said he came across evidence that others were on the Clinton server.
“As far as I remember, yes, there were … up to 10, like, IPs from other parts of the world,” he said.
With no formal computer training, he did most of his hacking from a small Romanian village.
Lazar said he chose to use “proxy servers in Russia,” describing them as the best, providing anonymity.
Cyber experts who spoke with Fox News said the process Lazar described is plausible. The federal indictment Lazar faces in the U.S. for cyber-crimes specifically alleges he used “a proxy server located in Russia” for the Blumenthal compromise.
Herridge and Browne have sought to confirm Guccifer’s assertions to the extent possible. Here is their conclusion:
While Lazar’s claims cannot be independently verified, three computer security specialists, including two former senior intelligence officials, said the process described is plausible and the Clinton server, now in FBI custody, may have an electronic record that would confirm or disprove Guccifer’s claims.
“This sounds like the classic attack of the late 1990s. A smart individual who knows the tools and the technology and is looking for glaring weaknesses in Internet-connected devices,” Bob Gourley, a former chief technology officer (CTO) for the Defense Intelligence Agency, said.
Gourley, who has worked in cybersecurity for more than two decades, said the programs cited to access the server can be dual purpose. “These programs are used by security professionals to make sure systems are configured appropriately. Hackers will look and see what the gaps are, and focus their energies on penetrating a system,” he said.
Cybersecurity expert Morgan Wright observed, “The Blumenthal account gave [Lazar] a road map to get to the Clinton server. … You get a foothold in one system. You get intelligence from that system, and then you start to move.”
In March, the New York Times reported the Clinton server security logs showed no evidence of a breach. On whether the Clinton security logs would show a compromise, Wright made the comparison to a bank heist: “Let’s say only one camera was on in the bank. If you don‘t have them all on, or the right one in the right locations, you won’t see what you are looking for.”
Gourley said the logs may not tell the whole story and the hard drives, three years after the fact, may not have a lot of related data left. He also warned: “Unfortunately, in this community, a lot people make up stories and it’s hard to tell what’s really true until you get into the forensics information and get hard facts.”
For Lazar, a plea agreement where he cooperates in exchange for a reduced sentence would be advantageous. He told Fox News he has nothing to hide and wants to cooperate with the U.S. government, adding that he has hidden two gigabytes of data that is “too hot” and “it is a matter of national security.”
In early April, at the time of Lazar’s extradition from a Romanian prison where he already was serving a seven-year sentence for cyber-crimes, a former senior FBI official said the timing was striking.
“Because of the proximity to Sidney Blumenthal and the activity involving Hillary’s emails, [the timing] seems to be something beyond curious,” said Ron Hosko, former assistant director of the FBI’s Criminal Investigative Division from 2012-2014.
There was no immediate response from the FBI or Clinton campaign.
Whole thing here, all of it worth reading.