Hillary Clinton: The Mae West of the internet

The Associated Press has a devastating story about the vulnerabililty to hackers of Hillary Clinton’s home-brew email server. AP reports:

The private email server running in Hillary Rodham Clinton’s home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers, according to data and documents reviewed by The Associated Press.

Clinton’s server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn’t intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders.

(Emphasis added)

To make matters worse, Clinton operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet, according to AP.

The 1930s actress Mae West became famous for saying: “Come up and see me sometime.” Hillary Clinton was the Mae West of the internet.

AP points out:

Some emails on Clinton’s server were later deemed top secret, and scores of others included confidential or sensitive information. Clinton has said that her server featured “numerous safeguards,” but she has yet to explain how well her system was secured and whether, or how frequently, security updates were applied.

This is a little unfair to Hillary. After all, she has explained that her house, where the server resided, was protected by security guards.

Seriously, though, the basic safeguard in a case like this is an encrypted connection — called a virtual private network, or VPN. But according to AP, Clinton’s system appeared to accept commands directly from the Internet without such protections.

In 2012, the State Department banned the use of remote-access software even on unclassified servers, without a waiver. That same year, the Homeland Security Department’s U.S. Computer Emergency Readiness Team warned that “an attacker with a low skill level would be able to exploit this vulnerability.”

And someone did. AP reports that a hacker using a computer in Serbia “scanned Clinton’s basement server in Chappaqua at least twice, in August and December 2012” (after the ban and the warning on her technology cited above) The server identified itself as providing email services for clintonemail.com. It might as well have said “come up and see me some time.”

Clinton has fallen back on the defense that, as her spokesman puts it, there is no “evidence of an actual breach, let alone one specifically targeting Hillary Clinton.” I suppose this defense depends on what the meaning of “actual breach” is.

To me, the situation is analogous to the Secretary of State leaving a file full of confidential, and in a few cases top secret, documents on a table at a Starbucks in a neighborhood full of spies — not out of forgetfulness, but because it was “convenient.” Later, to complete the analogy, foreign snoops saw the file.

Maybe the snoops read the documents in the file; maybe they didn’t. But should we trust the Secretary of State to be President of the United States? I don’t think so.