Thursday, May 5, 2016

Hillary's Server - Not A Political Post

The Clinton Server
(Not A Political Posting)


I've never really wanted to delve into politics here.   I find that mixing business and politics ends up being bad for business.   The "Clinton Email Server" has been newsworthy for some time.  I, like many, have personal opinions on this matter.  I do not intend to get into those here.   This is about technology, not politics.   Below, the discussion will be about whether or not an extradited hacker's claims of having accessed Mrs Clinton's server are plausible.  Please read this with an open mind, regardless of your opinion on Mrs Clinton.

The "quick and dirty" (or TL;DR) version to set things up:  Barack Obama was elected in 2008.   Upon taking office, he appointed Hillary Clinton as Secretary of State.   Mrs Clinton used a home-based mail server for her State Department correspondences.  Following the 2012 election, Mrs Clinton stepped down from the position of Secretary of State.   In 2013, information about her private mail server surfaced, and since then has become a political topic of assorted controversies.

One of the questions about this server was "How secure was it?"   Staff claim that no one got in.   However, a Romanian hacker, Marcel Lehel Lazar (using name Guccifer) claims otherwise.    In this piece, and this link, Guccifer talks to journalists following his extradition to the US.  He claims that he accessed the server, and gives some detail on "how".    A valid question, though is "Does this man's story hold water?"

The Clinton camp was quick to call "bull" on Lazar's story:
In response to Lazar’s claims, the Clinton campaign issued a statement  Wednesday night saying, "There is absolutely no basis to believe the claims made by this criminal from his prison cell. In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton's server are inaccurate. It is unfathomable that he would have gained access to her emails and not leaked them the way he did to his other victims.”
Perhaps to the non-user to average computer user, this makes sense.   It seems logical.   Unfortunately, to the more trained eye, Lazar gave quite a bit of information in his interviews and statements.

His access to the Clinton server started, according to him, with Clinton confident Sidney Blumenthal.   Mr Blumenthal still used an AOL email account.   With sufficient research, Lazar found details to gain access to Blumenthal's account.   We are about eight years removed from a somewhat similar incident involving participants in the Presidential Election, when Vice-President candidate Sarah Palin's email account was hacked, and leaked.  While Lazar did not get into specifics, his vague description matches the specifics in the Palin hack.  


For the average email user, looking at the inbox shows a sender, subject, time and date, and maybe other people that are on the cc list.   There's a lot more to it than that.  Depending on the mail provider/client one uses, the means of viewing the source information varies.   In this email source, there is a lot of useful information to the more-trained eye.   In order to arrive, mail must be addressed. (username @[instructs computer that domain follows] domain.extension)  When you send mail, it goes from your device to your mail provider, to their mail provider, to their device (and significant routing points along the way). 

As Lazar pointed out, each endpoint has a unique IP address.   For some (home users' computers, Yahoo, Gmail, etc), the address may change with time.   For others (large businesses, schools, hosted domains) a permanent, or static, IP is used.  Lazar is correct that there are a multitude of tools available to examine these IP addresses.  

It seems that Lazar looked a little deeply at some of the contacts with Blumenthal, and looked at where they lived on the Internet.  As I read the description, I thought "This sounds vague".  I was easily able to fill in the details, though, which were likely left out, so as not to provide a "how to" guide.  I can see "Clintonemail" being intriguing, especially not behind a .gov server.  I can see what he describes as being "one of the first things to try".  

To address the Clinton group's assertion that the contents would have been leaked, motive should be considered.    In the Palin case, the perpetrator was American, a Democrat, and she was an opposition candidate in a national election.   There was (perceived) political gain in the September 2008 leak.   By not leaking (at the time), this allows for more exploration, and more gathering.   Continuing to read Blumenthal's email source, he could potentially discover many more servers of interest.   These, in turn, could lead to other "productive" finds.   Burning his source right away eliminates the potential of future discovery.

To be fair, the fact that he makes these claims, and knows the process does not necessarily mean that he was in the Clinton server.    He tells a compelling tale, and it is extremely plausible.  However, he would need to provide some pretty good proof that he was in to convince the jury. 

The Clinton assertion that the server was secure, and no one got in; may be true.  However, it is just as likely to be optimistic belief that has yet to be disproved; or a political mistruth to protect the image of one of three remaining major presidential hopefuls.  

Ultimately, Lazar makes a very convincing and plausible argument.  To be fair,anyone who has a strong functional knowledge of IP addresses and port scanning could likely say the same - with or without having accessed a particular machine.   In the end, the answer will be determined by whether or not Lazar can back up his claims.  

No comments:

Post a Comment