Close window  |  View original article

Horribly Hackable Hillary

Yes, Hillary Clinton's server gave foreign spies our deepest secrets.

By Hobbes  |  September 22, 2016

When FBI Director Comey gave Hillary a free pass for her many violations of the Freedom of Information Act and for breaking our laws which protect classified material, all of which call for jail time, he kindly provided her a small but essential fig leaf: he took the trouble to specifically state that the FBI had no evidence that her illegal server had been hacked.

Legally, this is irrelevant: the law offers jail time for any unauthorized use or release of classified information, regardless of whether foreign spooks actually get their mitts on it or not.  Politically, though, this was vital: even the most devout Hillraisers might pause for reflection if proof arose that the top-secret information Hillary illegally stored on her illegal server in fact had made it to the Kremlin.

For those who were listening with care, though, Director Comey provided an astutely-political example of "the large print giveth, but the fine print taketh away."  While admitting that there was no hard evidence of hacking, he also truthfully pointed out that competent hackers leave no traces.  The nice thing about electronic media is that erase marks don't show if you know what you're doing, and it's safe to assume that at least the Russians and Chinese have a more than adequate supply of the world's most skilled and well-funded hackers.

Is it possible that these foreign agencies didn't know about her server?  No, it is not: the FBI knows for certain that her server was attacked because her systems administrator testified that they were constantly seeing log-in attempts by unauthorized persons.  It's clear that many, many people all over the world knew how to address her server long before the American people were told of its existence.

Hillary visited 112 countries while Secretary of State.  We're told that she used her illegal server to send email to and from many if not all of those countries.  In theory each and every one of them has no excuse for not knowing of the existence of her private server and how to find it on the Internet: they knew Hillary was visiting, they knew what Internet connection she was using, and obviously, any non-US Internet connection can be easily tapped by local spooks without the bother of getting a warrant.

Now, you might assume that a first-world foreign dignitary would never use a public Internet connection without using heavy encryption most countries can't crack, but then, you aren't in charge of an intelligence service.  Any spy knows to look for people doing something stupid, confident in the knowledge that you'll almost always find them.  Any halfway competent spy agency would, as a matter of course, keep an eye out for interesting traffic from the American Secretary of State just on the off chance of a slipup.

Our government, contrary to appearances, isn't entirely stupid: Hillary had indeed been repeatedly warned to be careful using email while overseas.  Alas, the FBI says she couldn't remember any such briefings, and as her intimate personal aide Huma Abedin recorded for posterity, her boss is "often confused."

For All The World To See

Yet even these critical reports don't adequately explain the security risks.  Even with encryption, it's simply not possible to send email to a secret address any more than it's possible to mail a letter to an address that can't be read on the front of the envelope.  The address has to be readable so that Internet routing computers, or mailmen, know where to send it.

In most countries, routers are owned by government agencies, so no matter what country Hillary's visiting, don't you think their entire intelligence community is going to be watching traffic in and out of her hotel room?  What's more, it's not like Hillary was using a generic and meaningless address: they'd surely notice that she was using instead of and want to know more about it.

You can see how easy this is without breaking any laws or even moving from your seat.  Just open a DOS command on any Windows computer, or a Terminal prompt window on your Mac or other Unix system, and type ping followed by [ENTER].  Within moments, you'll be rewarded with a current IP address for that computer.  This has to be accurate, because if it wasn't, no email could reach it.

Now, it's true that you aren't talking to the original server because the FBI has (what's left of) it; this shows that someone has simply set up a different computer to serve that web address.  But if you'd tried that same command a few years ago - surprise!  You've found Hillary!

Once an agency knew it existed and where it was, hacking into Hillary's server for which security upgrades had not been installed would be trivially simple by the standards of international cyber crime.  It would be so simple that any head of state whose intelligence services hadn't given him all of Hillary's email would fire everyone involved for malfeasance.

If news reports are to be believed, Mr. Putin recently fired one of his high-up Kremlin officials, but he hasn't replaced the head of the KGB or whatever it's called these days.  Mr. Kim of North Korea gleefully blows up erring minions with anti-aircraft artillery or feeds them to wild dogs, but so far as we know his spy chiefs are still alive.  Iran executes women for defending themselves against rapists, but again, no mass executions of spies.  China has no qualms about executing officials for corruption as Confucius recommended - would that we could do the same! - but, once again, no abrupt terminations of spymasters in Beijing either.

What clearer proof could there be that Mr. Putin, Mr. Kim, the Ayatollah, the Red Chinese, and all the other 110 countries stamped in her passport got all of Hillary's emails as surely as if she'd put the lot on the CC list?  Her emails would have been more secure if she'd simply published them in the New York Times; at least some of these countries know better than to believe its lies and don't waste money on a subscription that could be better spent on something else - like hackers.