Tag Archives: Internet Information Services

The Techie Take On The Clinton Email Server

Posted on by

James Rosen posted an article at Fox News yesterday about some technical people who decided to investigate some of Hillary Clinton’s claims about her private, secure email server.

Some findings from the article:

Now, working with publicly available tools that map network connectivity, experts have established that the last “hop” before the mail server’s Internet Protocol, or IP, address (listed as 64.94.172.146) is Internap’s aggregator in Manhattan (listed as 216.52.95.10). 

 “This is a very strong indication that the clintonemail.com server is in Manhattan,” the source told Fox News.  

 Obviously the server is not in Chappaqua being guarded by the Secret Service–most likely it is in President Clinton’s Manhattan office. Not that physically guarding a server is worth anything anyway unless someone is going to steal the server itself.

The ‘good hackers’ also discovered:

  Perhaps most concerning, private analysts determined that clintonemail.com has been running an older model of Microsoft Internet Information Services, or IIS – specifically version 7.5, which has been documented to leave users exposed on multiple fronts. The website CVEDetails.com, which bills itself as “the ultimate security vulnerability datasource,” is awash with descriptions of serious security vulnerabilities associated with version 7.5, including “memory corruption,” “password disclosure vulnerability,” and the enabling of “remote attackers to execute arbitrary code or cause a denial of service.”  

The cyberlab technician who discovered the Clintons’ use of version 7.5 marveled at “the vulnerabilities the Clintons are ignoring” in an email to Fox News. “This is a big deal and just the thing real-world hackers look for in a target and will exploit to the max,” the source said.  

“Several of these vulnerabilities have been known since 2010 and yet HRC is running official State comms through it.”  

The article concludes:

Just the original decision to use a private email account, with Clinton’s own surname embedded in it, has baffled the hacker community. The analyst with experience in the intelligence community, a “white hat” hacker — the kind corporate firms retain to conduct “penetration testing” that exposes businesses’ cybersecurity lapses — told Fox News: “If we learned that the foreign minister of a major foreign country was using her own private server to send and receive emails, and was relying on outdated commercial software to operate and protect it, that’d be a hallelujah moment for us.”

As you read this article, please understand a few things. It sounds as if the people who set up the server for the Clintons lacked some of the knowledge they needed to make the server totally secure. Making a server totally secure is nearly impossible and you need really good technical people to do it. If the server was hacked during Mrs. Clinton’s time as Secretary of State, there is no reason to believe that the Clintons or anyone else would know about it. That is a serious problem. The other thing I would appreciate anyone reading this article to be aware of is that I have very little knowledge of how this all works. I have a husband and a daughter that hopefully keep me (and my computer) out of trouble. I do know, however, from being around serious techies that computer security is an issue, particularly in our government. Foreign countries that do not love America are constantly attempting to hack into military, commercial, and government computers. The last thing we need to do is to make it easy for them.