Chinese cyber spies eavesdropping on top U.S. official’s private emails
Hillary’s EmailGate troubles worsen
For the past five years, Chinese cyber spies have been reading the private emails of an undisclosed but presumably large number of top Obama administration officials.
A report released Monday from NBC news sites an anonymous U.S. senior intelligence official and a secret document. Evidently, U.S. officials have been aware of the email security breech since April of 2010.
The email grab — first codenamed “Dancing Panda” by U.S. officials, and then “Legion Amethyst” — was detected in April 2010, according to a top secret NSA briefing from 2014. The intrusion into personal emails was still active at the time of the briefing and, according to the senior official, is still going on.
In 2011, Google disclosed that the private gmail accounts of some U.S. officials had been compromised, but the briefing shows that private email accounts from other providers were compromised as well.
The government email accounts assigned to the officials, however, were not hacked because they are more secure, says the senior U.S. intelligence official.
The senior official says the private emails of “all top national security and trade officials” were targeted.
The Chinese also harvested the email address books of targeted officials, according to the document, reconstructing and then “exploiting the(ir) social networks” by sending malware to their friends and colleagues.
As concerning as the hacking revelation is that Hillary Clinton served as Secretary of State until February 1, 2013.
The NBC report specifies, “government email accounts assigned to officials, however, were not hacked because they are more secure.” That Mrs. Clinton did not utilize a government email account, but used her own private email account along with a home brewed server raises even more questions about the security of embattled former Secretary’s email.
Last week, the Washington Post reported the FBI was investigating Hillary’s email practices.
The FBI has begun looking into the security of Hillary Rodham Clinton’s private e-mail setup, contacting in the past week a Denver-based technology firm that helped manage the unusual system, according to two government officials.
Also last week, the FBI contacted Clinton’s lawyer, David Kendall, with questions about the security of a thumb drive in his possession that contains copies of work e-mails Clinton sent during her time as secretary of state.
The FBI’s interest in Clinton’s e-mail system comes after the intelligence community’s inspector general referred the issue to the Justice Department in July. Intelligence officials expressed concern that some sensitive information was not in the government’s possession and could be “compromised.” The referral did not accuse Clinton of any wrongdoing, and the two officials said Tuesday that the FBI is not targeting her.
Officials from five different intelligence agencies are also reviewing Mrs. Clinton’s emails to address concerns that they, “were not being properly vetted for intelligence information,” reported Vice.
Mrs. Clinton is scheduled to testify before the House Select Committee on Benghazi October 22.
Follow Kemberlee Kaye on Twitter @kemberleekaye
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
Where in the hell is old “Red line” obama? He allows this to go on with no pushback. This is a disgrace to all of us and shows the world that he is not up to the job of Commander in Chief. China should not be allowed to send one more item into this country until this is stopped. No trade and no diplomacy. Period!
I agree. I’m a frothing-at-the-mouth free trade guy, and this is one of those areas where I’d throw in that wrench.
Of course, no more new iPhones for a while…
….Samsung Galaxy 6 is a great phone….
Old Communist Obama was turned many decades ago, and his personal Blackberry phone (he thinks it was named after him) has been hacked by everyone!
(Remember Obama refuses to stop using his personal Blackberry phone and use the officially secured FBI cell phone required of presidents.)
…is more secure than GMail.
That’s why Hillary Clinton didn’t use GMail.
That is completely wrong. Not even REMOTELY close.
Are you aware of the password rules and management functionality built into gmail? You can enforce strong passwords, force periodic resets and enable dual-factor authentication on gmail. If you use their paid version you can enable encryption of messages.
Are you aware of Google’s data center security measures and administration policies and procedures? Their data centers pass regular audits including SSAE 16, PCI-DSS and HPAA audits.
Say what you will about their data collection practices, but their systems are very, very well engineered, built and maintained.
Can you setup a gmail account with a crappy password which you never change and get hacked? Sure, but don’t blame it on gmail.
http://www.reuters.com/article/2011/06/02/us-google-hacking-idUSTRE7506U320110602
http://www.businessinsider.com/this-is-what-it-looks-like-when-your-gmail-gets-hacked-by-china-2010-12
NO way is anybody going to spoof the homebrew server. Nor should it have the backdoor of password recovery/
Sammy, please quit while you’re behind. You obviously don’t know shit about IT security. I’ve done this for 25 years for some of the largest financial institutions on the planet.
Here is a good primer article: http://www.wired.com/2015/03/clintons-email-server-vulnerable
http://www.wired.com/2015/03/clintons-email-server-vulnerable
The vulnerability here is not with the server, but along the route or maybe capuring the domain name. This is indeed probably what the FBI is looking into now. The vulnerability stems from the very fact of using the Internet. We don’t know if anything was encrypted – it probably wasn’t for a long time.
You do realize that there are approximately 425 million gmail accounts, right? So Google’s intrusion detection system caught a phishing scheme that harvested maybe a few hundred accounts, shut it down and disclosed it? That’s computing security at work my friend.
You don’t think a home-brew server is susceptible to the same types of ruses? And do you think a homebrew server has the same intrusion detection and monitoring infrastructure that Google has in place?
“This couldn’t work with the homebrew server.” Why again? You explanation makes no sense. If somebody was stupid enough to fall for that scheme when their account was on Google, why would they not fall for it when it was on ClintonEmail.com? Man-in-the-middle attacks can be perpetrated against virtually any system. Google has highly sophisticated systems, procedures and huge teams of people guarding against such things (as evidenced by your first post). Homebrew servers, not so much.
No, because a home-brew server won’t have unfamiliar pages.
And if you are talking about spoofing a familiar page, you can’t know what it is supposed to look like, without having a genuine account, and that’s not possible for a hacker to get.
Furthermore, maybe every account had to be activated manually by somebody at the server.
Anyone can get an account at Google, but how could anyone know what clintonemail.com was supposed to look like? And if you didn’t know what it is supposed to look like, how could you spoof it?
And furthermore, the number of accounts is small, and every correspondent known.
It could have better, with every device that can access it being registered. Banks have something like that.
Now, with a bank, you can get a new device accepted by answering a few security questions and the like, but maybe a homebrew server can be set up to require more personal attention.
Because the hacker would not be able to create a plausible spoof!!
And the user knows what kinds of messages to expect.
How you are going to get in the middle, if, let’s say, your device needs to be registered?
And registered manually? After, let’s say, telephoning, or perhaps sending e-mail to a secret e-mail address?
And the server is guarded by the Secret Service, so it can’t be tampered with?
I am not saying they did that, but, in general, a small system can have protections that a big, more open system, does not, and the Clintons were very concerned with secrecy. Only a double agent could have captured the e-mail.
@Sammy You do realize they were running the Windows OS and off-the-shelf email software, right?
You’re delusional and your various posts on this various thread contradict each other.
I hope you’re not offering people IT security advice “professionally.”
Sammy, Paul is right. If you remember, Clinton’s private E-mail was first discovered when the cops raided a hacker. If that private hacker was into her server, imagine the full scale invasion of nation states.
Cops did not raid a hacker.
The fact she had a private e-mail server was revealed by Russia. We can be 95% certain it was Putin who authorized this
A Russian publication made public what they said were the texts of some emails sent by Sidney Blumenthal to Hillary Clinton’s clintonemail.com address. The existence of an e-mail address at clintonemail.com was thus revealed.
They had supposedly been hacked by “Guccifer” Mond you, this was/would have been, a hacking of Sidney Blumenthls’ e-mail not hers.
We now know for sure that Sidney Blumenthal did indeed send her e-mails but I think we do NOT KNOW if any of the e-mails in the Russian leak are genuine and/or unaltered.
Later, the Trey Committee found out that Hillary Clinton exclusively used private e-mail, and did not even have a state.gov e-mail address when subpoenas for e-mail from her concerning Benghazi or Libya turned up nothing, but subpoenas of some other people at the State Department turned up e-mail sent to and from her.
The State Department postponed informing the committee about the server until they had negotiated with Hillary Clinton and her lawyers to recover copies of her work-related e-mail, and they had to negotiate how that was defined. She first tried partial deliveries.
Finally, Secretary of State John Kerry decided, or accepted, that had everything – that is that had everything that they knew she had written that was worked related – namely anything sent to or from a state.gov address.
Hillary also threw in some e-mail that contained selected key words in the body of the message.
Is there a governmental orifice left in Washighton that hasn’t been vigorously penetrated by some enemy country?
An old Obama failure grows yet larger – securing the national defense.
OK, Hawkins…
It’s bad enough that it happens. You don’t need to make it sound so…North Carolinian…
All Obama administration back doors are wide open…enter at will.
That is “Lean Forward” Progress-egalitarian screwing of America..
Maybe the FBI has been looking at this for a long time (maybe since April of 2010 ?). If they are only just now looking into it – they would look more like the Keystone Cops and not the FBI.
they are only just now looking into it – not even after Hillary Clinton’s e-mail system was made public, but only after the Trye committee asked the Inspector General of the Intelligence Community to look into the question of how cclassified information was handled by Hillary Clinton. To do his work, the Inspector General of the Intelligence State Department, and he was finally able to gain access to 40 randomly selected e-mails, and then he made a counterpintelligence referral to the FBI and only then did the FBI begin to look into the question of how secure was any of this – in July, 2015. Not even in March. The FBI had also initially considred opening a criminal investigation, too.