At a press conference on Tuesday, Hillary Clinton assured the public that there were “no security breaches” on the private server she used to send and receive emails during her time as Secretary of State.
But cyber experts are saying that there is no way she could know whether or not her account was ever compromised by hackers, whose constantly attempt to detect security holes in email servers and stealthily exploit them.
“There have been times when I’ve hacked into a customer’s server, collected data, and gotten out, and the customer never had any indication that their system had been compromised,” ethical hacker David Chronister of Parameter Security told Business Insider. “There’s this misconception that if someone is attacked they will know right away, but unless the hacker really screws up, the target won’t know until it’s too late.”
The 2016 Democratic presidential frontrunner also said that the personal server “was on property guarded by the Secret Service.”
However, the former secretary of state did not provide details about the technical team that oversaw the personal system, which would involve multiple experts constantly looking for hackers if it were a government system.
“You can never lock down a network enough to fully avoid the truly stealthy hackers,” Chronister said.
Once hackers gain access to an entire server, cybercriminals go to great lengths to remain undetectable as they sift through their new goldmine of information. Instead of extracting the ‘gold’ all at once, they take it little by little over months to avoid detection, rerouting traffic from the target’s server to their own in low enough numbers to stay under the radar.
Clinton says she never sent nor received any classified information that might be valuable to foreign spies. But access to a Secretary of State’s inbox, even if it only contains private and non-classified emails, is still worth quite a bit to an adversary.
“To say it wasn’t compromised is to say, ‘I don’t know if it was compromised,’ Stewart Baker, who served as General Counsel to the National Security Agency (NSA) under George W. Bush, told Politico. “It would be pretty easy for a nation-state to compromise that account, and easy to hide the fact that they’d compromised that account.”
In any case, the concerns surrounding a high-ranking White House official with a private domain that wasn’t nearly as protected as government servers will serve as a warning.
“We’ll just have to wait and see what comes out.” Chronister said.
“Hopefully this will teach government officials that even they have to follow the rules.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.