As Hillary Clinton prepares to assure the public that her exclusive use of a private email account while working in the State Department was innocuous, cybersecurity experts are wondering whether she could have exposed the nation to a major security threat.
“Clinton operates at a level of scrutiny that us mere mortals don’t,” Alex McGeorge., senior security researcher at Immunity Inc., told Business Insider. “The question is whether she could have developed an email system that would withstand sophisticated cyber attacks.”
From indications we have thus far, the answer is no, according to McGeorge. Government email accounts are extremely valuable to cybercriminals and foreign spies — hackers are constantly probing servers for security holes and vulnerabilities.
The government has teams of cybersecurity experts from various agencies who monitor servers day and night for signs of hacker activity — that way, in the event that a server is infiltrated, these experts can jump on the threat immediately and eliminate it before it’s too late.
“On the nation-state level, bad guys have the ability to pinpoint security holes that other low-level hackers might not know about,” McGeorge said. “Government cybersecurity experts know that government servers will be compromised no matter what, so they are fully prepared to get hackers off the system as soon as possible.”
“Had there been a security hole in Clinton’s server, it would have been fairly easy for a hacker to infiltrate the network and have access to her entire inbox,” security expert
Chris Weber, co-founder of Casaba Security, told Business Insider.
The officials who spoke to Business Insider after the issue arose the dismissed the idea Clinton’s personal email address was less secure than other methods of communication.
Clinton or her people have not provided details about the security involved on the server registered to her family’s home in in Chappaqua, New York.
Weber noted that if any correspondence Clinton had with President Obama or other state officials would have traveled via the public Internet, and it is unlikely that any of the emails were encrypted.
“At the very least, she should have been worried about individuals impersonating the [clintonemail.com] domain,” Johannes Ullrich, a computer security expert with the SANS Institute, told The Daily Beast.
Rumours abound about why Clinton would have chosen to use a private ‘clintonemail.com’ domain instead of the government-provided ‘.gov’ address. One theory is that Clinton may have created the server because she distrusted many at the State Department.
“There was a distrust of the inevitability of leaks, a distrust of people being loose with email, a distrust of FOIAs [Freedom of Information Act],” a State Department official told Buzzfeed.
And with a private email account, if the government wanted access to Clinton’s email, they would have to go through her first with a subpoena.
The ‘privacy’ of Clinton’s email correspondences from prying government eyes may have helped her, sometimes, from a negotiating standpoint. Seeking privacy from the government, however, she may have left herself vulnerable to attack from much more dangerous forces.
Business Insider Emails & Alerts
Site highlights each day to your inbox.