Skip to content
Naked Security Naked Security

The Clinton emails – from humble iMac to data center

Hillary Clinton's email server has been at the heart of the election, but how did that happen?

It seems astonishing that in 2016, it’s technology that’s nearly half a century old that is dominating the discourse around a presidential election. While presidential candidates use the latest social media platforms and analytics to judge which way the electoral wind is blowing, it’s the humble email that has been the subject of so much attention.

The FBI’s 347-page report is a fascinating insight into how this came to pass.

Looking at the technology the Clintons deployed, it’s not hard to imagine how a politician who, as Secretary of State, preferred to work with hard copies was overtaken by events.

The Clintons started out with a humble Apple iMac running as a server installed in the basement of their home in New York State in 2008, which hosted Mrs Clinton’s personal email domain, clintonemail.com.

A year later, the Clintons upgraded to a Dell PowerEdge 2900 server running Microsoft Exchange 2007 to overcome limitations of the Mac server. That required two admins, and emails for between 20 and 30 accounts were migrated from the original Mac, while a backup regime was put in place.

At the same time, a separate PowerEdge 2900 server was used as a Blackberry Enterprise Server as Mrs Clinton used BlackBerry devices until 2015.

In 2013, the Clinton server finally moved out of the basement and on to the premises of a data center company, Equinix, based in New Jersey. The domains were migrated to Equinix’s own equipment.

The picture here is of an increasingly complex set-up evolving as time went on. The FBI notes that “Clinton stated she had no knowledge of the hardware, software, or security protocols used to construct and operate the servers”.

Regardless of the political rights and wrongs, it’s easy to see how something that starts off as a way to solve a problem can itself turn into a problem further down the track.

 


Image of Hillary Clinton courtesy of a katz / Shutterstock.com

7 Comments

Apart from being herself and distrusting the system that she wanted to lead, the private email server is a good example of what could go wrong if you leave it to the amateurs. The real reason behind having a personal server is still ambiguous and is yet to be understood. Maybe its the distrust of her own people, maybe its being a control freak or maybe its simple stupidity having listened to advisers who were self proclaimed IT experts, one can only wonder…

The DNC is the Democratic National Committee, not Congress. Its counterpart is the Republican National Committee (RNC). Please correct your fine post.

It’s incredible that politicians have so little understanding of the Internet and technology. I tell the computer security classes I teach, if you wouldn’t drive around with it painted the side of your car, don’t put it in an e-mail message.

I wanted to click Like several times for this one. It’s the same advice I give my users (and frighteningly some of my ICT App Dev colleagues) when they try to upload information to online file sharing websites or send it by email. Would you find yourself standing before the Chief Exec explaining why that information was in the newspaper? If so, don’t do it :)

We read on this site to be careful about emails, to look carefully at the sender’s address and ask “is email from this address expected?”

Yet throughout Clinton’s tenure as US Secretary of State either:
– no one noticed the @clintonemail.com domain rather than @state.gov, or
– they noticed and either:
* thought nothing of it, or
* thought this is a security issue!

What is worrying is that those who thought it was a security issue did nothing about it – perfectly happy for their Secretary of State to have an insecure email server. Presumably storing up a hostage to fortune (should another Clinton have the audacity to run for elected office) was deemed more useful that securing their Secretary of State’s emails.

Or have I missed something?

A ‘from’ or reply to address isn’t required in order to send an email. If you include them they can be pretty much anything you like (there are bolt-on technologies that make it harder to do this.)

That aside I agree that plenty of people must have been aware, even if emails were being sent with a state.gov address. If they were then it raises questions about who said that was OK.

Everyone can’t be a specialist in everything, it’s why we have IT departments. I want to know who was responsible for telling Clinton this was a bad idea, whether they did or didn’t do that and what happened to them next.

My understanding is that Secretary Clinton was not the first person in the US gov to operate a personal email server so this might not have stood out as much as you think it would.

I worked in MI when I served in the Army. I had to be briefed for many things from using electronics (using my cac card, SIP/NIP/JWICS, etc), to how to dispose of items (paper, hdd, etc).

As a private, it would appear I had a better understanding of how information security/operations security should be performed.

I don’t believe shes playing stupid, I really believe she doesn’t know better. But only because she doesn’t care. Not because of intelligence. Ignorant on purpose. She has people to remember these things for her. Her husband was the POTUS once, and her money and connections nearly garuntee a saftey net so far and wide that the FBI director will sell his soul.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?