When the director of the FBI, James Comey, said that Secretary Clinton had been careless in her handling of classified documents sent over her private server, I felt unsettled. Whether your inclination is to defend or admonish her, the private server set up by Clinton raises lots of questions. Many more than Comey's testimony actually answered.
I asked Dave Aitel, CEO, Immunity Inc if the suggestion that Secretary Clinton's server was breached was only a fear tactic. Aitel said, "It's possible that it's a fear tactic, but it's also a reality that it was likely breached. There is a 50/50 chance that it was actually breached, there is a 100% chance that information going to the server was collected by foreign intelligence."
A strong possibility, Aitel said, is that she was hacked, but no one left malware on the disc.The bottom line, based on the evidence, said Aitel is that she left the front door open, a virtual 'please come in'.
"She, on her own, hired the smallest, least competent IT firm who is also the most likely to keep their mouth shut--they aren't going to talk about it," said Aitel. OK, butwhy would she do that?
"That's why it looks so fishy," said Aitel. "Why would anyone go to all those extremes to keep it quiet? There is something to hide. There is no other reason why she would go to these extremes. No one hires an IT firm for convenience. That's just ridiculous. You let your job take care of it. She was clearly lying about it."
Given her stature, I questioned whether she was ever even aware of the technical logistics of how the server was set up. She's not versed in IT, so she hired a firm to take care of the technology for her. Aren't they the ones who were careless here? Whether she hired an IT firm with the intent of keeping them quiet or not, how could they not put security protocols in place?
"Even Gmail has sophisticated tools to protect data at rest and in transit. Some are to prevent from hackers getting in, and some to see where they go. There are tools for filtering email to notice anomalous logins. There are probably 100 different tools and methodologies," Aitel said.
None of these measures were taken to secure the private email server of the Secretary of State, though, and there is still no evidence to determine whether her server was breached.
Michael Gregg, COO of Superior Solutions said, "Honestly, if we are looking at nation states, you aren't going to expect to see evidence. They are going to do a good job at covering their tracks. For the first few months, it was just set up as an email server on the web. Anyone could find that."
Sign up for Computerworld eNewsletters.