2016 Postmortem
Related: About this forumCan anyone sanely argue the server was not hacked at this point?
Let's see the list of grievances....
No SSL the first 3 months (means the Chinese probably read her email and password when she visited there).
Open RDP and VPN ports (means the server was poorly setup and could get hacked using a basic google search).
Used Microsoft Server (with bad open ports *facepalm*).
Setup by a Political Science major.
Their response to a hacking attempt was to turn off the server for a few minutes and turn it back on, then not send anything "sensitive" for a while.
The "sysadmin" has an immunity deal.
AND NO, THE FEDS DID NOT SAY IT WAS NOT HACKED. In fact the State Department spokesperson today specifically retracted that claim.
Press Virginia
(2,329 posts)likely find out when the FBI finishes its investigation
highprincipleswork
(3,111 posts)BootinUp
(47,141 posts)reports. Trust me, the media gets that kind of shit wrong all the time. I assume the FBI is or has spending/spent a lot of time on the issue you raise though. They will undoubtedly check for evidence of actual leaked info getting out. As well as looking at the server.
Until I see the official report I am not buying any of the media reports on the server.
scscholar
(2,902 posts)there's no proof of that. That has already been confirmed that there's no proof.
Barack_America
(28,876 posts)Don't forget the bit about Guccifer suddenly getting a plea deal in exchange for cooperation. And he obviously mentioned seeing evidence of other hacks during his purported adventures within her server.
JoePhilly
(27,787 posts)That's the standard in this country.
Bob41213
(491 posts)JoePhilly
(27,787 posts)... thanks to the daily stream of "OMG Hillary is about to be indicted!!!!!!" OPs that get posted here.
onecaliberal
(32,829 posts)I'm sorry but I don't need a brick wall to fall on me. It's been completely obvious for months. After today's court proceedings not sure HOW people will continue to deny.
Recursion
(56,582 posts)We don't know the server wasn't using SSL for those 3 months. We know a certificate was issued 3 months after it started, but they could have been using self-signed before that (which is what I would do if I were setting up something like that, though I wouldn't use Windows in the first place), as well as listening on a non-standard port (which is also something I would do). Though for that matter I don't think we got any banners from the port scans, just the ACKs, so we have no idea what was or wasn't listening on a given port.
Response to Bob41213 (Original post)
silvershadow This message was self-deleted by its author.
dreamnightwind
(4,775 posts)Although Carlos Danger could use it as an excuse for the loose weiners.
procon
(15,805 posts)If the feds say it was not hacked, even retracted such a claim, then everything you've written is just a fiction story, idle speculation, another vanity post, click bait. So , besides suckering in page views, what is the actual topic here?
Bob41213
(491 posts)HRC people say that the feds claim it wasn't hacked which is untrue. In fact just today the State Department spokesperson refused to claim that.
Silvershadow tells you the link to the video and where to watch. You can watch the video but I'll try and transcribe it here.
22:30
Reporter: There were hack attempts on her server. How did that not bring the reassessment that this maybe isn't... Ummm.. It apparently just got plugged back in. How did that not bring the reassessment that maybe this the best strategy?
Mark Toner: Well I don't know again. I don't know if the IG specifically addresses the security of her system.
Other Reporter: Well he says that she never told anybody about it.
Mark Toner: I do know there were hack attempts but none of them were successful.
Reporter: How do you know that none of them were successful?
Mark Toner: But I would just have to refer you to the...
Reporter: (interrupts) How do you know that because the report does not say that none of them were successful?
Long awkward pause.
Mark Toner: I apologize actually. I mispoke. But I just would refer you to Secretary Clinton's team for questions about the security of her system.
YouDig
(2,280 posts)Bob41213
(491 posts)Doesn't say anyone got in, but you'd have to be a moron to believe that this would stop the hackers (lets turn off the computer for a few minutes till they go away then turn it back on). Once you're spotted as a weak target, do you think these guys move on?
On January 9, 2011, the non-Departmental advisor to President Clinton who provided
technical support to the Clinton email system notified the Secretarys Deputy Chief of
Staff for Operations that he had to shut down the server because he believed someone
was trying to hack us and while they did not get in i didnt [sic] want to let them have the
chance to. Later that day, the advisor again wrote to the Deputy Chief of Staff for
Operations, We were attacked again so I shut [the server] down for a few min. On
January 10, the Deputy Chief of Staff for Operations emailed the Chief of Staff and the
Deputy Chief of Staff for Planning and instructed them not to email the Secretary
anything sensitive and stated that she could explain more in person.159
YouDig
(2,280 posts)Bob41213
(491 posts)I saw how the "sysadmin" said they didn't get in. But I also saw that his solution to hacking was not to plug the vulnerability, it was to turn off the computer for a "few minutes." Yes, that's as stupid as it sounds. The problem doesn't go away.
I refer you to the press conference where they explicitely refuse to say it wasn't hacked. It's a rather painful, awkward exchange but you can find it at about 2:45 of this video which I attempted to transcribe below.
Reporter: There were hack attempts on her server. How did that not bring the reassessment that this maybe isn't... Ummm.. It apparently just got plugged back in. How did that not bring the reassessment that maybe this the best strategy?
Mark Toner: Well I don't know again. I don't know if the OIG specifically addresses the security of her system.
Other Reporter: Well he says that she never told anybody about it.
Mark Toner: I do know there were hack attempts but none of them were successful.
Reporter: How do you know that none of them were successful?
Mark Toner: But I would just have to refer you to the...
Reporter: (interrupts) How do you know that because the report does not say that none of them were successful?
Long awkward pause.
Mark Toner: I apologize actually. I mispoke. But I just would refer you to Secretary Clinton's team for questions about the security of her system.
YouDig
(2,280 posts)Bob41213
(491 posts)Brian Pagliano might have said it was unsuccessful in his email but the report says no such thing.
YouDig
(2,280 posts)Other than that, we are where we've always been: there's no evidence that the server was hacked.
Bob41213
(491 posts)Brian Pagliano is incompetent (in matters of cybersecurity) if you haven't figured it out.
YouDig
(2,280 posts)Bob41213
(491 posts)for a few minutes and hope the hackers went away.
YouDig
(2,280 posts)DisgustipatedinCA
(12,530 posts)Please do so.
MineralMan
(146,287 posts)There's no evidence that it was hacked. There's no evidence that it was hacked, either. Lacking evidence, I don't argue anything at all.
Show some hard evidence either way, and I'll listen. Until then, I'll just wait on forming an opinion.
VulgarPoet
(2,872 posts)Open RDP and VPN ports (means the server was poorly setup and could get hacked using a basic google search).
Used Microsoft Server (with bad open ports *facepalm*).
No SSL, with open RDP and VPN ports? Fuck Microsoft Server, I could have just waltzed right in with a minimum of effort. Hell, a fifteen year old skiddie in freshman year of high school who thinks he's the next Bill Gates could have peeled that thing and bit into the core. And we're supposed to believe the Chinese didn't? Okay.
Your arguments fall on deaf ears, though, Bob. I tried pointing this out only for the vast majority of Clintonistas to prove that out of all of 'em, maybe a small handful who didn't comment were tech experts, when I've been working in this field for nearly five years now.
TheBlackAdder
(28,186 posts)lakeguy
(1,640 posts)and be extremely difficult to detect. no evidence of hacking is not evidence that no one got in, not by a long shot. especially considering that their best defense was to pull the plug. did they have someone there, 24 hours a day, just ready to pull the plug if they managed to notice someone trying to get in? if i open up something like the ftp port on my own server (non-windows), i will start getting simple password attacks within minutes. and the only shit i have on my server is non-governmental, itunes songs!
TheBlackAdder
(28,186 posts)tonyt53
(5,737 posts)Well, was it hacked or not?
Tarc
(10,476 posts)The_Casual_Observer
(27,742 posts)jberryhill
(62,444 posts)Can you argue there are no monkeys in my shorts?
On what evidence?
valerief
(53,235 posts)DisgustipatedinCA
(12,530 posts)I didn't know RDP was open. That's really, really stupid.