The Biggest Problem With Hillary's Email
Hillary Clinton’s use of a private
server for her email account when
she was secretary of state will
expose her to a number of
questions with potentially
incriminating answers about the
mixture of public and private
business.
She will no doubt claim that she
considered the State Department
system to be too insecure to use.
After all, it was just last year that
the department had to shut down
its unclassified email system
because of damage done to it,
probably by state-sponsored
hackers.
The problem with that defense is
that at least the State
Department system is continually
monitored by a team of
information technology
professionals. Unless Clinton
invested millions of dollars in a
personal IT department, her
“homebrew” account would have
been a godsend to any number of
hackers working for foreign
intelligence services, not to
mention the usual gang of trolls
and snoops.
Clinton faces a greater jeopardy,
however, one that involves a little-
known, emerging threat. This
danger is not from what others
may have learned from her emails,
but from interpolation – the
possibility that someone may have
altered her emails to foreign
governments, as well as their
responses back to her.
[SEE: Editorial Cartoons on Hillary
Clinton]
I learned about this threat of
interpolation while researching a
book, "Digital Assassination," with
my co-author, Richard Torrenzano.
In our investigations, we
discovered that hackers are
growing ever more sophisticated
in altering sent emails.
What was done to one
international shipping company
we studied could have been done
to Clinton. This U.S.-based
company was stunned when a
muckraking online journal
revealed emails showing their top
executives sending offers of
explicit bribes to a cabinet official
of an African government.
One email sent from the
company’s computers said,
“please inform Madame President
that her concerns will be
addressed … the first payment of
US$1 million will be made after
our contract is signed.”
The response from the cabinet
official read: “I have been assured
by the President that the process
will not be opened to bid … But
keep in mind, that in order for her
to look transparent she has to be
on the offensive don’t take it
personal its [sic] just for show.”
[READ: The Ghost of Scandals
Past]
These messages put the leaders of
that company in direct danger of
prosecution under the U.S.
Foreign Corrupt Practices Act.
The offer of a bribe had indeed
been sent from the computer of
the holder of that corporate email
account. The response had been
sent from the computer of the
cabinet official. This was not a
simple matter of guessing
someone’s password. These
messages resulted from deep
intrusions into corporate and
government systems by a talented
hacker. After spending a fortune
on detectives, lawyers and IT
sleuths, the company was able to
prove that these were legitimate
emails that had been altered to
look self-incriminating, most likely
by a competitor.
“But proving what’s been altered
and explaining that in a way that
anyone would believe was a very
difficult process,” one IT
investigator told us. It took
investigators 18 months after the
cyberattack – working at breakneck
speed – to clear the company.
Private individuals need to be
concerned about intrusion as
well. In one case we researched, a
Virginia man accused by his ex-
girlfriend of assaulting her was
asked by police if he had sent
coarse and threatening emails to
her. When shown messages that
had come from his IP address, he
could not give a straight answer.
The emails provided enough
evidence for him to be arrested on
the spot.
[SEE: Editorial Cartoons on the
2016 Presidential Elections]
After spending a small fortune on
a digital forensic investigation,
the man learned that one set of
the incriminating emails had
been written by him while he was
drunk and seething with anger.
But he had shown the good sense
to file these emails in the “drafts”
folder of his account, never
sending them. The other set of
threatening emails had been
infiltrated into his account.
So someone who guessed this
man’s username and password
accessed his email account, sent
the draft messages and added
some new ones. It took some time,
but the Virginia man was able to
track the activity back to his ex-
girlfriend’s IP address and clear
himself with the authorities.
In diplomacy, substituting a
single word can shake the world.
Clinton opened herself up to the
chance that a sophisticated
intruder could have inserted
subtle alterations to her
messages, changing commitments
she made on our behalf to foreign
governments.
It may now be necessary for the
government to spend months and
millions of dollars validating the
digital fingerprints of every email
Clinton sent as secretary of state.
The greatest danger of all to
Clinton is the fallibility of human
memory. In both cases, when
these victims were presented with
self-incriminating emails, they
could not rule out that they might
have written it.
