[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Sign-in] [Mail] [Setup] [Help]
Status: Not Logged In; Sign In
Neocon Nuttery See other Neocon Nuttery Articles Title: The White House's impending email security disaster Yesterday my boss - who isn't the most net savvy guy in the world - got an email from Paypal claiming that there was a problem with his credit card, so he logged into his account and updated his information. Today he discovered an unexplained withdrawal for $2,600 from his Checkcard account. This is just minutes after I'd taken a look at this suspicious email and discovered that it didn't come from Paypal at all and instead directed the user to a domain called http://dancesforlifes.com which featured a facimile of the paypal login and html code that then sent his Id, Password and credit card information to a Gmail address. Oh shit!. All of this I mention just to point out that email security is not a joke and that many people will go to great lengths to get at the sensitive information we'd prefer to protect. Oh, and it appears that some of the staff of the White House have switched from the secure wh.gov server to using not just the RNC, but personal email accounts!. From Thinkprogress. Via Muckraker, U.S. News reports that "just a week after E-mails in the U.S. attorneys case became a main focus of congressional Democrats probing the firings, several aides said that they stopped using the White House system except for purely professional correspondence." "We just got a bit lazy," said one aide. "We knew E-mails could be subpoenaed. We saw that with the Clintons but I don't think anybody saw that we were doing anything wrong." But rather than use RNC accounts, "they have subsequently bought their own private E-mail system through a cellular phone or Blackberry server. When asked how he communicated, one aide pulled out a new personal cellphone and said, texting." As was pointed out in the Recommended Diary by citizen92 earlier this week, allowing their communications to be stored on unsecured non-government servers is a major security threat simply waiting to be exploited. All someone needs to do is crack the password and they're in. The White House is a huge target for electronic espionage by friendly and hostile foreign powers. For those of you who may have visited Washington, this may be evident when you stroll by the various embassies scattered around the city -- with their unusual sculptures of antennas and wires on their roofs. The Russians have a compound just three blocks north of the White House. The US Government spends undisclosed amounts on countermeasures to protect its critical information and its secure networks. And it has the experts to make sure that those countermeasures are working. But what if someone in the White House chooses to not use those counter-measures (simply to avoid leaving a subpoena-able trail of bread-crumbs) and as a results gets their password jacked? I personally know how easy this is to accomplish. Not simply because of what happened to my boss yesterday, but because once upon a time one of best friends was a hacker. Not just any hacker - The Hacker. Kevin Mitnick and I went to High School together (he later spent several years on the run from federal authorities, I - after realizing I didn't want to go Kevin's way, went on to work for the IT department at Northrop-Grumman). Way back in the late 70's I got to see first hand how he used to create password phishing programs just like the one I described at the top of this post to access LAUSD, USC and UCLA logon accounts. Ah, the classics never fade away it seems. Besides the security issues, this also may blow WH claims of extended executive priviledge completely out of the water. From Josh Marshall. "[T]his may have been too clever by half. If the presidents aides were using RNC emails or emails from other Republican political committees, they cant have even the vaguest claim to shielding those communications behind executive privilege." And they certainly can't use that claim to protect emails on their personal blackberry and cell phone now can they? Oh, and by the way - other federal agencies have banned this practice for security reasons. A reader who has a security role at a federal agency writes, "On the issue of using outside/unofficial e-mail address from official sites, the CIO at [redacted] has expressly forbade the practice for security reasons as it is all too easy to put sensitive information in an e-mail. ... Needless to say, hearing that the WH does not mandate that practice and lets [Rove] do 95% of his e-mailing from a blackberry, presumably with access to an unofficial address, is quite shocking. Still find it absolutely amazing that his clearance has not been revoked." "Amazing" simply isn't the world for it. Getting zapped for a couple grand is pretty bad, but just imagine how much of the nation's assets are being put a risk by these WH jackasses? I think Fraking Criminally Negligent is a good set of words for it - how 'bout that?
Post Comment Private Reply Ignore Thread Top Page Up Full Thread Page Down Bottom/Latest Begin Trace Mode for Comment # 7.
#2. To: ... (#0)
(Edited)
There's a little bit of BS here. Blackberries can be set up to use the enterprise's (in the case WH's) mail servers. I have little doubt that Rove's BB is tied into the WH's. Blackberries are some of the most secure wireless communications devices if properly configured. In addition, the WH has its own super-secure BB setup. While most BB communications pass through a Canadian hub before being directed to their destination, the WH has its own minihub and they completely avoid passing through Canada when doing WH BB to WH BB communications. How do I know these little details. Well... I will not have to kill you but someone will if I tell you.
Besides, it deosn't matter if the Blackberry security is ten million times better than the Whitehouse security, the Blackberry channel isn't authorized for this type of communication. If it is deliberately used for secure communication, a felony security breach has been committed. The same as burying a secret document in the woods in order to keep it safe. It might actually be safe there, but the document can legally only be stored in an approved security container.
Blackberry to any WH email recipient communications are handled by WH or NSA servers only. They are as secure as you can get these days. And, yes, the messages ARE stored/archived on a WH server. Of course, on a BB you can also have Gmail/Gtalk, Yahoo mail/Messenger and whatever else but that's not the BB's email component. When you are using the Blackberry's email service, you are safe.
No, that is the entire problem. People were using blackberries to send national security stuff to private email addresses. Private does not mean "private on an NSA server" it means Yahoo or Hotmail. I don't think there is anyway to spin this. They were sending national secrets to hotmail type accounts.
No, they resorted to private email accounts to very deliberately bypass the Whitehouse server archive - in violation of the National Archive statutes. This is like saying that Libby didn't lie to the Grand Jury because Plame flunked algebra in Jr. High and Clinton did it too.
There are no replies to Comment # 7. End Trace Mode for Comment # 7.
Top Page Up Full Thread Page Down Bottom/Latest |
||
[Home]
[Headlines]
[Latest Articles]
[Latest Comments]
[Post]
[Sign-in]
[Mail]
[Setup]
[Help]
|