[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

How Anish heat a barn

This is an Easy Case SCOTUS Takes On The UN and Mexico's Gun Control Alliance!

Would China Ever Invade Russia? Examining a Possible Scenario

Why Putin Can NEVER Use a Nuclear Weapon

Logical Consequence of Freedom4um point of view

Tucker Carlson: This current White House is being run by Satan, not human beings

U.S. Submarines Are Getting a Nuclear Cruise Missile Strike Capability: Destroyers Likely to Follow

Anti-Gun Cat Lady ATTACKS Congress Over Mexico & The UN!

Trump's new border czar will prioritize finding 300,000 missing migrant children who could be trafficking victims

Morgan Stanley: "If Musk Is Successful In Streamlining Government, It Would Broaden Earnings Growth And Stock Performance"

Bombshell Fauci Documentary Nails The Whole COVID Charade

TRUTH About John McCain's Service - Forgotten History

Bombshell Fauci Documentary Nails The Whole COVID Charade

Joe Rogan expressed deep concern that Joe Biden and Ukrainian President Zelensky will start World War III

Fury in Memphis after attempted murder suspect who ambushed FedEx employee walks free without bail

Tehran preparing for attack against Israel: Ayatollah Khamenei's aide

Huge shortage plagues Israeli army as losses mount in Lebanon, Gaza

Researchers Find Unknown Chemical In Drinking Water Posing "Potential Human Health Concern"

Putin visibly ‘shocked’ by US green-light for long-range missiles to strike inside Russia

The Problem of the Bitcoin Billionaires

Biden: “We’re leaving America in a better place today than when we came into office four years ago … "

Candace Owens: Gaetz out, Bondi in. There's more to this than you think.

OMG!!! Could Jill Biden Be Any MORE Embarrassing??? - Anyone NOTICE This???

Sudden death COVID vaccine paper published, then censored, by The Lancet now republished with peer review

Russian children returned from Syria

Donald Trump Indirectly Exposes the Jewish Neocons Behind Joe Biden's Nuclear War

Key European NATO Bases in Reach of Russia's Oreshnik Hypersonic Missile

Supervolcano Alert in Europe: Phlegraean Fields Activity Sparks Scientists Attention (Mass Starvation)

France reacted to the words of a US senator on sanctions against allies

Trump nominates former Soros executive for Treasury chief


Neocon Nuttery
See other Neocon Nuttery Articles

Title: The White House's impending email security disaster
Source: Kos
URL Source: http://www.dailykos.com/story/2007/3/28/112424/169
Published: Mar 28, 2007
Author: Vyan
Post Date: 2007-03-28 12:29:33 by ...
Keywords: None
Views: 213
Comments: 9

Yesterday my boss - who isn't the most net savvy guy in the world - got an email from Paypal claiming that there was a problem with his credit card, so he logged into his account and updated his information.

Today he discovered an unexplained withdrawal for $2,600 from his Checkcard account. This is just minutes after I'd taken a look at this suspicious email and discovered that it didn't come from Paypal at all and instead directed the user to a domain called http://dancesforlifes.com which featured a facimile of the paypal login and html code that then sent his Id, Password and credit card information to a Gmail address.

Oh shit!.

All of this I mention just to point out that email security is not a joke and that many people will go to great lengths to get at the sensitive information we'd prefer to protect. Oh, and it appears that some of the staff of the White House have switched from the secure wh.gov server to using not just the RNC, but personal email accounts!.

From Thinkprogress.

Via Muckraker, U.S. News reports that "just a week after E-mails in the U.S. attorneys case became a main focus of congressional Democrats probing the firings, several aides said that they stopped using the White House system except for purely professional correspondence."

"We just got a bit lazy," said one aide. "We knew E-mails could be subpoenaed. We saw that with the Clintons but I don't think anybody saw that we were doing anything wrong."

But rather than use RNC accounts, "they have subsequently bought their own private E-mail system through a cellular phone or Blackberry server. When asked how he communicated, one aide pulled out a new personal cellphone and said, ‘texting.’"

As was pointed out in the Recommended Diary by citizen92 earlier this week, allowing their communications to be stored on unsecured non-government servers is a major security threat simply waiting to be exploited. All someone needs to do is crack the password and they're in.

The White House is a huge target for electronic espionage by friendly and hostile foreign powers. For those of you who may have visited Washington, this may be evident when you stroll by the various embassies scattered around the city -- with their unusual sculptures of antennas and wires on their roofs. The Russians have a compound just three blocks north of the White House.

The US Government spends undisclosed amounts on countermeasures to protect its critical information and its secure networks. And it has the experts to make sure that those countermeasures are working.

But what if someone in the White House chooses to not use those counter-measures (simply to avoid leaving a subpoena-able trail of bread-crumbs) and as a results gets their password jacked?

I personally know how easy this is to accomplish. Not simply because of what happened to my boss yesterday, but because once upon a time one of best friends was a hacker. Not just any hacker - The Hacker. Kevin Mitnick and I went to High School together (he later spent several years on the run from federal authorities, I - after realizing I didn't want to go Kevin's way, went on to work for the IT department at Northrop-Grumman). Way back in the late 70's I got to see first hand how he used to create password phishing programs just like the one I described at the top of this post to access LAUSD, USC and UCLA logon accounts.

Ah, the classics never fade away it seems.

Besides the security issues, this also may blow WH claims of extended executive priviledge completely out of the water. From Josh Marshall.

"[T]his may have been too clever by half. If the president’s aides were using RNC emails or emails from other Republican political committees, they can’t have even the vaguest claim to shielding those communications behind executive privilege."

And they certainly can't use that claim to protect emails on their personal blackberry and cell phone now can they?

Oh, and by the way - other federal agencies have banned this practice for security reasons.

A reader who has a security role at a federal agency writes, "On the issue of using outside/unofficial e-mail address from official sites, the CIO at [redacted] has expressly forbade the practice for security reasons as it is all too easy to put sensitive information in an e-mail. ... Needless to say, hearing that the WH does not mandate that practice and lets [Rove] do 95% of his e-mailing from a blackberry, presumably with access to an unofficial address, is quite shocking. Still find it absolutely amazing that his clearance has not been revoked."

"Amazing" simply isn't the world for it.

Getting zapped for a couple grand is pretty bad, but just imagine how much of the nation's assets are being put a risk by these WH jackasses?

I think Fraking Criminally Negligent is a good set of words for it - how 'bout that?

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: ... (#0)

But rather than use RNC accounts, "they have subsequently bought their own private E-mail system through a cellular phone or Blackberry server. When asked how he communicated, one aide pulled out a new personal cellphone and said, ‘texting.’"

As was pointed out in the Recommended Diary by citizen92 earlier this week, allowing their communications to be stored on unsecured non-government servers is a major security threat simply waiting to be exploited. All someone needs to do is crack the password and they're in.

Sorcha Faal may have very accurate information bump!

"The line separating good and evil passes not through states, nor between classes nor between parties either — but right through the human heart." — Aleksandr Solzhenitsyn

robin  posted on  2007-03-28   13:08:41 ET  Reply   Trace   Private Reply  


#2. To: ... (#0) (Edited)

Needless to say, hearing that the WH does not mandate that practice and lets [Rove] do 95% of his e-mailing from a blackberry, presumably with access to an unofficial address, is quite shocking. Still find it absolutely amazing that his clearance has not been revoked."

There's a little bit of BS here.

Blackberries can be set up to use the enterprise's (in the case WH's) mail servers. I have little doubt that Rove's BB is tied into the WH's. Blackberries are some of the most secure wireless communications devices if properly configured. In addition, the WH has its own super-secure BB setup. While most BB communications pass through a Canadian hub before being directed to their destination, the WH has its own minihub and they completely avoid passing through Canada when doing WH BB to WH BB communications.

How do I know these little details. Well... I will not have to kill you but someone will if I tell you.

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2007-03-28   13:12:38 ET  Reply   Trace   Private Reply  


#3. To: a vast rightwing conspirator (#2)

Maybe, but emails on a private account are on some random drive in some random colo factility completely outside the control of the NSA and others in charge of the security. That is why they are saying there is a breach. It's like mailing someone a top secret document though a very secure mail system and then leaving the document laying out on a table in the mall.

.

...  posted on  2007-03-28   13:49:58 ET  Reply   Trace   Private Reply  


#4. To: a vast rightwing conspirator (#2)

Besides, it deosn't matter if the Blackberry security is ten million times better than the Whitehouse security, the Blackberry channel isn't authorized for this type of communication. If it is deliberately used for secure communication, a felony security breach has been committed. The same as burying a secret document in the woods in order to keep it safe. It might actually be safe there, but the document can legally only be stored in an approved security container.

.

...  posted on  2007-03-28   13:52:56 ET  Reply   Trace   Private Reply  


#5. To: ... (#4)

Blackberry to any WH email recipient communications are handled by WH or NSA servers only. They are as secure as you can get these days. And, yes, the messages ARE stored/archived on a WH server.

Of course, on a BB you can also have Gmail/Gtalk, Yahoo mail/Messenger and whatever else but that's not the BB's email component. When you are using the Blackberry's email service, you are safe.

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2007-03-28   14:25:21 ET  Reply   Trace   Private Reply  


#6. To: a vast rightwing conspirator (#5)

Blackberry to any WH email recipient communications are handled by WH or NSA servers only.

No, that is the entire problem. People were using blackberries to send national security stuff to private email addresses. Private does not mean "private on an NSA server" it means Yahoo or Hotmail.

I don't think there is anyway to spin this. They were sending national secrets to hotmail type accounts.

.

...  posted on  2007-03-28   14:34:43 ET  Reply   Trace   Private Reply  


#7. To: All (#6)

And, yes, the messages ARE stored/archived on a WH server.

No, they resorted to private email accounts to very deliberately bypass the Whitehouse server archive - in violation of the National Archive statutes. This is like saying that Libby didn't lie to the Grand Jury because Plame flunked algebra in Jr. High and Clinton did it too.

.

...  posted on  2007-03-28   14:36:54 ET  Reply   Trace   Private Reply  


#8. To: All (#0)

From Today's Washington Post:

White House E-Mails

The public disclosure that some White House aides conduct official business using external e-mail accounts -- possibly to avert the White House e-mail system's automatic archiving -- has alarmed Congressional investigators, has piqued the interest of a (scant) few reporters, and has had a sobering effect on White House staffers.

But in the latter case, rather than properly move all their communication into the suitably secure and documented realm of the White House servers, some Bush aides are apparently instead scurrying to put more and more of their communications out of reach of history -- and, they hope, subpoenas.

Paul Bedard writes for U.S. News: "The growing controversy over the firing of federal prosecutors and what administration officials knew about it is renewing concerns among Bush aides over the less-than-secret aspect of E-emails. Those concerns were elevated this week when a House chairman asked that all aides retain their E-mails.

"But just a week after E-mails in the U.S. attorneys case became a main focus of congressional Democrats probing the firings, several aides said that they stopped using the White House system except for purely professional correspondence.

"'We just got a bit lazy,' said one aide. 'We knew E-mails could be subpoenaed. We saw that with the Clintons but I don't think anybody saw that we were doing anything wrong.'

"But the release of White House emails to the Democrats and the expanded request for more from Rep. Henry Waxman has iced the system. At least two aides said that they have subsequently bought their own private E-mail system through a cellular phone or Blackberry server. When asked how he communicated, one aide pulled out a new personal cellphone and said, 'texting.'"

White House spokeswoman Dana Perino was asked about the external e-mail traffic at yesterday's briefing:

"Q What's the White House view on the congressional Democrat calls for safeguarding political emails by the party or by anyone in the White House who may have a sort of political email account?

"MS. PERINO: What I know -- I checked into this -- is that certain White House officials and staff members who have responsibilities that straddle both worlds, that have responsibilities in communication, regular interface with political organizations, do have a separate email account for those political communications. That is entirely appropriate, especially when you think of it in this case, that the practice is in place and followed precisely to avoid any inadvertent violations of what is called the Hatch Act. And so there are some members of the administration that do straddle both worlds. And so under an abundance of caution so that they don't violate the Hatch Act, they have these separate emails.

"Q So is that traffic being safeguarded, if you will, for Congress to look at, if it decides?

"MS. PERINO: With respect to presidential records, an email that is sent to or from a White House email address is automatically archived, even if the other person is not using a White House email account. I believe our -- well, I know that our White House Counsel's Office is in communication with the RNC's (Republican National Committee] general counsel to make sure that those archivings have taken place.

"Q So if someone sent aide X an email at one of these political accounts, are you saying that it would be archived on the --

"MS. PERINO: As a general matter, I believe that to be true, but as I said, the White House -- our White House Counsel's Office is talking to the RNC just to make sure that that's the case. In some cases -- I don't know how far back that goes. I think that -- even though that there was email use in the '90s, I do think that our administration is the first, in a lot of cases, to be dealing with the volume of email that all of us deal with on a daily basis and that now you guys get to have fun with looking through.

"Q So how's the White House going to respond to the request for them?

"MS. PERINO: As I said, our White House Counsel's Office is talking to the RNC, and then we'll try to get back to you.....

"Q How many people have those accounts?

"MS. PERINO: I think it's a handful, I don't think it's a lot. Obviously, the Office of Political Affairs, because they straddle these -- both worlds. I know I don't have one."

But Perino was either accidentally or intentionally muddling the issue.

First of all, there is no question that e-mails to and from White House accounts get archived, regardless of who they come from or are sent to. The issue is what has happened to e-mails to and from White House officials that were kept entirely out of the White House system.

Secondly, while the Hatch Act would appear to prohibit the use of government resources such as e-mail accounts for political purposes, the issue here is the precise opposite: The use of political e-mail accounts for official business. And that raises all sorts of questions about preservation, security, appropriateness, and subterfuge that Perino did not address.

The House Oversight and Government Reform Commmittee on Monday directed the RNC to preserve the emails of White House officials.

And as I wrote in Friday's column, Alexis Simendinger wrote in the National Journal (subscription required): "According to one former White House official familiar with Rove's work habits, the president's top political adviser does 'about 95 percent' of his e-mailing using his RNC-based account. Many White House officials, including aides in the Political Affairs Office, use the RNC account as an alternative to their official government e-mail addresses to help keep their official and political duties separate. Although some White House officials use dual sets of electronic devices for that purpose,

"Rove prefers to use his RNC-provided BlackBerry for convenience, the former official said."

I asked the White House a series of questions about the outside e-mails two weeks ago, but have yet to hear back.

In a letter to the White House today, the activist watchdog group Citizens for Responsibility and Ethics in Government points out that a Clinton-era White House staff manual explicitly required aides to use White House e-mail accounts for "all official communications." And a September 2000 memo to White House staff specifically banned the use of other e-mail services

.

...  posted on  2007-03-28   14:45:02 ET  Reply   Trace   Private Reply  


#9. To: ... (#6)

People were using blackberries to send national security stuff to private email addresses.

You can do the exact same thing from your desktop client. The Blackberry acts only as an email client. All you do on a Blackberry is archived at the backoffice server. Trust me, I happen to know how these things are done.

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2007-03-28   15:11:16 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]