FBI May "Leak" Clinton Email Probe If DOJ Blocking Continues

a reply to: Sillyolme

Guccifer said that the files he collected are in his cloud archive.

Anyway, it sounds like he just dumped files there, and just released a few things now and then that he thought would get a rise out of people. It does not mean that he actually read everything nor released everything.

Just because "we" have not seen these files does not mean that the FBI does not have them.

a reply to: butcherguy

Records show her server was never compromised. Show how and when it was unprotected.
This criminal can't show proof of his claims. He shared all the others he hacked. He never even implied he had this back then. Why not hers? He was all about the look what I did thing. He was proud of his crimes. He would have bragged Hillary for sure. He didn't...

a reply to: Sillyolme

Actually Guccifer was first arrested in Romania in Jan 2014.

Only a year after Hillary left office.

His "Library" is in FBI custody most likely.

originally posted by: Sillyolme

Records show her server was never compromised.

Source?

What "records" ?

a reply to: Sillyolme

There have been various reports that the person that set up her server was not a security expert. So, he did not have the skills to put security on the server that would have provided tracking, let alone protection against, hacking. Normal server logs, without taking extra precautions, are regularly overwritten, and would not provide logs regarding all access.

So, experts say no logs of unauthorized access is not proof that there was not unauthorized access.

Guccifer having information from the server would be proof that it was hackable, so others likely would have hacked it as well.

a reply to: xuenchen

The FBI couldn't break into a smart phone...

a reply to: xuenchen

You show me yours I'll show you mine. Aren't you getting bored with this joke yet? I am.

a reply to: BlueAjah

The guy that set up her server was the tech guy from the state dept. Not the kid next door who's good at setting up your x-box.

a reply to: Sillyolme

The FBI did hire a hacker to break into a smart phone.

And, an IPhone has encryption above and beyond a typical server. A server does not even come with encryption unless you take extra steps to add it.

a reply to: Sillyolme

I would not have to hire someone to set up my "x-box".
I AM a network system administrator. I have many servers and hundreds of other devices, including email and more systems than I could explain in one post, under my direct supervision. I am also an experienced programmer, and have a solid education in many areas related to information technology. So, I have a fairly good understanding of how things work.

I see unauthorized access attempts on our systems daily, and every day I have to tweak and update things to keep people out. And we are not even a high value target. I can imagine what the government goes through. If a device is connected to the Internet, there are people trying to get into it.

I also know enough to know that the knowledge it would take to secure a government network is far beyond even my capabilities. That is part of having knowledge - having an understanding of what it is required above your own level. So, I know that a "tech guy from the state dept" did not necessarily have security expertise required to secure a government network, and I believe the experts who have evaluated his capabilities.

ETA: The above is the reason this case interests me so much. Kind of a geek thing I guess

a reply to: Sillyolme

Pagliano was merely a sysadmin and in no way was he qualified for what he was hired to do:

Three cybersecurity experts said they found Lazar's explanation for accessing the Clinton server plausible but had questions.

Cybersecurity expert Morgan Wright explained how the FBI could marry up available evidence, including forensics or the configuration of the server and its folders, to assess his claims. "So we're going to map these things together, and if those things match up together, they're going to say ‘yes, this was compromised,’ then it means it was open to other people to compromise as well," he said.

Since Fox News reported on Guccifer’s claims Wednesday, anonymous sources have reported that a review of the Clinton hard drives does not appear to indicate a breach. However, Wright and other experts warned that Clinton IT specialist Bryan Pagliano was the server's administrator and not principally a cybersecurity specialist – and may not have installed an adequate detection system for a Cabinet secretary’s email.

“If you have a bank and you have one video camera when you need 20, then you missed it,” Wright said. “If they weren't capturing all the activity, their security logs may say they didn’t see anything."

Romanian hacker who claims he breached Clinton server says he spoke with FBI at length

Again, server logging has to be specifically configured in order for it to be able to catch intrusions. If it isn't, you'll never know who was in your system.

I've set up email servers for people, SMALL websites with an Imail server..(back then), and Clinton saying the server was never hacked is 100% BS...

See, hackers have Port sniffing bots. they look for open POP and SMTP ports. IF they are open, it tells the bot to try to brute force log in... I've looked in logs--within ONE day, I saw 9-15 diff IP's from Russia and China hitting it, trying to relay through the email server (to spam bounce). I locked that down, and had 3 other tricks on top of that--which I doubt this guy with the server in a CLOSET didn't do.

What you'll see the bot do is try email address names from A-Z with your domain name. Say relaying was allowed, and they happened to hit a real email address. Well, then they could send millions of emails out or log in to your email MAYBE... (that's another trick) but if you turn on username/password ON for OUTGOING SMTP email as well as POP, they cannot relay. that's step 2.. there are others too.

But I can promise you, a hackers port sniffer hit her server within days of it being up. and with a domain like that, she'd be hacked so fast.. MANY older email server software packages have major holes in them.. many have been patched, but others went out of business, so.. no patch...

With an email server you have POP, SMTP, FINGER.. etc for ports that would be open.. you really only need to open 2.
But I doubt it was highly encrypted. and if the actual username and password were not hashed/encrypted, someone good enough could see that in stream, and boom, have her login info, and can even set the logs to ignore their IP logging in. Scary stuff. Glad I don't have to mess with that anymore.. was stressful, but I learned SO much from it.

a reply to: Pharyax

Exactly. I see port sniffing and brute force attacks on our email all of the time. If there is an IP on the Internet, it will be found immediately, and the bots will never stop trying.

I also see those 24/7 attempts from mostly China and Russian IPs and also other countries.

And you have to keep an eye on it. You may think you have it locked down, and somehow they come up with something new. You can lock it down to only necessary ports, and use TLS, and use password complexity rules, but even having the necessary ports open makes you a target. You can have automatic IP blacklisting after so many attempts, and tons of other precautions in place. Even the best firewalls need regular attention.

And still you HAVE to check on it regularly. Even with automatic reporting notifications of certain patterns, you need to check the logs constantly, or things can be happening undetected for days if you were not paying attention.

We are NOT a high value target. Government has entire staffs of people monitoring their systems 24/7.

So, some tech guy sets up a server and sticks it in a bathroom. It might keep working just fine, as far as sending and receiving emails, with little intervention, but if no one was watching it, I would guarantee 100% that it was hacked. Repeatedly.

.

I'm still waiting to hear more about what they found from the cloud backups of the email server, that Clinton apparently did not know existed.
They have turned over the backups to the FBI.
If they find emails that Clinton did not turn in, she could be in more trouble.

Unbeknownst to Clinton, IT firm had emails stored on cloud; now in FBI’s hands

originally posted by: BlueAjah
a reply to: Pharyax

Exactly. I see port sniffing and brute force attacks on our email all of the time. If there is an IP on the Internet, it will be found immediately, and the bots will never stop trying.

I also see those 24/7 attempts from mostly China and Russian IPs and also other countries.

And you have to keep an eye on it. You may think you have it locked down, and somehow they come up with something new. You can lock it down to only necessary ports, and use TLS, and use password complexity rules, but even having the necessary ports open makes you a target. You can have automatic IP blacklisting after so many attempts, and tons of other precautions in place. Even the best firewalls need regular attention.

And still you HAVE to check on it regularly. Even with automatic reporting notifications of certain patterns, you need to check the logs constantly, or things can be happening undetected for days if you were not paying attention.

We are NOT a high value target. Government has entire staffs of people monitoring their systems 24/7.

So, some tech guy sets up a server and sticks it in a bathroom. It might keep working just fine, as far as sending and receiving emails, with little intervention, but if no one was watching it, I would guarantee 100% that it was hacked. Repeatedly.

.

Yep! Exactly how it goes.. When I heard these idiots saying 'it was never hacked', I was like YOU DON'T EVEN KNOW! So stop talking dude (some guy on TV spouting crap he knows nothing about).
Some server software has a kill list, which you drop IP addresses in it--the ones that brute force hit it--causing a 2-5mb log file per day-- I do a whois IP, and its Russian or China, so I go to my client, and ask, "do you have ANY contacts in china or Russia? Will you ever in the future?" He said no, so I subnet banned ALL of Russia and China--which helped weed out 80% of the bots, but they can bounce to another zombie server and hit it from there via rerouting.

I mean, FOX, CNN or anyone else could get even a semi-pro server tech to tell them this on the air. But I have yet to see it happen..

The MAIN question I want to know is this: What server software was Clinton's 'tech' using for email. I'd be VERY interested in that.. It would let us know how good or BAD the software was..

I have a feeling the ONLY Reason the DOJ is blocking this is due to one man. (Even though he's gone). Eric Holder.
He had/has? his hands in all kinds of shady stuff I hear.. heh..

I commend the FBI for wanting the truth released. Good on them. DOJ doesn't want Justice huh? What an oxymoron. should be DOC (Dept. of Corruption) lol...

What happens if she goes to jail, or even gets a felony charge? She can't be President with a felony right? So what happens? Bernie becomes the candidate? Man.. you thought 2000's election was nuts, imagine this playing out... it'll be unprecedented and divide the Country even more maybe. I sure hope not. It'll just show everyone that Clinton WAS lying. (Shocker!)...

a reply to: Pharyax

What happens if she goes to jail, or even gets a felony charge? She can't be President with a felony right? So what happens?

Don't you recall? BHO has a pen and a phone and if they rap it quick enough he can grant her one of his goodbye pardons presidents have been fond of handing out on their way out the door these past few administrations.

originally posted by: jadedANDcynical
a reply to: Pharyax

What happens if she goes to jail, or even gets a felony charge? She can't be President with a felony right? So what happens?

Don't you recall? BHO has a pen and a phone and if they rap it quick enough he can grant her one of his goodbye pardons presidents have been fond of handing out on their way out the door these past few administrations.

Oh man... He wants a 'Legacy' like that huh? If he did that, I think the public would dump her--well, at least a LOT would.. She's like a damn cockroach..

originally posted by: Sillyolme
a reply to: xuenchen

The FBI couldn't break into a smart phone...

Wrong again.

FBI says it has cracked terrorist's iPhone without Apple's help

The Department of Justice says the FBI has accessed the iPhone used by one of the gunmen in the San Bernardino terrorist shooting. Law enforcement officials were able to break into the phone used by Syed Farook with the help of an unnamed third party. Government officials did not go into detail about what was found on the phone. "The FBI has now successfully retrieved the data stored on the San Bernardino terrorist's iPhone and therefore no longer requires the assistance from Apple required by this Court Order," DOJ spokeswoman Melanie Newman said in a statement. The DOJ is dropping the case against Apple, since it no longer needs the company's help.

www.nbc-2.com...-LkYQrLIU

a reply to: BlueAjah

Why was it in a bathroom?

Did she answer that question already?

How can she be getting away with this?

a reply to: Pharyax

She's like a damn cockroach..

Pretty close.
But I believe that if I sat and thought for a while, I could come up with one positive attribute for a cockroach.