Their own internal emails explicitly mention the possibility of a hack by a foreign government and back-checking to try to rule that out.
or
???
Posted on 10/30/2016 8:52:18 AM PDT by grey_whiskers
From:simons@acm.org
To: john.podesta@gmail.com
Date: 2015-04-15 03:35
Subject: The Democracy Alliance meeting
Dear John,
I am following up on our very brief discussion, held as you were leaving the DA meeting, about Hillary Clinton's emails.
I've included a summary of the issues and a precautionary step that I think should be taken. Please let me know if I can be of any assistance.
Regards, Barbara
= = = = = = = = = = = = =
{NOTE: There is an attachment. That will be in the first comment to this thread.}
Barbara Simons
simons@acm.org
650-328-8730
I believe that this is a more serious situation than perhaps Secretary Clinton and her aides realize. Fortunately, there is a positive step that can and should be taken.
The problem. There is a very real risk that the system was broken into, possibly by Republican operatives (or China or some other country or organization). If this has happened and if there is anything that might appear problematic in those emails, whether or not it actually is, the relevant emails might be released to the press shortly before the election. Even if the system was not broken into, there is the threat that opponents might release forged emails that are difficult to impossible to distinguish from real ones.
In addition, there are questions that any computer security expert will ask, such as was the system backed up regularly. If so, then it might be possible at least to respond to forged emails. Of course the claim that the server has been wiped clean (was that also done with any backups that were created?) suggests that there may not be adequate backups.
Incidentally, depending on how the deletions on the server were done, it might be possible for the email to be recovered by a forensics expert.
What should be done. Unfortunately, nothing can be done to prevent the risks described above. Given that, it's important to know how real those risks might be. Therefore, I recommend that a forensics investigator be hired to examine the server and any backups and logs that might still exist to see if there may have been a break-in.
Jeremy Epstein is a prominent computer security expert who has recommended a company called Mandiant. (Neither Jeremy nor I have any involvment with Mandiant of any kind, including financial). According to Jeremy, they are frequently brought in after major corporate breakins. They are very discrete and, in his view, competent. I can put anyone who is interested in touch with Jeremy, who lives in Virginia.
In my opinion it is critical that a highly qualified forensics expert examine the system as soon as possible. It is important to know if there may be a problem or if an attack may have occurred, so that there can be a well thought out response prepared beforehand.
Finally, if nothing serious is uncovered by a forensics examination, that does not prove that nothing happened. Regrettably, the absence of proof of a break-in is not proof of the absence of a break-in.
“the absence of proof of a break-in is not proof of the absence of a break-in”
This is key. The system was horribly insecure, all they could possibly uncover is worry, there is no upside for them.
REFERENCE---How Podesta's emails got hacked: revealed in WikiLeaks dump
Foxnews.com ^ | October 29, 2016 / FR Posted by dirtboy
WikiLeaks has released what may be the key email that led to one of the biggest cybersecurity breaches in presidential campaign history -- allowing hackers to gain access to Clinton Campaign Chairman John Podesta’s Gmail account.
A new email thread released Friday shows Podesta got a March 19 email from “Google” notifying him someone had his "password" and tried to sign in from Ukraine.
The IT team told Podesta the message was legit and he should change his password. But it appears the email actually was a phishing ploy. Podesta's stupidity likely gave the entire world access to the contents of his account. (Excerpt) Read more at foxnews.com ...
==============================================
(SMIRK) betcha Podesta jumped in feet first when Nigerian General Kachinga Cheatchusuckah emailed Podesta. The General said all Podesta had to do to get Billions is buy some black ink for a 10 million dollar down payment. (Same scam that got Chelsea's felon FIL in a federal prison).
Their own internal emails explicitly mention the possibility of a hack by a foreign government and back-checking to try to rule that out.
or
???
Right there. Admission of intent to destroy evidence.
There's also a concern about "forged email".
In other threads, I've noted that Wikileaks has started adding a green header that the message has been authenticated with DKIM. But, the messages originating from clintonemail.com do not have that authentication.
However, if someone on GMail subsequently forwards that message, the DKIM signature will be added to the header and validate that email.
There is an additional X-AnalysisOut header being added by clientonemail.com, but I haven't been able to find any information about what those fields contain. It appears to be an anti-spam measure, but I don't know if it also contains a message digest that could be used to authenticate it.
Podesta has been the “cleanup man” for the Clinton’s a long time.
Lock that treasonist bastard up.
Its not who broke into the e-mails that matters. Its whats on the damn things that matters.. Focus people. Focus!
This is the email referenced by the Fox article:
https://wikileaks.org/podesta-emails/emailid/34899
Note the URL in the email "from Google" to change your password: https://bit.ly/1PibSU0. Don't click on that link!
It's still active, and redirects to: http://myaccount.google.com-securitysettingpage.tk. Don't click on that link, either!!!
This is why you never click on a link you receive in email. Use a bookmark, or enter the link yourself.
One of the lessons learned is that no one should use Yahoo, Google or Hotmail for business. It is too easy to be fooled into providing access because it is expected that these servers are targets.
With a smaller, work related server, you can at least verify, make a phone call etc. before providing passwords inside a VPN like control.
There are other pitfalls, too:
Wow bombshell!
Podesta is lying here. NO IT person would say that...it is very easy to identify a phishing mail. Maybe his IT staff are Ukrainians or Russians.
Mmmmmmm....nice take.
The “Podesta lies” angle should be considered.
They were probably hacked at multiple times in multiple ways by multiple sources. The Podesta phishing had nothing to do with how insecure the server was.
It’s in the leaked e-mail. Apparently the IT guy who told him that has now shut down his twitter account.
I want to point out that the Wikileaks Podesta emails are not the result of hacking Hillary’s server, but of hacking Podesta’s gmail account because 1. he had a weak password and then 2. he fell for a whaling scam to reset his password.
it's only a matter of milliseconds before a clever hacker can find her email addresses, then her (ahem!) home server, then hack that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.