Tuesday, November 28, 2017

FBI offered to assist Hillary campaign with computer security, warned that unidentified spear phishers were trying to gain access. But Hillary campaign declined FBI offer--Michael Isikoff, July 2016...DNC paid for professional security assessment then failed to follow any of its advice thus allowing malware to remain on its system almost a year-Bloomberg, July 2016

.
In March 2016 FBI warned Hillary campaign in Brooklyn that unidentified "spear phishing" email scammers were attempting to gain access to its computers. FBI offered assistance, asked for access to Hillary's system to help trace the spear phishers. Unfortunately, the Hillary campaign declined FBI's help claiming it was too intrusive. Isikoff: "The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously."...

7/28/2016, "FBI warned Clinton campaign last spring of cyberattack," Michael Isikoff, Yahoo News  

"The FBI warned the Clinton campaign that it was a [potential] target of a cyberattack last March (2016), just weeks before the Democratic National Committee discovered it had been penetrated by hackers it now believes were working for Russian intelligence, two sources who have been briefed on the matter told Yahoo News. 

In a meeting with senior officials at the campaign’s Brooklyn headquarters, FBI agents laid out concerns that cyberhackers had used so-called spear-phishing emails as part of an attempt to penetrate the campaign’s computers, the sources said. One of the sources said agents conducting a national security investigation asked the Clinton campaign to turn over internal computer logs as well as the personal email addresses of senior campaign officials. 

But the campaign, through its lawyers, declined to provide the data, deciding that the FBI’s request for sensitive personal and campaign information data was too broad and intrusive, the source said. 

A second source who had been briefed on the matter and who confirmed the Brooklyn meeting said agents provided no specific information to the campaign about the identity of the cyberhackers or whether they were associated with a foreign government. The source said the campaign was already aware of attempts to penetrate its computers and had taken steps to thwart them, emphasizing that there is still no evidence that the campaign’s computers had actually been successfully penetrated. 

But the potential that the intruders were associated with a foreign government should have come as no surprise to the Clinton campaign, said several sources knowledgeable about the investigation. Chinese intelligence hackers were widely reported to have penetrated both the campaigns of Barack Obama and John McCain in 2008. 

The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously. It came just four months after the DNC had also been contacted by FBI agents alerting its information technology specialists about a cyberattack on its computers, the sources told Yahoo News. As with the warning to the Clinton campaign, the FBI initially provided no details to the DNC.... 

By mid-May, Director of National Intelligence James Clapper was telling reporters that US. Intelligence officials “already had some indications” of hacks into political campaigns that were likely linked to foreign governments and that “we’ll probably have more.” 

In a talk at the Aspen Security Forum Thursday, Clapper said the U.S. government is not “quite ready yet” to “make a public call” on who was behind the cyberassault on the DNC, but he suggested one of “the usual suspects” is likely to blame. “We don’t know enough [yet] to…ascribe a motivation, regardless of who it may have been,” Clapper said.... 

Clapper is reportedly among a number of U.S. intelligence officials who have resisted calls to publicly blame the Russians, viewing it as likely the kind of activity that most intelligence agencies engage in. “[I’m] taken aback a bit by…the hyperventilation over this,” Clapper said during his Aspen appearance, adding in a sarcastic tone, “I’m shocked somebody did some hacking. That’s never happened before.”... 

The FBI’s request to turn over internal computer logs and personal email information came at an awkward moment for the Clinton campaign, said the source, familiar with the campaign’s internal deliberations. At the time, the FBI was still actively and aggressively conducting a criminal investigation into whether Clinton had compromised national security secrets by sending classified emails through a private computer server in the basement of her home in Chappaqua, N.Y. There were already press reports, to date unconfirmed, that the investigation might have expanded to include dealings relating to the Clinton Foundation. Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe. At the Brooklyn meeting, FBI agents emphasized that the request for data was unrelated to the separate probe into Clinton’s email server. 

But after deliberating about the bureau’s request, and in light of the lack of details provided by the FBI and the absence of a subpoena, the Clinton campaign chose to turn down the bureau's request, the source said."
..........................

Added: Spear phishing is not new, FBI has detailed warnings about it since at least 2009. 4/1/2009, "Spear Phishers," FBI.gov 

It's common knowledge thatmost successful hacks today start with a phishing attack," and that "Gmail [used by Hillary campaign manager Podesta] is successful target for more than half of all data drop email accounts, making it the top webmail service used by attackers to receive credentials stolen via phishing." (So why was Podesta using Gmail?)
...........................

Added: In March 2016, a Hillary campaign IT worker declared a spear phishing email "legitimate," urged "immediate" clicking on the tempting link, thus beginning the flood of Podesta emails. 

10/28/2016, "How Podesta's Gmail Account Was Breached," the smokinggun.com 


7/26/2016, "Democrats Ignored Cybersecurity Warnings Before Theft," Bloomberg, Michael Riley [As of 11/27/2017, this article requires subscription]

"The Democratic National Committee was warned last fall that its computer network was susceptible to attacks but didn’t follow the security advice it was given, according to three people familiar with the matter.

The missed opportunity is another blow to party officials already embarrassed by the theft and public disclosure of e-mails that have disrupted their presidential nominating convention in Philadelphia and led their chairwoman to resign.

Computer security consultants hired by the DNC made dozens of recommendations after a two-month review, the people said. 


Following the advice, which would typically include having specialists hunt for intruders on the network, might have alerted party officials that hackers had been lurking in their network for weeks -- hackers who would stay for nearly a year Instead, officials didn’t discover the breach until April (2016).... 

Security Flaws 

The review found problems ranging from an out-of-date firewall to a lack of advanced malware detection technology on individual computers, according to two of the people familiar with the matter.

The firm recommended taking special precautions to protect any financial information related to donors and internal communications including e-mails, these people said.

The DNC paid $60,000 for the assessment, according to federal filings....

Missed Warnings 

The security review commissioned by the DNC was perhaps the most detailed of a series of missed warnings. Officials at both the Republican National Committee and the DNC received government briefings on espionage and hacking threats beginning last year (2015), and then received a more specific briefing this spring, according to another person familiar with the matter.


Cyber-security assessments can be a mixed blessing. Legal experts say some general counsels advise organizations against doing such assessments if they don’t have the ability to quickly fix any problems the auditors find, because customers and shareholders could have cause to sue if an organization knowingly disregards such warnings."...

10/29/2016, "Democrats should ask Clinton to step aside," Chicago Tribune, John Kass, opinion

"It's obvious the American political system is breaking down. 

It's been crumbling for some time now, and the establishment elite know it and they're properly frightened. Donald Trump, the vulgarian at their gates, is a symptom, not a cause. Hillary Clinton and husband Bill are both cause and effect....
 
If you take a step back from tribal politics, you'll see that Mrs. Clinton has clearly disqualified herself from ever coming near classified information again. If she were a young person straight out of grad school hoping to land a government job, Hillary Clinton would be laughed out of Washington with her record. She'd never be hired. 

As secretary of state she kept classified documents on the home-brew server in her basement, which is against the law. She lied about it to the American people. She couldn't remember details dozens of times when questioned by the FBI. Her aides destroyed evidence by BleachBit and hammers. Her husband, Bill, met secretly on an airport tarmac with Attorney General Loretta Lynch for about a half-hour, and all they said they talked about was golf and the grandkids. 

And there was no prosecution of Hillary. That isn't merely wrong and unethical. It is poisonous.

And during this presidential campaign, Americans were confronted with a two-tiered system of federal justice: one for standards for the Clintons and one for the peasants.

I've always figured that, as secretary of state, Clinton kept her home-brew email server — from which foreign intelligence agencies could hack top secret information — so she could shield the influence peddling that helped make the Clintons several fortunes.

The Clintons weren't skilled merchants. They weren't traders or manufacturers. The Clintons never produced anything tangible. They had no science, patents or devices to make them millions upon millions of dollars. 

All they had to sell, really, was influence. And they used our federal government to leverage it. "...


 

..................

No comments: