Unless you are just now exiting a cave, surely you have heard all the news covering Hillary Clinton's use of email during her time as our Secretary of State. For those unaware, in a nutshell Hillary Clinton used her own email address, instead of her State Department one, leading to speculation she did it to circumvent archiving. Yes, we are back in the 90s!
But this story got to new levels of crazy yesterday when the AP claimed that Hillary Clinton used a "homebrew" server to handle her emails. That server is claimed to have been inside her house. This really kicked us into overdrive.
Before I start getting into details about this, let me disclose that I am going to really start talking all geeky like. Why? Because I have close to 20 years experience with running servers, including email. Email servers are also one of the most complicated to run. The reason for that is because of spam. To have a properly configured email server that doesn't get blocked by the big boys, like GMail, requires special configurations. It's not so much a super techy jargon kind of thing, but rather a specific checklist of things you must do to prevent the much dreaded blacklist.
As you probably know the internet works off of a serious of numbers, called an IP address. Everything connected to it has this address. For example, when you reached this article your browser went to 18.104.22.168. Now you didn't type that in, and your URL bar in your browser says intoxination.net. That's because the internet is smart and knew people couldn't remember all these numbers, so they created a thing called domain names. Domain names are nothing more than a phone book. They take that nice name, like intoxination.net, and convert it to those numbers, such as 22.214.171.124.
The AP story of a "homebrew" server was based off of a history of these domain records. Apparently this was determined through archived versions of this internet phone book, known in our geek world as domain records. You can see the history for mail.clintonemail.com here.
First off, I would like to make known that this in no way indicating that mail.clintonemail.com was the actual virtual post office for @clintonemail.com. The only way to know that would be to have a historical copy of what is known as the MX record for their domain. The MX record is short for Mail Exchange, and as you can guess it is what tells other servers where to send the email. The MX record for @clintonemail.com could have been pointed to anything they wanted.
So back to the AP story. For this, I'm going to let Bob Cesca take over:
As of this writing, the mail.clintonemail.com domain name doesn’t point us to Chappaqua, NY at all. However, its DNS history is connected to the IP address 126.96.36.199. If we look up the domains associated with that IP, we get a listing for the domain name wjcoffice.com, which is named in the AP article as being “linked to the same residential Internet account as Mrs. Clinton’s email server.” Obviously “wjc” is an acronym for “William Jefferson Clinton.” What name is listed on that domain? “Eric Hoteham,” aka Eric Hothem, in Chappaqua. But, and this is a big deal, if we do a separate IP locator search, the IP returns the following information:
ISP: Optimum Online
Organization: Optimum Online
AS Number: AS6128 Cablevision Systems Corp.
That’s an internet service provider. Optimum naturally offers website and email hosting services, the latter of which can be used with whatever domain name you own.
I'm going to disagree with Bob's assessment on this showing that she most likely didn't have an email server in her house. If you look at the hostname for that IP address, you see static.optonline.net. What that shows is this comes from something called the static pool of Optimum's internet services. Why would you need this static IP address? Well static IP addresses never change. That means those domain records need updated less. And why would you want that? Well, I'll go to the source here and let Optimum explain it:
Optimum Online Static IP improves the accessibility of your network and devices, making them more reachable, whether it's a camera, VPN, Web or email server.
So Optimum flat out says that you would want this extra service if you are running an email server from your home, business, whatever. So the IP information from the period of time Clinton was Secretary of State actually proves the claim that she ran a server from her house, more than disproves it. Still, that's no big deal. The Clinton's have a lot of money and run a world wide foundation. To think that they can't afford a quality server and a professional to run that server is foolish. And in reality, if she is going to use her own email address, then having it stored on a server inside of her house is much more secure than it being in some data center, where any employee has access to it. In their house. the Clinton's know exactly who has access to the physical, metal box.
But the speculation didn't stop here. Bloomberg decided to look further into this, and some security
Although Clinton worked hard to secure the private system, her consultants appear to have set it up with a misconfigured encryption system, something that left it vulnerable to hacking, said Alex McGeorge, head of threat intelligence at Immunity Inc., a Miami Beach-based digital security firm.
First thing I wondered when reading this is how were they able to tell how secure a server that has been offline for at least 6 months really is? Unless they have the super-geeky crystal ball, there is no way. So that must mean they are going off the current domain records. Fine, I'll bite. Let's look at where Clinton's current email goes to. For this, I will show you what an MX record looks like:
;; ANSWER SECTION:
clintonemail.com. 3195 IN MX 10 clintonemail.com.inbound10.mxlogic.net.
clintonemail.com. 3195 IN MX 10 clintonemail.com.inbound10.mxlogicmx.net.
What that techy looking stuff is saying is that anything that is sent to anyone @clintonemail.com should transport that email to a server at clintonemail.com.inbound10.mxlogic.net. Apparently that is what they are calling insecure:
Hillary Clinton’s personal address couldn’t securely receive email. But… neither could her State Department address. pic.twitter.com/JNHkSutYlc
— Jonathan Mayer (@jonathanmayer) March 3, 2015
But notice something? Going back to the server Clinton's emails are actually sent to, clintonemail.com.inbound10.mxlogic.net, we can notice that the actual domain is mxlogic.net. What is that?
MXLogic is a service run by the big anti-virus, security firm known as McAffee. It's a business service they offer to secure emails, as well as prevent spam. So unless the world's biggest anti-virus company is actually some guys living in the Clinton's basement, the security basis that Bloomberg is putting out is flat out false, and their so called "security experts" should really be fired.
So what does all this mean? Well that's where the answer gets really complicated, so let me break it down
The AP reported that the IP address for Hillary's email back when she was SOS was registered to her house in New York, under some guy named Eric Hoteham.
Ok, and that proves what? That's the name and address of the registrant. It does not mean that the IP went there. It could have gone to some business or anywhere, though most likely it did go to their house. Of course what happened to it once it get to their house, we just don't know. It could have been proxied off to another server or anything. Simply put, unless that server came back online, we have no way of knowing.
This was for the domain mail.clintonemail.com, so it has to be where her email went!!!
FALSE! Where an email goes is determined by a record known as the MX record for a domain. It could go to mail.clintonemail.com, poopyface.republicans.gop, stopspeculating.clintonhatredsyndrome.omg, or anything. Again, this record has long been changed and the old one gone, so we just don't know.
But her current MX record points to some insecure server!
Yes it failed a TLS test, but that server is not in the basement of Bill and Hillary, it's a server owned by the world's largest security firm. Perhaps that's a way that McAfee fishes out the bad boys, by presenting insecure information. To answer that, we would have to ask McAfee. And unless the world's largest security company, owned by ther world's largest CPU manufacturer, Intel, is hidden inside the Clinton's New York house, then this is just flat out WRONG!
So then what's the answer, already!!!
Like I said, the answer is very complicated. The answer is "WE DON'T KNOW!" We are talking about an old email servers that are now offline. We have no way to show where they were, what software they were running and if they were secure or not.
At this point in the story everything we are being told is purely speculation and so much appears to be nothing more than hit pieces, written by people who really don't know what they are talking about. For one example of this, let me quote this little tidbit from Wired Magazine:
The most obvious security issue with Clinton running her own email server, says Soghoian, is the lack of manpower overseeing it compared with the State Department’s official email system. The federal agency’s own IT security team monitors State Department servers for possible vulnerabilities and breaches, and those computers fall under the NSA’s protection, too. Since 2008, for instance, the so-called Einstein project has functioned as an umbrella intrusion-detection system for more than a dozen federal agencies; Though it’s run by the Department of Homeland Security, it uses NSA data and vulnerability-detection methods.
Apparently the people at Wired never heard of Edward Snowden. And perhaps they missed this bit of news:
Three months after the U.S. State Department confirmed hackers breached its unclassified email system, the government has still not been able to evict them from the network, the Wall Street Journal reported on Thursday, citing three people familiar with the investigation.
True news is a busy, busy thing and who can remember a story way back on February 20, 2015?