Cybersecurity

Clinton hackers likely criminals, not spies, experts say

The hackers who attempted to crack then-Secretary of State Hillary Clinton’s private email server were most likely part of an Eastern European cyber crime syndicate, experts said Thursday.

But these same syndicates have been known to sell pilfered information to the highest bidder and have increasingly strong ties to the Russian government, the same security researchers added.

{mosads}The Associated Press reported Wednesday night that Russia-linked hackers had targeted the private email account Clinton used during her time as secretary of State.

At least five messages released by the State Department Wednesday were fake speeding ticket notifications. The emails from 2011 tried to lure Clinton, who is running for the Democratic presidential nomination, into opening an attachment that would have given the digital intruders access to her account.

The discovery has underlined concerns about the security of the private server that hosted Clinton’s email. It has also drawn more criticism that Clinton’s private setup exposed potentially classified data to foreign spies.

“I know it’s very sensitive because you have a presidential race going on right now,” said House Intelligence Committee Chairman Devin Nunes (R-Calif.) at a Washington Post forum on Thursday. “But this has to be on our committee. When classified information leaks out, this is clearly in our jurisdiction.”

Sen. Marco Rubio (R-Fla.), also a 2016 presidential candidate, said the incident demonstrates Clinton’s “incompetence,” calling her setup “malpractice” and “inexcusable.”

Nick Merrill, a Clinton campaign spokesman told the AP there is “no evidence to suggest she replied to this email or that she opened the attachment.”

Clinton’s team has maintained there is no evidence her private system was breached at any point or that any classified information passed through it.

“All these emails show is that, like millions of other Americans, she received spam,” Merrill said.

And he’s right. According to specialists, the emails in question employ a common Eastern European cyber theft strategy.

These  “phishing” attacks are “pretty much are blasted out in shotgun fashion to any and all email addresses known to the world or picked up through any one of millions of data breaches,” said Steve Ward, senior director for iSight Partners, a security intelligence firm that has tracked Russian hackers for years.

But even cyber criminals will target high-ranking officials. Senior federal workers are likely peppered daily or weekly with similar attacks on both their personal and government email accounts, experts agreed.

“People in our government suffer under a constant barrage of those type of attacks,” Ward said.

Access to these accounts can go for exorbitant fees on the black market, said Tom Kellermann, chief cybersecurity officer at security research firm Trend Micro, which released a report last year on Pawn Storm, a likely Russia-based cyber espionage campaign snooping on government officials.

But in the last few years, these cyber gangs are increasingly acting as patriotic cyber militias, agreed several researchers. Directed or not, these groups are going after intelligence targets on behalf of Moscow and handing over their findings.

“There is a dramatic fervor in those guilds of thieves,” Kellermann said.

That means even a criminal intrusion into Clinton’s system could have given foreign adversaries a foothold in the email account.

From there, foreign spies could potentially hop into the State Department network through an outgoing email, which would appear as a trusted sender to the government system.

For cybersecurity specialists, this highlights the security shortcomings of Clinton’s arrangement.

“You’ve got to ask yourself whether or not those systems, from the desktop all the way up, are protected by the same types of controls that you would find inside the government domain,” Ward said.

Most, including Ward, agreed this is almost impossible. For starters, the government has a large information technology staff conducting 24-hour monitoring.

There’s no evidence hackers infiltrated Clinton’s account or the government system using the phishing emails. But finding such evidence on a private server might be difficult, said David Kennedy, CEO of information security company TrustedSec.

“These are the exact problems we have when someone has a rogue IT infrastructure where you have no logs, no way of going back and telling, and no way to prove it,” he said in an email.