Slashdot Mirror

← Back to Stories (view on slashdot.org)

Clinton's Private Email Was Blocked By Spam Filters, So State IT Turned Them Off (arstechnica.com)

Posted by BeauHD on from the spam-folder dept.

An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.

37 of 268 comments (clear)

  1. Typical . . . by Anonymous Coward · · Score: 5, Insightful

    big boss tells IT to do whatever it takes to make THEM happy, even if it violates policy. Same story everywhere.

    1. Re:Typical . . . by Anonymous Coward · · Score: 5, Insightful

      No, both the boss and IT work for the organization. U fail big time.

    2. Re:Typical . . . by David_Hart · · Score: 2

      This article is beyond stupid

      Configuring trend micro to allow email when you know the fucking domain that it is coming from in no way requires that it be turned off entirely

      At the very most somebody could have tried to spoof the Clinton domain, but, apparently, judicial watch was not bright enough to understand the situation

      I have to wonder whether what is being described in the article is actually what happened or if the tech speak is being misinterpreted as to what was actually done, which is quite common. I agree with you, there are usually ways of allowing email from domains or from specific mail servers to be white listed. It is possible that the techs didn't know how to do this but the vendor should have been able to help.

    3. Re:Typical . . . by Tuidjy · · Score: 4, Interesting

      I have done it, literally, multiple times. I am the IT director of a privately owned manufacturing company. I report directly to the owner, and "this will be back for the company" is my trump card. Of course, I do not use it all that often, and of course, before I play it, I write page long arguments why I think so.

      So, yes, a IT head duty is exactly to explain to his boss why something is a bad idea. Of course, I will obey an order from the owners to do something - it is their company, and they will bear the losses. But as I have explained to them, maaaaybe in not these exact words, if they think I don't know how to do my job, maybe they should hire someone whom they think know how to do it better.

      Has my career ground to a halt? Well, I've had the position since 1997. So I guess it is technically halted. But I honestly do not mind where I am.

      --
      No good deed goes unpunished...
    4. Re:Typical . . . by Tuidjy · · Score: 2

      Damn, I should have previewed what I wrote before I posted it. I have trouble taking myself seriously, what with the "back" instead of "bad", the incorrect use of "whom", etc... I'm too old to be posting from something without a keyboard.

      --
      No good deed goes unpunished...
    5. Re:Typical . . . by Sax+Russell+5449D29A · · Score: 2

      IT serves the business, business doesn't serve IT. That's right. But there are often certain policies that are in place as required either by *law* or by company's own policy. Higher management often tries to force their way through these policies without proper procedure, and it usually causes problems. One example would of course be the management demanding certain type of data to be migrated to a foreign cloud-based platform, which in many cases is either illegal or against company contracts with customers.

      --
      -SR
  2. Trend Micro in the US Government? by damn_registrars · · Score: 4, Interesting

    I thought the US government was concerned about Chinese made technology potentially giving up important information to the Chinese government. How is Trend Micro allowed in the State Department?

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:Trend Micro in the US Government? by MiniMike · · Score: 5, Funny

      How is Trend Micro allowed in the State Department?

      It was authorized in an email directly from Hilary.Clinnton@state.us.gov.cn

  3. Whitelist by stabiesoft · · Score: 5, Insightful

    I run my own server for my tiny company. I've spent maybe 40 hrs total configuring spam. I have options to whitelist, blacklist, auto greylist, and various other options. It is inexcusable they can't do simple whitelisting by IP.

    1. Re:Whitelist by khasim · · Score: 4, Interesting

      The worse issue is that her server wasn't setup with a certificate. So no startTLS option.

      So all the emails she sent to it were sent IN THE CLEAR.

      So yeah, it seems like idiots all around this issue. None of them understood email or security or anything more than click-here-to-make-blackberry-work.

    2. Re:Whitelist by ebonum · · Score: 3, Insightful

      They couldn't simply white list her IP. It is a little know fact that her server was on a home connection and she had a dynamic IP. However, the IT team was surprised to learn that bitch.dnsdynamic.com was available for DDNS.

      (all my facts may or may not be of a questionable source and I preemptively plead the 5th)

    3. Re:Whitelist by Aighearach · · Score: 2

      It apparently all boils down to the dream-world of politicians only carrying one device. Just carry two devices. People are learning.

      It is understandable not to want private emails to get released.

  4. Re: I had problems with State's spam filter, too by Anonymous Coward · · Score: 2, Interesting

    So THATS why the Clinton's State Dept never sent help to Benghazi!

  5. Re:This wouldn't even be news by Anonymous Coward · · Score: 2, Insightful

    If it was anyone else. Executives at IT always demand crap like this.

    Yes. IT peons are often overruled by executives.

    But in this case, when this executive demanded crap like this, it was illegal.

    Clinton should go to jail.

  6. Conniving bitch by Anonymous Coward · · Score: 2, Insightful

    What a conniving bitch.... intentionally breaking the law and intent of the law.

    SHE SERVES US.

    This is all just her usurping the processes that we put in place to monitor the servants who serve us.

    At this point it's literally contempt for the American people's right to read the email of a public official.

    She disgusts me.

  7. FOIA requests by bangular · · Score: 5, Insightful

    She did this to skirt FOIA requests. I'm not sure why there aren't any major news agencies with the balls to say it.

    1. Re:FOIA requests by SensitiveMale · · Score: 5, Insightful

      She did this to skirt FOIA requests. I'm not sure why there aren't any major news agencies with the balls to say it.

      The majority of those news outlets want her to win.

      And are willing to help her any way they can.

    2. Re: FOIA requests by eatvegetables · · Score: 2

      I've seen several reports on this topic. INAL. However, the reason that this topic doesn't come up with great frequency is that the max penalties are quite minor, I believe. According to my understanding, she could be charged for maintaining an unregistered system of records. The penalty is at most a misdemeanor and fined not more than $5,000. Any other penalties would be civil in nature. Feel free to correct me if need be. The criminal penalties for mishandling classified information are probably far more substantial.

    3. Re: FOIA requests by KenHansen · · Score: 2

      What was "found" in the 50k emails she released

      No, 50K pages , not 50K emails... And we know how many pages there were because her lawyers 'helpfully' printed each out as PDFs that had to be scanned and indexed.

    4. Re:FOIA requests by bmo · · Score: 2

      She'll likely win it, but not because she's liked.

      The only reason why she'll win is that the R side is just so horribly /bad/. Indeed the justification by a lot of Clintonistas is that they hold up the spectre of a "Trump Presidency."

      >megathatcher

      I love this term. Consider it stolen.

      >Bernie's kid-gloves treatment of her

      This is the most disappointing part of it. He could have annihilated her in ads using her own words and record. "But that's negative ads" and he pledged to not do negative ads. All the while she's killing him in the media with rumors and nonsense.

      I'm gonna go vote for Jill Stein. She's not gonna win, but I'll be damned if I'm going to vote for evil or more evil (YOU try and figure out which one is which here. Clinton has /done/ more evil than what Trump talks about. So like, what's the choice here? Devil you know or devil you don't? Fuck. That.)

      --
      BMO

    5. Re:FOIA requests by Tablizer · · Score: 2

      She did this to skirt FOIA requests.

      Um, do you have direct evidence of this motivation, or do you claim to be a mind-reader?

      --
      Table-ized A.I.
  8. BINGO by Kludge · · Score: 2, Interesting

    This is probably the reason that Clinton was using her own email server: the government email systems sucked because they were run by incompetent people.
    Does this "excuse" Clinton? I don't know. But at least she did what she needed to do to get shit done, which is more than what you can say about many people in government.

    1. Re:BINGO by SensitiveMale · · Score: 5, Insightful

      This is probably the reason that Clinton was using her own email server: the government email systems sucked because they were run by incompetent people.

      Really? Look, I'm no fan of the govt, but I seriously doubt that the email admin for the State Department, The State Department of the United States, is incompetent.

      Now the person that set up Clinton's open email system in her bathroom, yeah. I believe he was incompetent.

    2. Re:BINGO by dfenstrate · · Score: 4, Insightful

      You're free to advocate prosecution of Colin Powell if you wish. Nothing Powell did, legal or illegal, exonerates Hillary Clinton.

      --
      Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
    3. Re:BINGO by Anonymous Coward · · Score: 5, Insightful

      There's a huge difference between Colin Powell and Hillary Clinton: by the time Hillary Clinton was Secretary of State, email had become the standard way to do things, there was an email system all set up for her, and there were regulations requiring her to use the official email system unless she had a good reason to do something else (and to routinely use her own email system required approval she never asked for and never got).

      Colin Powell says he didn't send or receive classified information. Recently, a grand total of two emails that were sent to him were "retroactively classified" (to use Hillary Clinton's term). Neither of the two were classified "Secret" or above. In comparison, of Hillary Clinton's known emails, over 2100 contain classified information, 65 "Secret", 22 "Top Secret" (source)

      In 2005, after Colin Powell but before Hillary Clinton, rules were developed over use of email. Colin Powell couldn't have broken them as they were put together after he was already gone, but Hillary Clinton absolutely broke them. She avoided using an official account set up for her to use, and went to great lengths to continue to use it rather than the official one. And she was required to take a training course every year about how to properly keep secrets, but there is no evidence she did so. She took the class once right after she got the job and then never took the class again.

      And of course, even if Colin Powell was guilty of the exact same crimes as Hillary Clinton, that still wouldn't excuse her.

      And it's obvious to anyone with common sense what her motive was: she wanted to control access to her emails. Some of her email could be embarrassing if someone read it (after filing an FOIA request) so she wanted to make sure there were no official copies of anything she didn't like. She committed conspiracy to avoid keeping Federal records that she was legally required to keep.

      If you are willing to excuse Hillary Clinton for this kind of egregious lawbreaking, then you will have no moral right to complain later when President Trump does something just as bad. We're geeks here in ./ and we understand well enough to damn well know why what she did was stupid as well as illegal and wrong. Don't give her a pass for immoral behavior just because she is on your side. If you have to hold your nose and vote for her because you really really just can't even Trump, then fine and dandy, but just admit it to yourself: you would be voting for someone willing to break the law and lie about it (as proven by this email controversy).

      http://www.weeklystandard.com/why-colin-powells-emails-are-not-like-hillarys/article/2000949

      https://www.washingtonpost.com/news/fact-checker/wp/2015/03/10/the-misleading-democratic-spin-on-hillary-clintons-emails/

      http://townhall.com/tipsheet/guybenson/2016/02/05/no-the-powell-and-condi-classified-emails-story-is-not-a-gamechanger-n2114842

    4. Re: BINGO by mveloso · · Score: 3, Informative

      Specifically, Powell et al did NOT run their own server. They used commercial providers like Google and yahoo. I guess Hotmail was just too cheesy.

    5. Re:BINGO by Whatsmynickname · · Score: 2

      Want to know the best part? If Hillary becomes president, she will BE IN CHARGE of ALL of government security. Ponder that while discussing her use on non-secured email servers. Hillary trolls, here they come!

    6. Re:BINGO by khallow · · Score: 2, Insightful

      If you are willing to excuse Hillary Clinton for this kind of egregious lawbreaking, then you will have no moral right to complain later when President Trump does something just as bad.

      Morality as well as objectivity goes out the window with politics. Instead, we should be asking, would we want our worst enemies to get away with what Clinton did? Ten years from now do we want every stooge and crony to have their own personal servers and absolutely no accountability for all the resulting emails that are never archived by the government?

      If your team gets away with something, then anyone can do the same. And there are some real nasty pieces of work out there.

    7. Re:BINGO by Coren22 · · Score: 2

      Since you are too much of a political minded person to understand it, I don't foresee this changing your mind, however, here are the laws which she broke.

      https://www.archives.gov/about...

      She also broke laws having to do with notification of classified leakage, and encouraged her interns to commit felonies which are recorded in emails she handed over.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  9. The real Nigerian Princes couldn't get through by trout007 · · Score: 2

    How else was she supposed to get bribes from all of those Third world nations with a normal spam filter?

    --
    I love Jesus, except for his foreign policy.
  10. Re:Whiskey Tango Foxtrot. by chadenright · · Score: 2

    1234?

    Thanks to great advances in security, we've adopted a new password which is over twice as secure: 12345

  11. Re:Whiskey Tango Foxtrot. by davester666 · · Score: 3, Insightful

    Of course, the luggage still opens with 1 of 7 keys, which can be 3d printed at home, since some moron at the TSA allowed all the keys to be photographed and published in a national magazine.

    They definitely don't pick from the top shelf when stocking the TSA with talent...

    --
    Sleep your way to a whiter smile...date a dentist!
  12. Re:Hillary for prison 2016! by David_Hart · · Score: 2, Insightful

    Hillary for prison 2016!

    And yet, having your own email server wasn't against the law... So, good luck with that...

    I'm not a Clinton supporter, but I do believe in a fair representation. What she did was against the spirit of the law and certainly shows an attempt at keeping communications private that should be part of the public record. But there is no proof that anything that she did broke the laws as written.

    http://www.npr.org/sections/it...

  13. Many (most?) wouldn't be. Including the top secret by raymorris · · Score: 2

    Obviously the emails containing top secret information wouldn't be subject to FOIA, and there are about a dozen other exceptions to FOIA, some of them quite broad.

    * No, instructing her staff to remove the "Top Secret" marking from the document does NOT make the information no longer top secret. It only means she committed an ADDITIONAL crime.

  14. Actually he died of smoke inhalation... by StevenMaurer · · Score: 2

    ...in the safe room. But I'm waiting until you write your "tell all" book, declaring how Hillary personally ordered his murder because he was her gay lover, her being one of those weird Japanese hentai women with male organs

    I'm sure you'll make a million dollars or so scamming all the wanting-to-believe teabaggers, and prompt some GOP congressman to ask very strange questions next time she's up on the Hill.

  15. IQ test by Smiddi · · Score: 2

    I cant believe that Americans actually have this woman as a presidential option. If she cant even follow basic security principles, imagine the non-compliance and disregard for laws and rights if she was the president? With the two main candidates being Trump an Hillary, the rest of the world is thinking that the US citizens just failed a simple IQ test.

  16. Only some DOS material. But she didn't by raymorris · · Score: 2

    The Secretary of State -could- declassify some State materials. She can't declassify any material from agencies outside DOS. But she didn't declassify it. It remained classified as it shared classified information with friends, and sent it in the clear over the internet to her house.