Slashdot Mirror
Hillary Clinton Used BleachBit To Wipe Emails (neowin.net)
An anonymous reader quotes a report from Neowin: The open-source disk cleaning application, BleachBit, got quite a decent ad pitch from the world of politics after it was revealed lawyers of the presidential hopeful, Hillary Clinton, used the software to wipe her email servers. Clinton is currently in hot water, being accused of using private servers for storing sensitive emails. "[South Carolina Representative, Trey Gowdy, spoke to Fox News about Hillary Clinton's lawyers using BleachBit to wipe the private servers. He said:] 'She and her lawyers had those emails deleted. And they didn't just push the delete button; they had them deleted where even God can't read them. They were using something called BleachBit. You don't use BleachBit for yoga emails or bridesmaids emails. When you're using BleachBit, it is something you really do not want the world to see.'" Two of the main features that are listed on the BleachBit website include "Shred files to hide their contents and prevent data recovery," and "Overwrite free disk space to hide previously deleted files." These two features would make it pretty difficult for anyone trying to recover the deleted emails.
Slashdot reader ahziem adds: The IT team for presidential candidate Hillary Clinton used the open source cleaning software BleachBit to wipe systems "so even God couldn't read them," according to South Carolina Rep. Trey Gowdy on Fox News. His comments on the "drastic cyber-measure" were in response to the question of whether emails on her private Microsoft Exchange Server were simply about "yoga and wedding plans." Perhaps Clinton's team used an open-source application because, unlike proprietary applications, it can be audited, like for backdoors. In response to the Edward Snowden leaks in 2013, privacy expert Bruce Schneier advised in an article in which he stated he also uses BleachBit, "Closed-source software is easier for the NSA to backdoor than open-source software." Ironically, Schneier was writing to a non-governmental audience. Have any Slashdotters had any experience with BleachBit? Specifically, have you used it for erasing "yoga emails" or "bridesmaids emails?"
I really can't find something to bitch about here. Sure, Clinton sucks, but the big knock against her and her email server was that she wasn't secure enough with it. Then, when she does do something secure, the knock is "See, she is so secure she must be hiding something!" Sorry, you can't bitch when she isn't secure and then bitch when she is. Was she hiding stuff? Most probably, since all politicians are. Do I trust her? Not a chance. But you can't set up a now in scenario as your reason for not liking her. You can't bitch about insecurity and then bitch about too much security at the same time.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
I used DBAN routinely in 7 wipe mode. I'd be surprised had she not chosen something like that in spite of the cloth remark.
But any time you stop using a hard drive you should clean it. I have probably 6 hard drives on a shelf in my house because I've replaced them with larger or faster drives. Each one has had the free space randomized twice and then set to all zeros afterward. Bank info, taxes, official (unclassified) work files, all of those have been on them in some variety at some points, and if they are ever disposed, I don't want any of that to be easily recoverable. I have never used it to destroy evidence when it was requested by investigators, as I am not a wealthy and powerful person, I would end up incriminating myself by doing so.
But I can say that something like this isn't too surprising, assuming you hired a lawyer with a brain in his/her head. They really like the idea of deleting evidence that could be used against you in a court of law, if they're hired to work FOR you.
This is why businesses are being pushed to start purging all of their employee's email on a regular basis. They want to preserve that plausible deniability and ensure some former employee didn't say something in a company email you weren't aware of that winds up costing you $'s in a lawsuit.
If this is an attempt to discuss if Clinton is guilty of anything or not with running her own private mail server? I think the answer to that is really pretty obvious.... Yes, of course she is. If any of us worked for an employer who provided us with a company email system for use with company-related things and we just decided to conduct business via our personal Gmail accounts, or some home-brew Linux server? How long do you think we'd stay employed there once that was realized? In a case like hers, it's only magnified as a problem because we KNOW she was allowed to handle classified content in her mail. So the hunt is on to prove she actually possessed some of that on this unofficial server. And if her lawyers did their jobs properly, there won't be much concrete proof that she did so, or at least that she ever accessed it once it was sent out. That doesn't make her less guilty though .... just smart enough to dodge some legal repercussions for her behavior.
no, the responsible thing to do is to turn it over to the justice department and let them fucking shred it.
Let me try. First, her entire purpose in having said private email server was explicitly to protect her privacy - something she is very sensitive about. The issue, and what separates her situation from that of Colin Powell, is that she used that server for both personal and official email exchanges. This defies both basic common sense and several applicable federal laws - laws which were *NOT* part of the recently concluded FBI investigation. That investigation was about the content of the emails and their classification, NOT - again - the real violation of law and common sense. Bottom line is that her credibility is in question because of a series of actions, all attributable to her paranoia and penchant for secrecy.
Hillary Clinton co-mingled personal and official government communications on her private email server. All of those communications are subject to the Federal Records Act and the Freedom of Information Act.
Her personal emails ceased to be personal when she co-mingled them with official government communications. HRC and her lawyers were not authorized to decide what is relevant to FRA and FOIA and what is not.
HRC and her lawyers deleted 30,000 or so emails that are not recoverable - therefore she is in violation of both the FRA and FOIA.
HRC should be, at the very least, in front of a jury to answer for her actions.
we're also not the ones who mixed her personal and professional lives. she is.
she's the public face of the state department, which has policies in place to make sure that their correspondence are both secure and archived... so people can go back and look into them to make sure everything is aboveboard.
she sacrificed her right to privacy on her private correspondence when she conducted professional business on the same server.
i don't want to see her fucking wedding photos, but i want someone to make sure that she wasn't selling access to the office of the secretary of state of the united states. and if someone with clearance in the justice department needs to comb through 4 years of "private" emails to make sure, then she has only herself to blame.
I can't believe her campaign signs are "4 her" and not "4 us". Pretty much says everything you need to know. There are laws 4 us, and there are special exceptions to those laws 4 her.
Powell used an aol account.
He did NOT put a private server in his house!
Same for Rice. Powell used it for non-state NON-classified business.
Hillary has lied so many times about this server, is is clear to any hones observer that she was hiding activities of corruption with the Clinton foundation and did not want FOIA to discover her activities.
Hillary was supposed to have government archivists sort through the mails, not her personal attorneys. That was a violation of the federal records act.
She had classified information on the server, despite assertions that she did not- caught in another lie.
She said all work related mails were turned over. Another lie- the FBI found thousands of work related mails not turned over, including classified.
They intentionally destroyed data while an investigation was underway. If it was a Republican that got caught doing it, you'd probably go nuts about it. As it is, it's disgraceful for Slashdot to post this in the late afternoon on a Friday when people are going to be less likely to see it.
This isn't mud slinging. This is technology news about obfuscating forensic evidence in practice on a technology website.
Did you run shred on a server after the FBI said it wanted the data on it?
Yes it does, read the laws. There is a Navy person who facing 20 years to life for disposing of a phone which had his picture while inside the sub. That is one of the more extreme cases, but it's literally a Web Search to prove you are wrong (shill?) Intent comes in to play _only_ for the penalty.
It's easy to criticize. What do you propose as an alternative?
Because your options this election are:
1) Clinton
2) Trump
3) Throwing your vote away
Yeah they all suck. But those are your options.
"Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
This isn't mud slinging. This is technology news about obfuscating forensic evidence in practice on a technology website.
Your statement is mudslinging.
Whether the secure wipe was used as a simple matter of Best Practice, or was done for Nefarious reasons, is not known. So when the article makes judgements such as "When you're using BleachBit, it is something you really do not want the world to see." it becomes a political mudslinging story.
I don't personally use this software, but I personally always securely wipe any drive which I'm done using. Even if there's nothing on there, even if it only contains "yoga emails" or etc.
The disturbing thing to me is that this article is all but using the "If you have nothing to hide, you wouldn't use secure wipe methods" line of bullshit. Using strong encryption, secure wipe software, etc. should not be allowed to be seen as a "shady" or "suspicious" activity- it should rather be seen as the Intelligent and Normal way of doing things.
Just how blatantly obviously criminal does Hi-liar-y have to get before enough of the brainwashed American masses finally start to figure it out and she becomes unelectable?
I mean at some point even her levels of dirty money can't pay off the obviously corrupt US legal system to keep her out of jail any longer right?
No.
You're in this shit because the FPTP electoral college system makes a two party lock-in inevitable.
- The last time a "third party" gained traction was 1860, with Lincoln's Republicans. There is a reason it hasn't happened since.
The system is broken. And the two-party duopoly has no interest in fixing it.
I'm sorry but acting like things would get better "if only more people voted for better candidates" is a hopelessly naive pipe dream. That requires viable 3rd party candidates, and the US system makes that effectively impossible.
So I'm afraid I must repeat (and I take no pleasure in saying this, believe me) your only three options this election are Trump, Clinton, or throwing your vote away.
Of course Clinton is horrible. But would you prefer Trump?
"Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
I know a rather large number of people that use secure delete or wipe tools.
It may be considered strange by computer neophytes and people that don't work with government computer systems, but it's pretty common for techies and government computer people with security clearance required jobs to employ that kind of software.
I guess the people that are making accusations over that are either ignorant, or disingenuous.
1. She put classified info on a private unsecured server where it was vulnerable, contrary to the law which she was fully advised of upon taking office.
2. She did all her work through that server, hiding it from all 3 government branches (congressional oversight, executive oversight, and the courts) and public FOIA requests.
3. When the material was sought by the courts and congress, she and the state department people lied under oath claiming the material did not exist (perhaps Nixon cronies should have all lied about tapes existing).
4. After her people knew the material was being sought, the server's files were transferred (by private IT people w/o clearances) to her lawyers (no clearances).
5. She and her lawyers deleted over 30000 e-mails, claiming they were only about yoga and her daughter's wedding dress (Nixon cut a few minutes of tape).
6. They then wiped the files with bit bleach (a step not needed for yoga or wedding dress e-mails). (Nixon did not degauss all his tapes)
7. They handed the wiped server to the FBI, and hillary publicly played ignorant with her "with a CLOTH?" comment (absolute iin-you-face arrogance against the rule of law) (Nixon did not hand tape recorders with erased tapes to the FBI)
Prove you are sincere, and not a total unprincipled partisan hack:
Are you a Nixon supporter?
Would you accept this behavior from Donald Trump or Dick Cheney?
Hillary Clinton's IT guy purchased an MS Exchange hosting contract from Platte River. The standard package came with a periodic backup to a Datto appliance, which takes snapshots of the Windows disk image several times a day. The appliance copies the snapshot to Datto's data center in real time. You can erase or even destroy the Windows machine drives and still use the snapshots to restore the disks to the snapshot of the time and date of your chosing.
The FBI confiscated the appliance from Platte River and seized the server from Datto. They have all the emails she sent and received since the start of her State Department tenure.
I guess the people that are making accusations over that are either ignorant, or disingenuous.
I prefer option 3, they are pointing out the peculiarity that, given all the other shit she's pulled, in this one instance, she chose to follow best practices.
A: "But anyone could hack in and see her emails, it's totally unsecure!"
B: "She used BleachBit."
A: "That proves she had something to hide!"
Being that Clinton didn't give a damn about securing the physical server and didn't give a damn about securing the messages sent through the server, it seems strange that she suddenly cares about security practices when deleting e-mail messages about yoga classes.
Oh, did I mention that deleting the e-mail messages would be considered an obstruction of justice if it were done by a typical citizen?
I guess the people that are making accusations over that are either ignorant, or disingenuous.
Here's the problem -- Clinton deleted these emails AFTER they were requested from the House as part of an official investigation. She chose to print out everything she claimed was relevant (probably to avoid giving away metadata in headers, etc.) and then effectively "burned" the server, including (by her lawyer's own admission) tens of thousands of messages.
FBI investigations have now come up with thousands of emails which were NOT turned over in that paper dump. How many could have been part of those that were deleted and then lost when the server was wiped? We'll never know. Many of them were likely deleted in error, with her lawyers not realizing which ones should have been retained as they were going through tens of thousands of documents. But were ALL of these official state department emails recovered by the FBI (now 15,000+) deleted "in error"?
That's what's troubling about all of this. We have no way of knowing whether there may have been significant spoliation of evidence here (that's the legal term for intentionally, recklessly, or negligently destroying evidence). If this were a corporation who had been issued a subpoena and they acted in this manner, and it was later proven that they "lost" over ten thousand relevant documents in the process of their destruction of "irrelevant" documents, they would likely face significant legal sanctions, perhaps even criminal charges.
Legally, the safe course in this instance would have been to put the server in a secure location with legal supervision by Clinton's counsel until the matter could be resolved. Clinton's use of BleachBit is not surprising here -- not because it's proper protocol to delete secure information, but because it's the only reasonable way to delete potentially incriminating evidence of spoliation (even if most of it was accidental or whatever). If they hadn't used a very secure deletion protocol, then Clinton's attorneys would have been doing a VERY poor job at protecting her legally.
Personally, I'm not sure it's likely there was any "evil memo" buried among the State Department correspondence that could prove anything. (And if there were, I'm not convinced Clinton realized it.) On the other hand, I'm sure she had a bunch of private email dealings that she wouldn't want to get out -- if for nothing else then for bad public relations. Hence the destruction of everything on the server -- it's in line with the privacy paranoia that likely caused her to set up the server in the first place. But could there have been worse stuff there too? Maybe. Doesn't seem like we'll ever know, though, does it?
Here's the problem -- Clinton deleted these emails AFTER they were requested from the House as part of an official investigation. She chose to print out everything she claimed was relevant (probably to avoid giving away metadata in headers, etc.)
In other words, she willingly destroyed information she was required to hand over.
The full Headers and all Metadata are part of the Record and part of the E-mail; If you are requested to hand over the e-mails: you have no right to exclude or remove headers, even if your standard e-mail software does not normally display the headers when you are reading the message.