randombio.com | commentary
Tuesday, September 06, 2016

Email and operations security

Why is Hillary's home-brew email server such a big deal?

W ith Donald Trump looking more presidential every day—his new border policies are a mature and thoughtful appraisal—more attention is falling on the weaknesses of his opponent, Setesh the Destr— er, Hillary Clinton.

Clinton's biggest problem is her email debacle. Lack of operations security might not seem like a problem to politicians in a quest for power, but for a Secretary of State to be unaware of it betrays a colossal failure of judgment.

It is instructive to recall how insecure communications have harmed American interests in the past. One such occasion was in the Vietnam conflict. James Bamford wrote about it in 2001 in his second book on the NSA, Body of Secrets.

Bamford wrote that our lack of information security in Vietnam cost many American lives and helped ensure our ultimate failure to prevent a communist takeover. He described how Soviet trawlers like the Izmeritel would intercept encrypted signals off the coast of Guam, where B-52 bombers would take off on bombing runs. Traffic analysis of these signals enabled the Soviets to interpret the so-called Flash messages, which were transmitted in the clear on VHF.

A typical message would seem harmless, like “652 must be ready by 0900.” But combined with information obtained from traffic analysis and other means, the Soviets were able to piece together the flight numbers, munitions, and destination of our bombers, and gave this information to the North Vietnamese. Bamford wrote:

From the very beginning, American commanders had an arrogant belief in U.S. military superiority. They believed that the North Vietnamese ... were far too unsophisticated to make sense of U.S. communications networks. [p.312]

Bamford reported that the NSA's Purple Dragon program found that the North Vietnamese, knowing the locations of planned strikes, would evacuate well before the bombs were dropped, rendering them ineffectual. In another incident a lack of operations security cost the United States 58 men killed and 82 wounded.

Sendmail source code
Part of Sendmail v8.14.4 source code

The govt has learned these lessons well, but people still expose vital information either deliberately or through carelessness.

These days everyone needs to know how to keep their information secret. If you run a small mail server you know keeping it secure is no trivial task. It requires constant monitoring of databases such as Bugtraq and patching of crucial services: software elements that must work together to keep the login information, as well as the email text itself, securely encrypted. Ten years ago, when I was doing it for our little company, I learned that the biggest obstacle was the users who insisted on using insecure protocols.

One was my boss. He insisted on using telnet, a protocol that sends passwords in the clear, to read his mail. Nagging him to switch was pointless. It was only when I was brought back in to upgrade the system that I could force him to switch by letting him think the new operating system no longer supported telnet.

But if it was time-consuming to keep that company's humble little system running, after I left I watched with horror and no small amusement how a series of computer professionals that followed me was unable to perform even the simplest of security tasks.

We found that none of them was able to rebuild the mail server, a task that requires a one-line command. One, no doubt frustrated beyond endurance, recursively set the permissions on every file—all 655,000 of them—to 777, which meant that (a) nothing worked (the technical term was ‘hosed’) and (b) every user was able to read and modify every file on the system, including the shadow file where the encrypted passwords are stored in Unix.

This showed me that even professional IT companies with sterling reputations rely mainly on appliances and canned software packages instead of knowledge. It is enough of a challenge for them to keep from accidentally trashing the system. Most have no clue how to handle or detect, let alone prevent or defeat, an intrusion. They tend to block everything except HTTP and email, which can make people think they need to break the rules to get their jobs done.

Users complain, as did the Americans in Vietnam, that security stuff is too cumbersome and time-consuming to use.

Thus even on a well secured system, the biggest security risk is the users themselves. A user can click on some website and unknowingly install a piece of software or a script that, when executed, allows remote access. In Windows, which Hillary was apparently running, until quite recently this could happen without the user's knowledge.

Security experts will tell you that intruders with the resources of a nation-state are nearly impossible to keep out. Even if the server were configured perfectly, with up-to-date certificates and well patched software, security can be compromised by an unencrypted fiber connection, a router compromised at the factory or at the border, or a dozen other ways. The security challenges of a system facing an adversary like Russia are orders of magnitude more serious than the puny script kiddies I battled with. So are the stakes.

Comey and the FBI might not care, but these are undoubtedly the reasons that, at least until now, the government vigorously prosecuted anyone who did what Hillary Clinton did.

Edited sep 07 2016, 3:47pm

Related Articles

Hillary's Short Circuit
A circuit analysis suggests it is not a short circuit, but a bad capacitor.

Traumatic brain injury and paroxysmal coughing
Traumatic brain injury and paroxysmal coughing don't add up to a single malady. Or do they?

Hillary's Amazing Iowa Coin Toss
There's a two-headed monster in Iowa, and it's not Hillary

Hillary plans ahead, wears orange jumpsuit
Pantsuit on fire

On the Internet, no one can tell whether you're a dolphin or a porpoise

book reviews