There’s little doubt foreign intelligence agencies penetrated the Blackberry smartphone used by then-Secretary of State Hillary Clinton to access her personal email server from overseas, security experts said this week.
“I am 99 percent sure her phone was compromised,” said Nigel Jones, CEO of smartphone encryption tool developer KoolSpan.
Jones and other experts were interviewed by FedScoop after FBI Director James Comey told reporters that the presumptive Democratic presidential candidate had “used her personal e-mail extensively while outside the United States, including sending and receiving work-related e-mails in the territory of sophisticated adversaries.” They drew their conclusions based on their own and customers’ extensive experiences.
“We assess it is possible that hostile actors gained access to Secretary Clinton’s personal e-mail account,” said Comey.
But the experts had few doubts. “Espionage of this sort is always happening. It is, I think, an assumed reality for most people in her type of position. The fact that she was likely aware of that risk and yet was so careless, according to the FBI, is ridiculous,” said Jones.
Jones said that foreign intelligence agencies and sophisticated hacker groups have the capabilities to access an insecure smartphone’s stored data, data in transit and hardware functionality like turning on a camera or microphone.
In a country like China, where the government owns the country’s telecommunications network, an intelligence service wouldn’t even have to “hack” the smartphone in question in order to monitor a user’s communications. Rather, they could simply intercept a device’s outflow as it crosses the network, explained Jones.
Jones’ firm, KoolSpan, sells encryption hardware and software to protect diplomats’, foreign governments’ and business executives’ communications from surveillance and interception.
Vic Hyder, chief strategy officer for encrypted communications firm Silent Circle, agreed with Jones, explaining that anywhere Clinton traveled her devices would have been target to surveillance.
“Political leaders should be operating and communicating on approved and secured systems at all times, period,” said Hyder, a former Navy SEAL special operations officer.
Clinton used a personal BlackBerry which was likely much less secure than those issued by the State Department, Politico reported last year citing unnamed former State Department officials and executives.
Clinton brought this same smartphone on State Department-related trips to Vietnam, Brazil and South Korea, according to Politico — based on a review of press pool photos — but it was not seen during trips to Russia and China.
At the time, a Clinton representative told Politico that, “The State Department took technical security for the entire traveling party very seriously” though a State Department spokesperson declined to name specific security standards required for the mobile phones of employees.
Comey on Tuesday, said that Clinton used “several different servers and administrators of those servers during her four years at the State Department, and used numerous mobile devices to view and send e-mail on that personal domain.” It is unclear which of these devices, if any, carried cybersecurity software to thwart foreign spies from accessing data.
The State Department, in a court filing during a civil case filed by the nonprofit conservative watchdog group Judicial Watch, said the department did “not believe that any personal computing device was issued” to Clinton.
In a 2009 email that was later revealed to the public — as part of a larger document dump — Clinton complained that she was restricted from carrying her Blackberry on the State Department’s confidential offices on the seventh floor because the device was deemed insecure.
“I cannot stress too strongly … that any unclassified Blackberry is highly vulnerable in any setting to remotely and covertly monitoring conversations, retrieving e-mails and exploiting calendars,” Assistant Secretary of State for Diplomatic Security Eric Boswell warned Clinton according to a memo obtained by Judicial Watch.
Later in 2013, video obtained by Fox News showed Undersecretary of State for Political Affairs Wendy Sherman discussing Clinton and her aides’ use of unclassified systems — personal Blackberrys — to send and receive classified information abroad.
Clinton’s camp has repeatedly declined to provide details regarding the security conditions surrounding the former secretary of State’s smartphone and email servers.
Clinton’s smartphone would have needed to employ several key security measures to effectively block foreign spying efforts abroad, Jones said.
He described them as end-to-end encryption — software capable of defending data in transit, like emails, texts and voice calls — and then the phone itself, or the hardware, should have been designed specifically to protect data stored on it.
A unique, likely custom-built telecommunication infrastructure — similar to what some U.S. embassies have installed — is the last piece necessary to block the collection of phone metadata, explained Jones, a former reconnaissance and communications officer in the U.S. Marine Corps.
During Tuesday’s bombshell FBI press conference, Comey said that while there is no direct evidence that hackers penetrated Clinton’s email server, the FBI also cannot definitely say it never happened. If a hacker were to break into either Clinton’s email or smartphone, there may not be a smoking gun, in the form of evidence something was actually stolen, according to Jones.
To contact the reporter on this story: send an email via firstname.lastname@example.org or follow him on Twitter at @Bing_Chris. Subscribe to the Daily Scoop to get all the federal IT news you need in your inbox every morning at fdscp.com/sign-me-on