In the depths of the hacker and IT-blogger community, a skirmish has broken out over the nature of Hillary Clinton's email server -- a debate that could have profound implications for national security during Clinton’s tenure as secretary of state, and for investigators hoping to mine her emails for evidentiary purposes.
The questions center on where, exactly, Hillary Clinton’s email server is, or was, physically located; which private-sector firms may have been hosting it; and how secure Clinton’s emails were at any given point.
Why does the physical location matter? Because if the server was not in Clinton’s home, and was maintained at some other site, then the secretary of state and the Diplomatic Security corps that guarded her were not in physical control of her server. This would have raised the possibility for compromise of Clinton’s account, either from an inside job, carried out by the very firm retained to host the server, or from external actors that could range from the Kremlin to China to independent hackers.
In a March 6 post on his blog “And Still I Persist,” Bruce F. Webster, an IT expert with 30 years’ experience, and who has spent the last 15 years testifying on IT issues in civil litigation, posed the question “Where is (or was) the Clinton e-mail server?”
Webster faulted news media organizations for failing to follow up on the Associated Press’ March 4 story that reported that Clinton’s private server was registered to her home address in Chappaqua, with the name of “Eric Hoteham” attached to it. Writes Webster:
I have yet to find any news story that independently confirms the initial AP report, which itself appears to be based more on registration records for a particular static IP address (220.127.116.11) than actual evidence of the existence and location of a physical server. While those records contain the Clintons’ home address and the name ‘Eric Hoteham’, they don’t prove that this static IP address was ever in use at their home: one should not confuse a point-of-contact address with the actual location….[A]s far as I can tell, Clinton associates have never confirmed or denied the actual existence of a dedicated e-mail server hosting clintonemail.com at the Clinton home. It has been the media that has [sic] simply assumed the AP story to be accurate and has moved on from there.
Examining the “IP address history” of clintonemail.com, Webster concluded there was “strong evidence” that Clinton’s domain had been hosted by two successive private-sector firms: ThePlanet.com, now known as SoftLayer and acquired in recent years by IBM; and Austin-based Confluence Networks, which Webster describes as “a hosting firm of very, very dubious provenance and management, to say the least.”
This last conclusion would be of significance, if it were true that the reputation of a private-sector host was so poor as to raise questions about the security of Clinton’s emails. As to the physical location of Clinton’s server, the possibilities are very limited, as Webster writes:
- It was, in fact, located in the Clinton home in Chappaqua, though no evidence has been provide that it was.
- It was located in a private office somewhere near Chappaqua, although again there is no evidence to that extent.
- It was hosted by an external hosting firm — based on network records, first at ThePlanet.com and then at Confluence Networks. As pointed out in my prior article, in both cases, there are strong indications that the actual hardware would be in Texas.
"There are strong security issues for all the solutions," Webster wrote. "... If the e-mail server was really located in the Clinton Chappaqua home, was it left as a stand-alone server, or did anyone ever use it as a regular PC: reading e-mails, browsing the web, etc.? If the latter, then you have the very real possibility of malware being installed on the e-mail server itself. If the e-mail server was hosted in a private office somewhere, then it would need round the clock physical security. Who would provide that? The Secret Service? The State Department? Private contractors? If the e-mail server was hosted by an external hosting firm, then you have lost physical control of the server itself and have to depend upon the server farm facilities and operators to provide security."
He added that since Clinton used this email exclusively, "there is a very good chance that foreign intelligence agencies became aware of it very quickly. ... And if the server was physically hosted in an industrial park somewhere in Texas (which matches another address associated with Confluence Networks), I’m willing to bet [foreign governments] could find their way in, particularly given that they had a few years to do so. So, once again, we’re back to a critical question: where was the Clinton e-mail server physically located? This is a question whose answer is, quite literally, a matter of national security."
In a March 7 post entitled “Confluence Networks Responds,” Webster posts the complete text of “panicked” message he received from Confluence, in which the firm stated flatly: “We do NOT and have never hosted the EMAIL for clintonemail.com, or that matter for the other MILLIONS of domain names that point to our infrastructure at any given point of time.”
Fox News, based on information from a source in the hacker community, reported last week that Clinton created multiple email addresses under the same domain.
That hacker, reviewing Webster's analysis, told Fox News that Webster "is doing some good research" but that information relating to IP addresses and DNS (domain name server) firms "should be viewed skeptically ... particularly in relation to such a high profile domain as clintonemail.com now is" because those records and addresses associated with domains "are fungible and quite hackable."
The hacker also found a number of new email addresses appear to have been created for the clintonemail.com domain just since Fox News published the report. Now appearing alongside the real addresses, such as email@example.com and the others Fox News revealed, are a number of new addresses that are clearly the work of hacker-prankster types. These faux addresses include firstname.lastname@example.org, BigDogWillyC@clintonemail.com, and one that is unsuitable for publication. The hacker told Fox News these fake emails are an example of why IP and DNS data are so “fungible and quite hackable.”
Webster, for his part, accepted the criticism of the hacker source and is updating his blog accordingly. Their consensus is that Confluence Networks may once have been where clintonemail.com was “parked,” but that the company’s declaration that it was never the host for Clinton’s server should be accepted at face value – even if, as Webster noted in an email to Fox News: “For a company that parks over a million domains, they provide very little information about who they are, who owns them, etc.” A cursory review of Confluence Networks’ rather primitive-looking website appears to bear this out.
But Webster stresses the public still does not know the physical location of Clinton’s server, and because of that, does not have a firm handle on how secure its email contents were.