- The Washington Times - Friday, October 2, 2015

Security experts believe eastern European cybercriminals may have been behind an attempt to hack Hillary Rodham Clinton in 2011 while she was secretary of state, but representatives for the presidential hopeful say no evidence exists to suggest the attacks were successful.

Emails released by the State Department on Wednesday revealed that Mrs. Clinton’s personal account was targeted by an apparent phishing campaign no fewer than five times on Aug. 3, 2011.

Messages sent to Mrs. Clinton that morning were disguised to appear as if they were official messages from a government agency in New York City, and each one included an attachment purported to contain a speeding ticket for infractions incurred in the nearby town of Chatham.

According to security researchers who have reviewed the attachments, the supposed speeding tickets actually were malware that could have given hackers access to Mrs. Clinton’s entire computer had she opened them up.

Experts who spoke to The Associated Press this week said the malware was designed to broadcast data from the would-be infected computer back to at least three servers overseas, including one in Russia.

Although investigators have failed to attribute the attack directly to the Kremlin, researchers say the phishing tactic employed against the former first lady has all the workings of an eastern European operation.

These attacks are “pretty much are blasted out in shotgun fashion to any and all email addresses known to the world or picked up through any one of millions of data breaches,” Steve Ward, a senior director for iSight Partners, explained to The Hill this week. Mr. Ward’s security firm has has tracked Russian hackers for years, and he said the style of the emails sent to Mrs. Clinton employ what the Hill qualified as “a common Eastern European cyber theft strategy.”

“We have no evidence to suggest she replied to this email or that she opened the attachment,” Nick Merrill, a spokesman for Mrs. Clinton’s Democratic presidential campaign, told AP this week.

“As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam,” Mr. Merrill said.

But David Kennedy, the CEO of information security company TrustedSec, told The Hill that Mrs. Clinton’s unique email setup leaves little clues as to what intrusions, if any, may have actually occurred.

“These are the exact problems we have when someone has a rogue IT infrastructure where you have no logs, no way of going back and telling, and no way to prove it,” he said.

John Kerry, who, like Mrs. Clinton, went from senator to secretary of state, said in September that “we’re living in a world where a number of countries, China and Russia included, have consistently been engaged in cyberattacks against American interests, against American government.”

“It is very likely” his email is read by spies acting on behalf of nation-states, he told CBS News in an interview, adding, “and I certainly write things with that awareness.”

Mrs. Clinton’s email correspondence while in office was compromised to a degree, but through no fault of her own. In 2013, a computer hacker using the alias “Guccifer” leaked a trove of emails addressed to Mrs. Clinton that had been sent by longtime confidant Sidney Blumenthal.

While the leak did not contain any emails pilfered directly from the account of the presidential hopeful, the messages contained sensitive information regarding the Sept. 11, 2012 terrorist attack in Benghazi and other international matters of interest to the secretary of state.

Marcel Lazăr Lehel of Romania has since been identified as the man behind the Guccifer handle and is currently serving prison time there. In an interview earlier this year, Lehel said he expected to be indicted in the U.S. eventually for the Blumenthal hack and other cybercrimes.

The State Dept. said previously that its computer networks were attacked approximately 19,000 times during 2011. Earlier this week, the Government Accountability Office said in a report that the number of information security incidents that have affected systems supporting the federal government increased by 1,121 percent between 2006 and 2014.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide