More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open


So this Hillary Clinton’s e-mail leak case has been a pretty interesting phenomena to observe and has been going on since last month, we didn’t really cover it as well it mostly concerns US politics – not a huge area of interest for most.

But it’s getting more and more interesting, there was a report that 32,000 of Hillary Clinton’s Email for auction to the highest bidder.

More Drama About Hillary Clinton's E-mail Leak - VNC & RDP Open

But it was rather unsubstantiated. Now it’s getting more and more interesting, seeing as though Hillary used a private e-mail server “for convenience” and this server also had VNC and RDP open to the INTERNET. Yah..

It also includes her using the same e-mail, yes a state department server technically, for personal e-mails.

Not only did Democratic Party presidential hopeful Hillary Clinton run her own email server while at the State Department: someone, presumably her friendly local sysadmin, decided it needed remote desktop protocol (RDP) and desktop sharing code virtual network computing (VNC) exposed to the Internet.

The folks at Associated Press were alerted to the situation by a Serbian geek the newswire hasn’t named, but who ran bulk port-scans that happened to include Hillary’s email server.

The scans came from the anonymous researcher who in 2013 published the white-botnet-driven “Internet census”, AP says.

Scans of a server that identified itself as clintonemail.com in August and December 2012 showed open ports for RDP and VNC. In March 2012, Microsoft warned that RDP was likely to be attacked, and in October of the same year Verizon warned that RDP’s default Port 3389 was among the most-scanned on the Internet.


So yah, apart from running her own e-mail server rather than using government resources or using a more secure, managed e-mail solution like Google Apps, whoever set it up also thought having VNC and RDP open to the Internet was a smart idea.

Or well, more likely they didn’t think about it at all. It was just such a hassle to get into wherever the server was stored, they installed remote access software and enabled it over the public IP.

VPN? What?

The researcher told AP the server also presented VNC to the Internet at large.

The State Department at the time required a waiver for any of its own techs to use remote access tools for systems administration, all the way down to unclassified servers, the AP notes.

There’s also a suggestion that a Web server – probably bundled with whichever operating system distribution clintonemail.com ran – was running, although not in use.

The Internet Census port-scan showed two other devices that had open ports, but those aren’t identified by the newswire. Presumably one of them was a broadband modem – still leaving one mystery device to be identified.

Another interesting story to note is that all the e-mails were backed up to the cloud using a service called Datto Inc:

Unbeknownst to Clinton, IT firm had emails stored on cloud; now in FBI’s hands

And I wonder if their waivers were signed? I somehow doubt protocol was followed in this case, as using a state funded e-mail server for personal e-mails is probably very much against due process.

Now this was a while back, the actual occurrence being in 2012 – but I guess it’s rising back up again now with Hillary vying for the presidency.

Source: The Register

Posted in: Legal Issues, Privacy

,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


Comments are closed.