More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open


So this Hillary Clinton’s e-mail leak case has been a pretty interesting phenomena to observe and has been going on since last month, we didn’t really cover it as well it mostly concerns US politics – not a huge area of interest for most.

But it’s getting more and more interesting, there was a report that 32,000 of Hillary Clinton’s Email for auction to the highest bidder.

More Drama About Hillary Clinton's E-mail Leak - VNC & RDP Open

But it was rather unsubstantiated. Now it’s getting more and more interesting, seeing as though Hillary used a private e-mail server “for convenience” and this server also had VNC and RDP open to the INTERNET. Yah..

It also includes her using the same e-mail, yes a state department server technically, for personal e-mails.

Not only did Democratic Party presidential hopeful Hillary Clinton run her own email server while at the State Department: someone, presumably her friendly local sysadmin, decided it needed remote desktop protocol (RDP) and desktop sharing code virtual network computing (VNC) exposed to the Internet.

The folks at Associated Press were alerted to the situation by a Serbian geek the newswire hasn’t named, but who ran bulk port-scans that happened to include Hillary’s email server.

The scans came from the anonymous researcher who in 2013 published the white-botnet-driven “Internet census”, AP says.

Scans of a server that identified itself as clintonemail.com in August and December 2012 showed open ports for RDP and VNC. In March 2012, Microsoft warned that RDP was likely to be attacked, and in October of the same year Verizon warned that RDP’s default Port 3389 was among the most-scanned on the Internet.


So yah, apart from running her own e-mail server rather than using government resources or using a more secure, managed e-mail solution like Google Apps, whoever set it up also thought having VNC and RDP open to the Internet was a smart idea.

Or well, more likely they didn’t think about it at all. It was just such a hassle to get into wherever the server was stored, they installed remote access software and enabled it over the public IP.

VPN? What?

The researcher told AP the server also presented VNC to the Internet at large.

The State Department at the time required a waiver for any of its own techs to use remote access tools for systems administration, all the way down to unclassified servers, the AP notes.

There’s also a suggestion that a Web server – probably bundled with whichever operating system distribution clintonemail.com ran – was running, although not in use.

The Internet Census port-scan showed two other devices that had open ports, but those aren’t identified by the newswire. Presumably one of them was a broadband modem – still leaving one mystery device to be identified.

Another interesting story to note is that all the e-mails were backed up to the cloud using a service called Datto Inc:

Unbeknownst to Clinton, IT firm had emails stored on cloud; now in FBI’s hands

And I wonder if their waivers were signed? I somehow doubt protocol was followed in this case, as using a state funded e-mail server for personal e-mails is probably very much against due process.

Now this was a while back, the actual occurrence being in 2012 – but I guess it’s rising back up again now with Hillary vying for the presidency.

Source: The Register

Posted in: Legal Issues, Privacy

,


Latest Posts:


HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.


Comments are closed.