IT security firm Venafi has confirmed that for the first 3 months Hillary Clinton’s private email server was not encrypted. Even though digital certificates were added after 3 months, anyone who had gained access to her server during that period would still have a way in afterward.

Digital certificate analysis for clintonemail.com

In the past week, there have been questions about the level of security, use, and configuration of former Secretary of State Hillary Clinton’s personal email server. Specifically, there have been concerns that the server may have been vulnerable to eavesdropping and compromise. TrustNet found that at least 3 digital certificates were used with clintonemail.com since 2009. Operators of clintonemail.com obtained these certificates so the site could be uniquely distinguished (another clintonemail.com would not show as being secured without the certificate) and the site would use strong encryption to keep data transmissions private. These certificates were obtained validly and enabled web-based encryption for applications. Based on TrustNet analyst, Venafi can conclude clintonemail.com was enabled for browser, smartphone, and tablet encryption since 2009 and can operate using encryption through at least 2018. However, for the first 3 months of Secretary Clinton’s term, access to the server was not encrypted or authenticated with a digital certificate. During this time, Secretary Clinton travelled to China, Egypt, Israel, South Korea and other locations outside of the U.S.

Note: All data in this report was obtained by non-intrusive Internet scanning routinely performed throughout the IT security community to protect the safety and health of the Internet.

Clinton must stick with her claim that no classified material was ever exchanged on her server as it was clearly vulnerable and may have easily been comprised.

Advertisements