Ready to Start Your Career?
November 3, 2016
Computer Forensics and the Hillary Clinton Email Case
November 3, 2016
I thought it might be both interesting and challenging to examine the recent revelation about the newly discovered emails on Anthony Weiner’s laptop. Emails that the FBI feels may be pertinent to the Hillary Clinton Email case. It should be an Interesting topic for Cybrarians taking any of the courses here on Cybrary.it dealing with computer forensics, not to mention challenging in terms of keeping politics out of the discussion. I’ll attempt to do my best to deliver on both scores.FBI Director, James Comey issued a brief letter to Congress on Friday October 28, 2016 informing them that an investigative team had discovered emails on Anthony Weiner’s laptop that might be pertinent to the investigation into Hillary Clinton’s use of a private email server and her handling of classified information while Secretary of State. Weiner is currently the subject of another FBI investigation, the sordid details of which you’re probably aware. Weiner also just happens to be the estranged husband of long-time Hillary Clinton aide, Huma Abedin, as you’re also probably aware.This release of Comey’s letter, and more importantly its timing, has unleashed a political and legal firestorm. And that’s putting things mildly. But that isn’t of any concern to us. We’re just interested in the cold, hard facts of the technology concerning the case and the computer forensics surrounding it. To paraphrase Lieutenant Columbo, “I just have a few questions, if you don’t mind…”The specifics of Hillary Clinton’s private email server in the basement of her Chappaqua, NY home, though fascinating, are beyond the scope of this post. We only have time and space to focus on the alleged emails discovered on Anthony Weiner’s laptop, however, it’s an engrossing subject and provides clues as to why Mrs. Clinton had such a server in her home in the first place. Her opponents argue that her reasons were of a duplicitous nature and that’s certainly a possibility. On the other hand, Mrs. Clinton and her staff have long argued that it was purely for convenience.Accounts by Clinton’s staff portray her as a technophobe who didn’t know how to use a desktop computer. Someone who was so attached to ancient Blackberry technology that instead of migrating forward, she went in the opposite direction. Staffers have reported that they purchased older Blackberry models that their boss preferred and when they were no longer available in retail stores, were forced to scavenge for them on Amazon and eBay. The decommissioned phones were typically disposed of by taking a hammer to them.The purpose of the private email server, as her staffers have testified, was to permit the former Secretary to receive both personal and government-related email on the same device (Blackberry phone). At one point, Clinton carried both her Blackberry and an old fashioned flip phone just for voice calls. She liked that she could read emails on her Blackberry while talking on the flip phone! The home network in Clinton’s basement included a Blackberry Enterprise Server to support Clinton’s mobile devices. Politco Magazine has a fascinating – and at times humorous – accounting of this period and the technology behind it. It’s a long read, but is the most complete discussion of the circumstances surrounding Clinton’s email server that I’ve found to date.The other key point regarding Hillary Clinton’s technophobia is her penchant for receiving government information either in-person or in readable form. She claimed that the font on her Blackberry was too small to read lengthy emails. The latter required aides, primarily Human Abedin, to print out emails and then have them delivered to Mrs. Clinton, usually in diplomatic pouches. This point is important when addressing how the emails in question may have wound up on Anthony Weiner’s laptop. The other takeaway from this is just how technically illiterate Hillary Clinton is, as well has how antiquated and insufficient the information systems were and probably still are, at the State Department of the United States.It’s since come out that Huma Abedin had three email accounts while working for Clinton at the State Department: an account on Clinton’s private email server (clintonmail.com), a personal Yahoo! email account, and one she used while helping her husband (Anthony Weiner) in his failed bid for mayor of New York. She has claimed that she has no idea how emails related to her work for Clinton landed on Weiner’s laptop. Mrs. Clinton’s preference for reading hardcopy of emails provides one possible scenario.In a convoluted process to say the least, Abedin, as well as other staffers, would often forward email from their clintonmail.com accounts to their personal Yahoo! or Gmail accounts where they could then retrieve them from other devices for printing. These other devices ranged from unclassified Department of State terminals to personal PCs and laptops. We used to refer to this cumbersome process during the early days of personal computing (1980s) as the "sneakernet" method. Abedin may be telling the truth that she has no idea how the emails got on Weiner’s laptop, but two possibilities readily come to mind.One theory that’s been making the media rounds is that via the mysteries of the “cloud” they got magically synced to Weiner's laptop. This theory is about as nebulous as an actual cloud in the sky, but at least it’s in the ballpark. I haven’t found a definitive statement regarding the email client installed on Weiner’s laptop, but I’m assuming one was in use since he was accessing at least one POP3 server. The one used by his former campaign.If you use, or have ever used, Microsoft Outlook or Live mail, then you probably know that it pulls down emails from the mail server and keeps copies on the local machine in .eml format. Now, it’s a stretch for me to imagine Huma Abedin creating a new mail account in Outlook to connect to clintonmail.com so she could read her work email. She’d have to know about filling out the POP and STMP server fields, which ain’t rocket science, but probably something not in Huma’s wheelhouse. That’s not to say that someone else didn’t’ possibly set it up for her. But it seems like a lot of extra effort.Then there is the actual number of emails pertinent to the Clinton email investigation found on Weiner’s laptop. On this point, I have no idea whom to believe. Many reports immediately after Comey’s announcement said the number of emails found were 650k. More recently, I’ve seen it placed at 500k. Both numbers are confusing and misleading since they reflect the total number of emails located on Weiner’s laptop. The number related to the Clinton investigation is most likely a subset and a small one at that. One source I found put it around one thousand. This smaller, more manageable quantity leads into the other possible scenario for how the emails got on the laptop: Huma saved them as .pdf files from her Yahoo! email account in order to print. You can’t directly download emails from Yahoo! mail. The best you can do is save them off as PDFs. It’s certainly within the realm of possibility that she accumulated around a thousand of these PDF copies over several years. Of course, it means that she was using Anthony Weiner’s laptop on an almost daily basis during this period which seems to contradict her claim that she rarely used his laptop. Many reports have referred to it as a “shared” device.A recent article by the Washington Post has stated that the FBI investigative team is scanning the “meta data” in the newly discovered emails. Again, this is an impressive sounding technical term that doesn’t tell us much. On its surface, it would imply that what they’re scanning is in clear text format. We know that none of Clinton’s emails were encrypted, so it makes sense. What this meta data consists of could either be POP3 email message headers or meta data in a document such as a .pdf file. Forced to choose, I’d pick email message headers. This then points to actual email files getting downloaded onto Anthony Weiner’s laptop. Maybe Huma is more technically savvy than I give her credit for and she's also standing in water several degrees warmer than Hillary from a legal standpoint. Another scenario is some or all of the emails in question were sent to Huma's email address on Weiner's email server and were then downloaded onto Weiner's laptop without her direct intervention.FOX News has reported that FBI is using newly created scanning software for the task of sifting through the emails. With clear text files, this is a trivial matter, even more so if simply looking for messages marked as “Classified.” Determining if any of the emails are duplicates of those previously turned over, though a bit more complex, is still something that should have been completed since the second search warrant was secured, especially if their superduper deduper is running around the clock as claimed. I suspect the delay in releasing their findings is the result of legal and procedural issues within the US government. If potentially sensitive (classified) messages have been uncovered then it typically takes months to coordinate with the relevant government agencies the messages concern prior to releasing the information.There are also critical Fourth Amendment issues in play as they pertain to illegal search and seizure. This is a key component of computer forensics and is handled a bit differently between private and federal cases. The first delay in the new discovery was obtaining a second search warrant since the emails were discovered as part of a completely unrelated investigation into Anthony Weiner’s actions. Some are arguing that this could become a protracted legal battle around basic Fourth Amendment protections. Finally, lest we lose sight of fundamental computer forensics practices, it was reported on NBC Nightly News that FBI investigators made a copy of the hard drive seized from Weiner’s laptop. What they didn’t mention, and what certainly occurred behind the scenes, is that a hash was taken of the original hard drive as well as the copy to prove chain of custody and most importantly, to assure the integrity of the data used as evidence in the case. A final hash will be taken at the conclusion of the investigation to assure that none of the data on the either the original or copy has been altered during the course of the investigation. The last thing we need is the digital equivalent of the OJ bloody glove fiasco!In the end, what can we learn from what essentially amounts to an embarrassing mess for all parties concerned, not the least of which are the American People? For me, it is another example underscoring the woeful lack of computer security awareness, not only in the private sector, but especially within the US government. We have high-ranking officials in government – some of whom are running for the highest office in the land – who basically have no clue about the most basic aspects of computing technology, though both candidates seem surprisingly adept at the nuances of the Twitterverse. But should they shoulder the entire burden of being proficient in its use? Does not some of the responsibility lie with the government itself to provide both state of the art infrastructure and support where those making critical decisions on a daily basis don’t have to fret and fuss with the technical details? And can we afford to wait for a more technically savvy generation to come of age and assume the leadership of this country?