Thread: Hacker Claims He Breached Hillary Clinton’s Email Server — ‘It Was Easy’

Hacker Claims He Breached Hillary Clinton’s Email Server — ‘It Was Easy’

REUTERS/MEDIAFAX/SILVIU MATEI

by JOHN HAYWARD
4 May 2016

Romanian hacker Marcel Lehel Lazar, better known as “Guccifer,” was extradited from his native Romania to a detention center in Alexandria, Virginia, last month.

The curiously-timed move was widely assumed to have some connection to the Hillary Clinton email scandal, as Lazar’s exploits are the major reason the American people know about Hillary Clinton’s secret mail system.

Clinton was able to keep her official correspondence hidden from Congress and the Freedom of Information Act, until Guccifer hacked the America Online account of Clinton confidant Sidney Blumenthal. The former Secretary of State’s “Clintonemail.com” address appeared on some of the stolen Blumenthal emails.

Fox News scored a jailhouse interview with Lazar on Wednesday, and he made the bombshell claim that he did hack into Clinton’s server, which — as the world now knows — contained thousands of classified documents, some at the highest Top Secret level.

“For me, it was easy,” said Lazar. Then he made it less of a boast and more of a slam on Clinton’s weak system security: “Easy for me, for everybody.”

As Fox News notes, Lazar’s claims cannot be independently verified, but presumably the FBI is working on that. If he’s telling the truth, the damage from his penetration of Clinton’s system was mitigated by his lack of interest in what he found.

“I was not paying attention. For me, it was not like the Hillary Clinton server, it was like an email server she and others were using with political voting stuff,” said Lazar. Clinton’s server held an estimated fifty to sixty thousand emails, of which she has destroyed half, claiming they were not official correspondence. It would be the luck of the draw that Lazar didn’t see the classified documents or recognize sensitive documents when he saw them. (Clinton’s aides tended to leave the classification markings out when they used “cut and paste” techniques to extract sensitive material from the secure State Department system.)
Lazar was rather coy about what he expectedto find in Clinton’s system. As for his method of gaining access, he said he extracted the Internet address of Clintonemail.com from the header information in Blumenthal’s emails, then used readily available programs to hammer the server and discover its security vulnerabilities, including ports left open to the outsider world.

Fox’s cyber experts confirmed the process he employed is “plausible.” One of them said it sounded like “the classic attack of the late 1990s.”

The article notes that while the security logs from Clinton’s server have been reported as showing no evidence of a breach, some methods of entry wouldn’t be caught by the security logs. It is also duly noted that hackers love to boast. Lazar claims he has a few gigabytes of data hidden away that would impact national security, which could be either another boast or part of his bargaining process with the U.S. justice system.

Lazar is scheduled to go on trial in September for a nine-count federal indictment of hacking crimes against U.S. victims, presumably including Blumenthal.

Also of interest, as Fox News notes, is that the former State Department staffer who set up Clinton’s email server, Bryan Pagliano, has been “granted immunity by the Department of Justice and is cooperating with the FBI in its ongoing criminal investigation into Clinton’s use of the private server.” It would seem logical to compare Pagliano’s testimony about the security systems on the server with Lazar’s account of gaining entry to determine if his claims are believable.

http://www.breitbart.com/hillary-cli...l-server-easy/

Romanian hacker Guccifer: I breached Clinton server, 'it was easy'


By Catherine Herridge, Pamela K. Browne
Published May 04, 2016
FoxNews.com

NOW PLAYING...Hacker claims he compromised Clinton's personal server - Watch video at link.

EXCLUSIVE: The infamous Romanian hacker known as “Guccifer,” speaking exclusively with Fox News, claimed he easily – and repeatedly – breached former Secretary of State Hillary Clinton’s personal email server in early 2013.
"For me, it was easy ... easy for me, for everybody," Marcel Lehel Lazar, who goes by the moniker "Guccifer," told Fox News from a Virginia jail where he is being held.

Guccifer’s potential role in the Clinton email investigation was first reported byFox News last month. The hacker subsequently claimed he was able to access the server – and provided extensive details about how he did it and what he found – over the course of a half-hour jailhouse interview and a series of recorded phone calls with Fox News.

Fox News could not independently confirm Lazar’s claims.

In response to Lazar’s claims, the Clinton campaign issued a statement Wednesday night saying, "There is absolutely no basis to believe the claims made by this criminal from his prison cell. In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton's server are inaccurate. It is unfathomable that he would have gained access to her emails and not leaked them the way he did to his other victims.”

The former secretary of state’s server held nearly 2,200 emails containing information now deemed classified, and another 22 at the “Top Secret” level.

The 44-year-old Lazar said he first compromised Clinton confidant Sidney Blumenthal's AOL account, in March 2013, and used that as a stepping stone to the Clinton server. He said he accessed Clinton’s server “like twice,” though he described the contents as “not interest[ing]” to him at the time.

“I was not paying attention. For me, it was not like the Hillary Clinton server, it was like an email server she and others were using with political voting stuff," Guccifer said.

The hacker spoke freely with Fox News from the detention center in Alexandria, Va., where he’s been held since his extradition to the U.S. on federal charges relating to other alleged cyber-crimes. Wearing a green jumpsuit, Lazar was relaxed and polite in the monitored secure visitor center, separated by thick security glass.

In describing the process, Lazar said he did extensive research on the web and then guessed Blumenthal’s security question. Once inside Blumenthal's account, Lazar said he saw dozens of messages from the Clinton email address.

Asked if he was curious about the address, Lazar merely smiled. Asked if he used the same security question approach to access the Clinton emails, he said no – then described how he allegedly got inside.

“For example, when Sidney Blumenthal got an email, I checked the email pattern from Hillary Clinton, from Colin Powell from anyone else to find out the originating IP. … When they send a letter, the email header is the originating IP usually,” Lazar explained.
He said, “then I scanned with an IP scanner."

Lazar emphasized that he used readily available web programs to see if the server was “alive” and which ports were open. Lazar identified programs like netscan, Netmap, Wireshark and Angry IP, though it was not possible to confirm independently which, if any, he used.

In the process of mining data from the Blumenthal account, Lazar said he came across evidence that others were on the Clinton server.
"As far as I remember, yes, there were … up to 10, like, IPs from other parts of the world,” he said.

With no formal computer training, he did most of his hacking from a small Romanian village.

Lazar said he chose to use "proxy servers in Russia," describing them as the best, providing anonymity.

Cyber experts who spoke with Fox News said the process Lazar described is plausible. The federal indictment Lazar faces in the U.S. for cyber-crimes specifically alleges he used "a proxy server located in Russia" for the Blumenthal compromise.

Each Internet Protocol (IP) address has a unique numeric code, like a phone number or home address. The Democratic presidential front-runner’s home-brew private server was reportedly installed in her home in Chappaqua, N.Y., and used for all U.S. government business during her term as secretary of state.

Former State Department IT staffer Bryan Pagliano, who installed and maintained the server, has been granted immunity by the Department of Justice and is cooperating with the FBI in its ongoing criminal investigation into Clinton’s use of the private server. An intelligence source told Fox News last month that Lazar also could help the FBI make the case that Clinton’s email server may have been compromised by a third party.

Asked what he would say to those skeptical of his claims, Lazar cited “the evidence you can find in the Guccifer archives as far as I can remember."

Writing under his alias Guccifer, Lazar released to media outlets in March 2013 multiple exchanges between Blumenthal and Clinton. They were first reported bythe Smoking Gun.

It was through the Blumenthal compromise that the Clintonemail.com accounts were first publicly revealed.

As recently as this week, Clinton said neither she nor her aides had been contacted by the FBI about the criminal investigation. Asked whether the server had been compromised by foreign hackers, she told MSNBC on Tuesday, “No, not at all.”

Recently extradited, Lazar faces trial Sept. 12 in the Eastern District of Virginia. He has pleaded not guilty to a nine-count federal indictment for his alleged hacking crimes in the U.S. Victims are not named in the indictment but reportedly include Colin Powell, a member of the Bush family and others including Blumenthal.

Lazar spoke extensively about Blumenthal’s account, noting his emails were “interesting” and had information about “the Middle East and what they were doing there.”

After first writing to the accused hacker on April 19, Fox News accepted two collect calls from him, over a seven-day period, before meeting with him in person at the jail. During these early phone calls, Lazar was more guarded.

After the detention center meeting, Fox News conducted additional interviews by phone and, with Lazar's permission, recorded them for broadcast.

While Lazar's claims cannot be independently verified, three computer security specialists, including two former senior intelligence officials, said the process described is plausible and the Clinton server, now in FBI custody, may have an electronic record that would confirm or disprove Guccifer’s claims.

"This sounds like the classic attack of the late 1990s. A smart individual who knows the tools and the technology and is looking for glaring weaknesses in Internet-connected devices," Bob Gourley, a former chief technology officer (CTO) for the Defense Intelligence Agency, said.

Gourley, who has worked in cybersecurity for more than two decades, said the programs cited to access the server can be dual purpose. "These programs are used by security professionals to make sure systems are configured appropriately. Hackers will look and see what the gaps are, and focus their energies on penetrating a system," he said.

Cybersecurity expert Morgan Wright observed, "The Blumenthal account gave [Lazar] a road map to get to the Clinton server. ... You get a foothold in one system. You get intelligence from that system, and then you start to move."

In March, the New York Times reported the Clinton server security logs showed no evidence of a breach. On whether the Clinton security logs would show a compromise, Wright made the comparison to a bank heist: "Let’s say only one camera was on in the bank. If you don‘t have them all on, or the right one in the right locations, you won’t see what you are looking for.”

Gourley said the logs may not tell the whole story and the hard drives, three years after the fact, may not have a lot of related data left. He also warned: "Unfortunately, in this community, a lot people make up stories and it's hard to tell what's really true until you get into the forensics information and get hard facts.”

For Lazar, a plea agreement where he cooperates in exchange for a reduced sentence would be advantageous. He told Fox News he has nothing to hide and wants to cooperate with the U.S. government, adding that he has hidden two gigabytes of data that is “too hot” and “it is a matter of national security.”

In early April, at the time of Lazar’s extradition from a Romanian prison where he already was serving a seven-year sentence for cyber-crimes, a former senior FBI official said the timing was striking.

“Because of the proximity to Sidney Blumenthal and the activity involving Hillary’s emails, [the timing] seems to be something beyond curious,” said Ron Hosko, former assistant director of the FBI’s Criminal Investigative Division from 2012-2014.
The FBI offered no statement to Fox News.

http://www.foxnews.com/politics/2016...-was-easy.html

Federal Prison Blues



https://www.youtube.com/watch?v=MjdPx8cJ27Y

Hillary Clinton lying for 13 minutes straight.



https://www.youtube.com/watch?v=-dY77j6uBHI

obama told her that all she did was lie