[groovylick]

The reporting on this story has been pretty terrible. Wired just running with the AP story without spending the couple of minutes it takes to verify the details is shameful.

The clintonemail.com domain was registered by Justin Cooper [1] and the MX records point to mail servers run by mxlogics.net, now owned by McAfee, not some solo server in Clinton's home. The sole evidence from the AP report is:

> It was not immediately clear exactly where Clinton's computer server was run, a business record for the Internet connection it used was registered under the home address for her residence as early as August 2010. The customer was listed as Eric Hoteham.

A business record for an Internet connection doesn't prove anything, let alone the location of an email server. A history of the MX records [2] is evidence of the location and management of the email server, which has always been set to a mxlogics domain. That it took me only 5 minutes to gather his information but unsourced reporting is being parroted is poor journalism.

[1] http://who.is/dns/clintonemail.com [History & DNS Tabs] [2] https://dnshistory.org/dns-records/clintonemail.com

[jonathanmayer]

Background: I was quoted in the Wired piece. I made sure to emphasize that us outsiders can't say, with any certainty, whether this server was more or less secure than the State Department infrastructure. Matt Blaze, faculty at Penn, made the same point. But, alas, non-expert sensational spin won the day.[1]

With that out of the way, I suspect some HN readers might have an interest in the attribution process.

1) Find the mail servers for clintonemail.com, using DNS MX records. These days, they're run through McAfee. Back in 2010, though, the records pointed to mail.clintonemail.com. (There are a handful of services that keep those historical records, e.g. dnshistory.org.)

2) Find the IP address for mail.clintonemail.com, using DNS A records. Today, it's 64.94.172.146.[2] Back in 2010, it was 24.187.234.187.

3) Run an ARIN WHOIS on the old IP address. It's a static IP range through Optimum Online, allocated to "Eric Hoteham" at the Clinton home in Chappaqua. The surrounding IP ranges map to small businesses in the area.[3]

So, there is some nontrivial technical evidence that the email server was at the Clinton residence. But it's hardly definitive. It's possible, for instance, that the registered address is merely for billing purposes.

[1] There's even a glaring a factual error in the story. It was a web hosting service offered by Network Solutions that was hacked in 2010, not their DNS service. That would've been a much bigger deal.

[2] There's still a live server at mail.clintonemail.com. It's running Windows Server 2008 R2 with a valid SSL certificate. And it appears to be colo'd at Internap. Between that and the MXLogic protection, hardly a slapdash setup.

[3] Quite a few of these records have odd contractions or typos, suggesting the misspelled name wasn't intentional.

[tedunangst]

Thank you. That's certainly more compelling than the AP story talking about how her "private email server was reconfigured". Given the language used, Occam's Razor was definitely leaning towards reporter misinterpreted what was said.

[btgeekboy]

https://mail.clintonemail.com/owa/ also appears to be an Exchange 2010 setup.

[svm_kernel_1]

Wow, lame reporting by Wired. The author obviously wanted to run a negative piece, so he cherrypicked his sources.

Both computer security experts he talked to--seriously, experts, Matt Blaze and Jonathan Mayer do great work--explained that this isn't necessarily insecure. But most of the story belongs to this whining Soghoian guy from ACLU, who doesn't appear to be a computer scientist, software engineer, or even IT admin.

[grumpybozo]

The SWIP record for 64.94.172.146 really doesn't look like a "colo" but it also looks unlikely:

NetRange: 64.94.172.144 - 64.94.172.159 CIDR: 64.94.172.144/28 NetName: INAP-NYM-GIGLINX-64-94-172-144 NetHandle: NET-64-94-172-144-1 Parent: PNAP-05-2000 (NET-64-94-0-0-1) NetType: Reassigned OriginAS: Customer: Private Customer (C04601460) RegDate: 2013-06-07 Updated: 2013-06-07 Comment: rirCallout v1.07, Fri Jun 07 00:29:27 -0400 2013 Ref: http://whois.arin.net/rest/net/NET-64-94-172-144-1

CustName: Private Customer Address: Private Residence City: Redondo Beach StateProv: CA PostalCode: 90278 Country: US RegDate: 2013-06-07 Updated: 2013-06-07 Ref: http://whois.arin.net/rest/customer/C04601460

[amckenna]

When did the server make the switch between the two IPs? According to the internet census data gathered in 2012 the 24.187.234.187 address had the following ports open (note SMTP and RDP):

ool-18bbeabb.static.optonline.net - 24.187.234.187:25

ool-18bbeabb.static.optonline.net - 24.187.234.187:80

ool-18bbeabb.static.optonline.net - 24.187.234.187:443

ool-18bbeabb.static.optonline.net - 24.187.234.187:3389

http://www.exfiltrated.com/query.php?startIP=24.187.234.187&...

There was nothing returned for the 64.94.172.146 address.

[_cudgel]

The reporting on this story has been pretty terrible. Wired just running with the AP story without spending the couple of minutes it takes to verify the details is shameful.

Agreed.

But, in my opinion, the point of the story isn't to prove factually one way or the other whether or not Clinton did anything at all. The point is to put yet another seed of doubt in the collective subconscious of the voting public in the run-up to the 2016 Presidential election.

Performing this simple feat simply requires a small group of the right people to parrot the same lines ad nauseam. Then it becomes "fact" in the world of punditry.

[barney54]

This story was only about security, others have been about the legal issues. On Hacker News the security angle is interesting, but the bigger picture is that only using her personal email for State Department business almost inevitably broke the law.

[001sky]

I wonder if Clinton was such a "rock star" that she had a non-standard employment agreement? My gut tells me she didn't take the job using "standard docs" but who knows.

[GauntletWizard]

There is no non-standard employment agreement here. The 'docs' that we are referring to her ignoring are federal law; Specifically, the Federal Records Act, which classifies her e-mails as federal records (the latest update clarifies this, but there's a reasonable argument that it was still the case before the explicit callout), and therefore subject to FOIA requests and other forms of review.

[001sky]

White house said this behaviour broke specific policy guidance, but the NY Times reports that setup was well known and a "status symbol"for the SOS. Those two things don't add up.

How can it be that breaking policy was a status symbol?

It would be more normal that having a policy waiver is a status symbol. Flagarantly breaking a rule/law otherwise just allows you to be blackmailed[1]. (you're basically a dead man walking subject to prosecutorial discretion...).

Since that is a common disqualifier for having top-secret security clearance...

none of this makes any sense whatsoever.

[mattlutze]

Secretaries and senior officials are required by federal law to keep records pertinent to the operation of their departments. It's not really something you can cross out in your offer letter...

[isaiahg]

These articles are always political, it even says in the article that it's not uncommon for reps to role their own mail solutions. Are anyone else's names listed?

[kevin_thibedeau]

I'm waiting for the staging of "Benghazi: The Musical".

[pjbrunet]

That doesn't really refute the article. Anyone with access to the DNS server could change the email records for a few minutes to intercept mail. A hacker wouldn't have to wait for propagation in that case. And who would notice? This has me thinking, it would be nice to get alerted if a) my DNS records change at registrar level and more importantly if b) my DNS records change at the DNS host level.

I think DNS hosts should offer a waiting period option or approval system (with warning alert) for changing email records. Obviously you want website records to change instantly for failover, but I don't want a hacker changing email records in the middle of the night without anyone knowing. I use Linode and DNSMadeEasy and I don't remember either service sending me a notification when an email record was changed.

Also, seems like you could sell a 3rd party service to monitor DNS hosts. (I didn't bother to Google if that service exists already.) I'm assuming "dnshistory.org" only pings once per day--pretty much useless info from a security standpoint.

[pjbrunet]

dnshistory.org: "A5: We aim to check every domain at least once per month and the minimum interval between checks is 24 hours."

[gadders]

The location of the email server is an irrelevence, though. The main issue is that she had such a server so she could hide her correspondance from official requests from congressional committees, FOI requests etc.

[swang]

I look at the AP article, and although the writing is somewhat unclear and fuzzy, all they do is mention that the domain was registered to her home address. They don't directly say the server was in her house (although it seems heavily inferred that that's what they were thinking).

Just bad writing from AP, even worse from Wired since Greenberg should know better.

[_bfhp]

What do we expect from Wired? Is there a general consensus that Wired is a respectable news source? I'm subscribed to it (the subscription was a gift) and it occasionally has informative and interesting content (the Christopher Nolan issue was cool) but I've been depressed by it as much as I've gotten benefit out of it.

[CHY872]

I generally don't read Wired articles when they're linked to here or elsewhere. I find the title format of: 'Why XXXXX.' or 'XXXXX. Here's why:' 'How XXXXXX' to be clickbaitey, and when I get to the story, it's typically this faux-longform narrative which doesn't bring the content you'd expect from reading such a large amount. It's a little distateful.

Furthermore, it has a rep of being style over substance, with facts left unchecked in favour of the more attention grabbing story.

I don't blame the journalists who write it, I understand how fast you have to work in such jobs, and there might simply not be the time to track down every lead (certainly the journalists wouldn't be expected to have the expertise to fairly present every story they're asked to write (as opposed to (say) a political correspondant)). This is especially the case with our content-aggregating type media (although Wired are more able to investigate themselves than most, since they're a big player).

I'm glad it exists, as popsci articles can easily help make people interested in supported of things they wouldn't otherwise be interested in, which is good for the industry, but without trying to be snooty I don't think that I'm their target audience (and I suspect you're not also).

[deong]

I'd say there's certainly that general consensus. There's a huge difference between "people on hacker news think it's good" and "the general public thinks it's respectable". It's not the National Enquirer -- completely out of thin air I'd guess that well over 90% of the American public think Wired is generally reliable on technical issues.

[csoghoian]

You might want to look at this:

https://dnshistory.org/dns-records/mail.clintonemail.com

http://whois.arin.net/rest/net/NET-24-187-234-184-1/pft