Hillary’s Emails, no Encryption and False Names

There was also stolen White House furniture and then Wall Street. The makings of a Hollywood movie in the text below:

Is the Mysterious ‘Eric Hoteham’ Actually Longtime Clinton Aide Eric Hothem? 

The name of the mysterious individual who registered the servers for Hillary Clinton’s private email address used at the State Department bears a striking resemblance to a longtime Clinton aide.

Clinton and her top aides in the State Department were using email addresses on a private server registered to the Clinton’s home in Chappaqua, New York, according to Internet records reviewed by the Associated Press.

The customer listed in records registering the Internet address to the Chappaqua home was “Eric Hoteham.” The AP, however, was unable to identify an “Eric Hoteham,” stating that the “name does not appear in public records databases, campaign contribution records, or Internet background searches.”

But the name is similar to that of Eric Hothem, who worked as a staff assistant for Clinton during her time as First Lady.

Hothem was involved in multiple personal matters during his service to Clinton and played a role in the controversy surrounding the pardon given to former President Bill Clinton’s half-brother Roger Clinton.

A congressional investigation into Clinton’s clemency decisions found that as Roger Clinton refused to testify to the committee in March 2001, he received a $15,000 wire transfer from a Citibank account in the care of Hothem.

The name of the account was “E.C. 934(A) c/o Eric Hothem.” Lawyers told the committee that “the account is a personal Citibank account of former President and Senator Clinton” and that the money was a loan for Roger Clinton to obtain legal counsel for the investigation.

The congressional report points out that the “payment occurred at the height of public outcry and investigative activity regarding the pardons and at a time when Roger Clinton was deciding whether to provide testimony.”

According to accounts of the final days of the Clinton administration, Hothem told chief White House usher Gary Walters that multiple items of furniture were “the Clintons’ personal property” even though they were not.

The Clintons would later have to return or pay for more than $100,000 in furnishings stolen from the White House.

Hothem also received a special acknowledgement in Hillary Clinton’s book Living History.

Hothem went to work for Citigroup, then moved to JP Morgan Chase in 2013, according to public disclosure reports accessed through the Securities and Exchange Commission.

The documents indicate that Hothem began his financial career in 2002, just a year after his last documented work as an aide to Clinton.

Members of Hothem’s JP Morgan office in Washington, D.C., said on Wednesday that they had “no comment” to any questions regarding Hothem and directed the Washington Free Beacon to the company’s media relations department.

Inquiries made to media relations were not answered by press time. An email sent to an account believed to be Hothem’s was also not returned.

An analysis of Clinton’s personal financial disclosure forms shows she maintained accounts worth millions of dollars at Citibank throughout her years in the Senate. She moved her largest accounts to JP Morgan in 2009.

Her most recent available public financial disclosure in 2012 shows that she holds up to $25 million worth of assets in a JP Morgan account. Hothem did not make the switch to JP Morgan until Clinton was out of federal office in May 2013.

Hothem has maintained ties to Democratic campaigns. His wife, Sue Hothem, has “raised millions of dollars in political contributions,” and helped found a political action committee worth nearly $1 million. She was also the director of development Democratic Leadership Council and the Progressive Policy Institute.

The Clinton Foundation did not respond to a request for comment by press time.

***    

Clinton’s E-Mail System Built For Privacy Though Not Security

No Encryption or protections and once the emails are gone…well they ARE gone?

A week before becoming Secretary of State, Hillary Clinton set up a private e-mail system that gave her a high level of control over communications, including the ability to erase messages completely, according to security experts who have examined Internet records.

“You erase it and everything’s gone,” Matt Devost, a security expert who has had his own private e-mail for years. Commercial services like those from Google Inc. and Yahoo! Inc. retain copies even after users erase them from their in-box.

Although Clinton worked hard to secure the private system, her consultants appear to have set it up with a misconfigured encryption system, something that left it vulnerable to hacking, said Alex McGeorge, head of threat intelligence at Immunity Inc., a Miami Beach-based digital security firm.

The e-mail flap has political significance because Clinton is preparing to announce a bid for the Democratic nomination for president as soon as April. It also reminds voters of allegations of secrecy that surrounded Bill Clinton’s White House. In those years, First Lady Hillary Clinton fought efforts by some White House advisers to turn over information to Whitewater investigators and, later, sought to keep secret records of her task force on health-care reform.

Representative Trey Gowdy, a South Carolina Republican who leads a special committee looking into the events surrounding the 2012 terrorist attack at a U.S. diplomatic facility in Benghazi, Libya, said he will subpoena Clinton’s e-mails.

“We’re going to use every bit of legal recourse at our disposal,” Gowdy said Wednesday during an interview on CNN.

Private Service

The committee also said Wednesday that it has discovered two e-mail addresses used by Clinton while secretary of state.

Nick Merrill, a Clinton spokesman, didn’t immediately respond to a request for comment, though he said in a statement Tuesday that her practices followed “both the letter and spirit of the rules.”

Setting up a private e-mail service was once onerous and rare. Now, it’s relatively easy, said Devost, president of FusionX LLC, based in Arlington, Virginia.

“There are tons of disadvantages of not having teams of government people to make sure that mail server isn’t compromised,” McGeorge said. “It’s just inherently less secure.”

Former Florida Governor and likely 2016 Republican presidential candidate Jeb Bush and used a personal e-mail while he was governor and has done so since, according to his spokeswoman, Kristy Campbell. He kept a server he owned in his state office and didn’t have a private server at home, Campbell said in a phone interview.

Bush E-Mails

Bush differed from Clinton in that it was known he was using a personal e-mail, his aides had regular access to the server and “his office consistently throughout his term complied with Florida’s public records laws,” Campbell said.

In order to ensure her e-mails were private, Clinton’s system appeared to use a commercial encryption product from Fortinet — a good step, McGeorge said.

However, when McGeorge examined the set-up this week he found it used a default encryption “certificate,” instead of one purchased specifically for Clinton’s service. Encryption certificates are like digital security badges, which websites use to signal to incoming browsers that they are legitimate.

“It’s bewildering to me,” he said. “We should have a much better standard of security for the secretary of state.”

Confirmation Hearing

Clinton’s private e-mail — [email protected] — was on a domain set up Jan. 13, 2009, the same day a Senate committee held her confirmation hearing. She was confirmed and sworn in on Jan. 21 as President Barack Obama’s first Secretary of State.

It’s entirely possible that Clinton had a private e-mail system set up at her home as a way to maintain administrative and legal control over her communications, said Tim “T.K.” Keanini, chief technology officer for network security company Lancope Inc. based in Atlanta.

“What we know is that she cared about that communication channel so much that she went out of her way,” and likely hired an expert to configure it for her, Keanini said in a phone interview.

Even so, there’s no guarantee she had complete control over what happened to the e-mails, Keanini said.

Keanini searched Internet records to determine that the computer server supporting Clinton’s e-mail was located in her hometown of Chappaqua, New York. An exact physical address could not be determined. The Internet Protocol address for the server was registered to a person by the name of Eric Hoteham, according to the records.

Kerry’s E-Mail

Supporters note that e-mails sent to State Department employees would have been retained on the government’s system.

However, the e-mail system was also used by at least some close staff, including Huma Abedin, Clinton’s deputy chief of staff at the State Department.

Clinton has yet to speak publicly about her motivation for setting up the system or what discussions she had with her advisers at the time.

Secretary of State John Kerry is the first in his position to rely primarily on a state.gov e-mail account, Deputy Press Secretary Marie Harf said. Harf said that the State Department has “no indication that Secretary Clinton used her personal e-mail account for anything but unclassified purposes.”

While Clinton didn’t have a classified e-mail system, she had multiple ways of communicating in a classified manner, including assistants printing documents for her, secure phone calls and secure video conferences.

Top Aide

Clinton’s top aide during that period, Cheryl Mills, is a respected scandal-defense lawyer. As a member of the White House counsel’s office, Mills helped guide President Bill Clinton through a series of investigations in the 1990s and won praise for her performance in successfully defending him when the Senate voted not to remove him from office in 1999.

Mills would go on to combine two of the most powerful posts at the State Department — chief of staff and counselor — under Hillary Clinton. In that job, she spoke for Clinton on management matters within the department.

Mills didn’t reply to an e-mail seeking comment.

Not long after resigning as secretary of state, Clinton’s private e-mail service was transferred to a commercial provider, MX Logic, Devost said.

“The timing makes sense,” Devost said. “When she left office and was no longer worried as much about control over her e-mails, she moved to a system that was easier to administer.”

Encrypted Connection

It took less than a day for researchers to find potential problems with the Clinton’s system.

Using a scanning tool called Fierce that he developed, Robert Hansen, a web-application security specialist, found what he said were the addresses for Microsoft Outlook Web access server used by Clinton’s e-mail service, and the virtual private network used to download e-mail over an encrypted connection. If hackers located those links, they could search for weaknesses and intercept traffic, according to security experts.

Using those addresses, McGeorge discovered that the certificate appearing on the site Tuesday appeared to be the factory default for the security appliance, made by Fortinet Inc., running the service.

Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.

Fortinet Statement

It’s unclear whether the site’s settings were the same before news of the private e-mail account emerged this week.

Fortinet issued a statement saying it wasn’t aware the company’s technologies were used by Clinton.

“If they were, our recommendation is to replace provided self-signed certificates with valid digital certificates for the protected domains,” said Andrea Cousens, a Fortinet spokeswoman.

“It may have fallen in the realm of acceptable risk,” Devost said. “They wanted to make sure that when she was in Egypt all of the traffic from her phone to the mail server was encrypted and that was their priority.”

Posted in Choke Point, Citizens Duty, Cyber War, DOJ, DC and inside the Beltway, government fraud spending collusion, Insurgency, IRS White House Collusion, NSA Spying.

Denise Simon