Wednesday, May 25, 2016

Former CENTCOM commander victim of 'cybersecurity incident' Hillary Clinton didn't report

The State Department's inspector general report reveals that former Secretary of State Hillary Clinton and two key staff members failed to report a potential hacking attempt that was referred to as a "cybersecurity incident" they received on Friday the 13th in May of 2011.

A footnote on page 40 of the report states, "In another incident occurring on May 13, 2011, two of Secretary Clinton’s immediate staff discussed via email the Secretary’s concern that someone was 'hacking into her email' after she received an email with a suspicious link."

"Several hours later, Secretary Clinton received an email from the personal account of then-Under Secretary of State for Political Affairs that also had a link to a suspect website," the footnote continues. "The next morning, Secretary Clinton replied to the email with the following message to the Under Secretary: 'Is this really from you? I was worried about opening it!'”

The link in the email sent by Under Secretary of State for Political Affairs William Joseph Burns appears to be a virus that could have infected multiple email accounts belonging to one of her top aides and former officials, including the former Commander in Chief of the United States Central Command (CENTCOM).

Along with Clinton, the possible malware virus was sent to Joseph E. Macmanus, who served as Secretary Clinton's Executive Assistant until April of 2011, before becoming Principal Deputy Assistant Secretary of State for Legislative Affairs in May. Clinton cc'd her response to the email to Deputy Chief of Staff Huma Abedin, who is now the vice chairwoman of her 2016 presidential campaign.

It was also sent to former US ambassador to Morocco Marc Ginsberg; Sr. Vice President, Public Affairs, Communications & Governance Apache Corporation Sarah Teslik; retired United States Marine Corps general and former CENTCOM Commander in Chief Anthony Charles Zinni; Philip N. Remler, the Head of the Organization for Security and Co-operation in Europe (OSCE) Mission to Moldova; U.S./Middle East Project President Henry Siegman; Mark Foulon, former Deputy Undersecretary for Industry and Security at the Department of Commerce from 2003 to 2006 and Acting Under Secretary of Industry and Security from 2006 to 2007; and unknown persons referred to as "sburns" and "iburns."

The footnote adds: "Department policy requires employees to report cybersecurity incidents to IRM security officials when any improper cyber-security practice comes to their attention. 12 FAM 592.4 (January 10, 2007). Notification is required when a user suspects compromise of, among other things, a personally owned device containing personally identifiable information. 12 FAM 682.2-6 (August 4, 2008)."

"However, OIG found no evidence that the Secretary or her staff reported these incidents to computer security personnel or anyone else within the Department," the inspector general report noted.

No comments: