Overnight Cybersecurity: Were Clinton's private emails secure?

Were Clinton's private emails secure? March 4, 2015 By Cory Bennett and Elise Viebeck Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ... THE BIG STORIES: --KEEPING IT IN THE FAMILY: Hillary Clinton remained radio silent Wednesday about her private email server. But as more information comes out, more security questions are being raised. Reportedly, Clinton was hosting her email service from a domain, clintonemail.com, that was registered to her home in Chappaqua, N.Y. While such a server would have had physical protection from the Secret Service, it's unlikely it would have benefited from the layers of security offered by a commercial email provider or a federal email network, analysts say. To read our full piece, click here. --THEY WARNED HER: State Department tech staffers apparently told Clinton's office about the security risks of her setup. But their pleadings fell on deaf ears, according to a current State Department cybersecurity employee. "We tried," the staffer told Al Jazeera. "We told people in her office that it wasn't a good idea. They were so uninterested that I doubt the secretary was ever informed." Clinton reportedly did move in 2012 to backup her private email on Google servers. And later she connected the server to a commercial email provider owned by top security firm McAfee. While these decisions would have better locked down Clinton's archive from digital intrusion, they wouldn't have necessarily guaranteed the security of her personal domain. To read our full piece, click here. --ONE SATIRICAL TAKE: Vanity Fair offers 10 theories on what the "22" stands for in Clinton's formerly private email address: hdr22@clintonemail.com. --HACKS ON HACKS ON HACKS: A White House report found hackers attempted to breach the federal government a record-high 70,000 times during fiscal 2014. It's a 15 percent boost from fiscal 2013. Predictably, lawmakers are using the report to encourage action on long-stalled cybersecurity legislation. "This report underscores the troubling reality that cyber attacks and intrusions continue to occur at an increasing rate, and agencies need to be better prepared," said Senate Homeland Security Ranking Member Tom Carper (D-Del.), in a Wednesday statement. Carper is behind a 2015 bill that would encourage the public and private sector to swamp more cyber threat data. To read our full piece, click here. --NSA CHIEF TALKS TROJAN HORSE THREATS: National Security Agency Director Mike Rogers said Wednesday that there can be a risk in government agencies using software that is manufactured abroad, given instances of prepackaged malware. "There is clearly an aspect of risk to it. I think that's a fair statement," Rogers said in an exchange with Rep. Jim Cooper (D-Tenn.), during a House subcommittee hearing. "More domestic manufacture ... Within the department, we try to take a look at that." Cooper had referred to the case of China-based PC manufacturer Lenovo shipping out laptops with Superfish software that made the machines vulnerable to attacks. To read our full piece, click here. UPDATES ON CYBER POLICY: --DESPITE THREE HOUSE HEARINGS on cybersecurity this week, the waiting game continues on a timeline for any legislation. All eyes have been on House Homeland Security Committee Chairman Michael McCaul (R-Texas), who is expected to introduce a cyber info-sharing bill similar to the White House's proposal. Homeland Security's cyber subcommittee held a hearing Wednesday, but most lawmakers chose to get out of dodge ahead of a D.C. "snowstorm" instead of attending. Rep. Curt Clawson (R-Fla.), one of the two lawmakers to return after the hearing broke for a vote, did express some skepticism about the largely bipartisan info-sharing efforts. "I don't know how you get this to work," he said. To read our full piece, click here. LIGHTER CLICKS: --TRACKING CYBER: A Twitter account, @cybercyber, records the inane uses of the word "cyber" in today's media coverage. The Hill apologizes for contributing. -FROM THE ONION: "Chinese Citizens Kind Of Grateful To Not Have Access To All Of Internet" -BEST BET: Quartz makes three guesses, in order of volume, of what's in Hillary Clinton's secret email stash: 1. LinkedIn invitations 2. "Stuff her crazy uncle forwarded her about Obama being a lizard person" 3. "Important messages from Nigerian princes transferring money out of the country" A LOOK AHEAD: --THURSDAY: The International Association of Privacy Professionals will hold its 2015 Global Privacy Summit with remarks by journalist Glenn Greenwald as well as FTC Chairwoman Edith Ramirez, two White House aides and several congressional staffers. --FRIDAY: Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) and White House aide Ari Schwartz, who works on cybersecurity privacy and civil liberties issues, are scheduled to talk cyber at a USTelecom conference beginning at 9 a.m. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. -Hackers are using false GoDaddy subdomains as a way to launch cyberattacks. (The Hill) -A prominent New York City taxi group is demanding a probe of the Uber data breach. (The Hill) -Upscale hotel chain Mandarin Oriental confirmed it has experienced a credit card breach, but hasn't yet given details on how many guests might have been affected. (KrebsOnSecurity) -An anthropologist unpacks the contradictions within the hacking group Anonymous. (Christian Science Monitor) -Glenn Greenwald, responding to the rash of "Snowden wants to come home" stories on Tuesday: "A case study in typical media deceit." (The Intercept) -Last year, the world's largest bitcoin exchange went bankrupt after hackers allegedly made off with nearly half a billion dollars worth of the digital currency. A year later, those lost bitcoins are nowhere to be found. (Computer World) ICYMI: A total of $16 billion was stolen from 12.7 million identity fraud victims last year. (Javelin Strategy) We'll be working to stay on top of these and other stories throughout the week, so check The Hill's cybersecurity page early and often for the latest. And send any comments, complaints or cyber news tips our way, viacbennett@thehill.com or eviebeck@thehill.com. And follow us at @cory_bennett and @eliseviebeck. If you'd like to receive our newsletter in your inbox, please sign up here:http://goo.gl/KZ0b4A