NSA Warned Trump Staffers Against Personal Email/Device Use; Were Ignored
from the biggest-phish dept
Blatant hypocrisy aside, the Trump Administration's use of personal email accounts isn't just a low-flying middle finger to public records laws. It's also a stupidly insecure method for handling sensitive communications.
Senior adviser Jared Kushner continued to use his personal email account -- albeit in a limited fashion -- after taking his official position. He did this despite being warned by the nation's professional spooks that doing so was a really bad idea. Josh Meyer reports for Politico:
The National Security Agency warned senior White House officials in classified briefings that improper use of personal cellphones and email could make them vulnerable to espionage by Russia, China, Iran and other adversaries, according to officials familiar with the briefings.
The briefings came soon after President Donald Trump was sworn into office on Jan. 20, and before some top aides, including senior adviser Jared Kushner, used their personal email and phones to conduct official White House business, as disclosed by POLITICO this week.
As noted, the NSA also cautioned against the continued use of personal devices -- something that makes every admin official who still insists on using their own laptops and phones attack vectors for cybercriminals and state-sponsored attacks from unfriendly governments.
But whatever, it's just the nation's top intelligence experts talking. Use of personal devices and email accounts continued, despite admin staff being told to assume these were already compromised. At this point -- more than six months after that cautionary meeting -- it's likely bad guys are standing in line to access cycles on admin accounts and devices.
As Meyer notes, this isn't necessarily just a Trump administration issue. It's something that happens with every incoming president and their crew. No one wants to give up devices and email accounts and not many of them can be immediately convinced about the level of risk.
But the point remains: when the NSA explains what could possibly happen to insecure devices and accounts, its information is coming from a place of deep personal experience (as it were):
A second former U.S. intelligence official said that the NSA briefers understand how insidious the cyberespionage campaigns can be because they conduct similar operations against others.
So, it's not the only administration to play it fast and loose for the first several post-inauguration months. But it's the one that will (and should) take the most heat for it. For one, evidence is being amassed showing Russian interference and influence on the election run, if not on the administration itself. For another, it's an administration that found its way into office using Hillary Clinton's personal email server use as a springboard. The other problem is the Trump Team has decided to throw its energy into shutting down internal leaks rather than addressing its own security holes, which means info is probably being exfiltrated to state actors with something far more nefarious in mind than leaking docs to journalists.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: jared kushner, nsa, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
To-ma-to, to-mah-to
[ link to this | view in chronology ]
Obvious explanation
[ link to this | view in chronology ]
Re: Obvious explanation
[ link to this | view in chronology ]
Re: Not Obvious
"... improper use of personal cellphones and email could make them vulnerable to espionage" + "... NSA also cautioned against the continued use of personal devices"
So which is it --- "improper use" or "continued use" is BAD ?
Is 'continued proper use' of personal devices OK ??
How are staffers supposed to conduct "personal" business ... since government devices are for 'official use only' ?
Are staffers expected to entirely get rid of their "personal" phones and computers ?
(What would Hillary & Debbie Wasserman do ?)
[ link to this | view in chronology ]
Re: Re: Not Obvious
[ link to this | view in chronology ]
Re: Re: Not Obvious
[ link to this | view in chronology ]
Re: Obvious explanation
It's when the NSA says something is secure that you have to doubt them.
[ link to this | view in chronology ]
Re: Re: Obvious explanation
[ Puts on tinfoil hat. ]
Maybe, or maybe that's just what they want you to think. See, if you trust them when they tell you something is insecure, you will stop using that thing and switch to something they haven't publicly said is insecure. But that other thing might itself be secretly insecure (with vulnerabilities known to them) and they were actually lying about the first thing (in order to get you to abandon something they can't break and migrate to one they can). So you can't really trust their claims about security or insecurity until you establish that they have stopped trying to obtain unauthorized access to other people's systems and returned to their honorable mandate of securing governmental systems against unauthorized intrusion.
Excuse me, I think there's a suspiciously unmarked van watching this place ...
[ Puts tinfoil hat away, begins whistling nonchalantly, and walks out. ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Obvious explanation
Chances are fair that the devices now being used by Trump administration officials were compromised BEFORE THEY EVER TOUCHED THEM. (That isn't particularly hard to achieve if you know a lot about your targets and you have a 9-figure budget to work with.)
The question is not if. The question is by whom and who are they sharing the gathered intelligence with.
[ link to this | view in chronology ]
Re: Obvious explanation
You know what's weird about living in 2017? I look at that comment - as well as the Anonymous Conspiracy Theorist two comments down - and I think "Wow, I wonder if these comments are being written from a Moscow suburb." That seems entirely plausible.
[ link to this | view in chronology ]
Re: Re: Obvious explanation
You, sir, are clearly being a nationalist here. Russia is not the sole source of bizarre comments. Did it ever cross your mind that the bizarre comments might be from China, or France, or Germany, or Egypt, or Brazil, or even from the US itself? You just assumed it would be Russian because the Russians are obviously behind everything, didn't you?
[ link to this | view in chronology ]
Re: Re: Re: Obvious explanation
[ link to this | view in chronology ]
Re: Re: Re: Obvious explanation
Of course I considered those other things. The DEFAULT ASSUMPTION is that you're just some anonymous troll sitting in his mother's basement in the US. But we live in times where it's been shown that Russia has a great amount of resources dedicated to doing precisely this - sowing doubt and disinformation in comments forums on American websites. Thus far, I have seen no evidence Egypt - that great international superpower - has equivalent capability or interest.
The russians are behind everything? Seriously? What is up with you people?
[ link to this | view in chronology ]
It's only wrong when someone else does it
Lock them up!
[ link to this | view in chronology ]
They are more concerned with leaks to the public that they are to foreign countries because they view the public as a greater threat than foreign countries.
[ link to this | view in chronology ]
Fake News!
[ link to this | view in chronology ]
Re: Fake News!
[ link to this | view in chronology ]
Re: Fake News!
More fake news from the anti-Trump biased media! Sad.
/s
FTFY
[ link to this | view in chronology ]
Re: Fake News!
[ link to this | view in chronology ]
Apparently not illegal
[ link to this | view in chronology ]
Re: Apparently not illegal
Maybe you should quit overlooking the sins of your party if you want to elevate the state of government.
Like you are now?
[ link to this | view in chronology ]
Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Apparently not illegal
The original point still stands, there is no reason for you to get defensive over it. Let the sycophants take their lumps!
Labels are just labels and there is a reason they are created! Getting twisted over them is every bit as problematic as over using them!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Apparently not illegal
I pointed out the left set the bar low and is now crying about it when the right does it.
I see. So "lock her up" was bullshit and everyone in on it knew it?
I don't think your "argument" is making you guys look any smarter.
[ link to this | view in chronology ]
Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
I merely pointed out how ironic it was that only now it is a problem for the left.
And I merely pointed out that if the right was so hell bent on locking her up for it, they should at least not come out now saying "what's the big deal?" Or at least they should follow through and lock her up...promises, promises.
I'm sure that'll come right after the check from mexico.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
1: what Hillary did was legally fine, so this is legally fine, and the entire emails scandal was a blatant GOP snark-hunt. Thus the failure to address the legal environment that made it fine is a failure of the American right.
2: what Hillary did was not fine, so this is not fine, and the entire emails scandal was a very real threat to national security that the GOP was correct to pursue. Thus the failure to correct the not fine behaviour is the height of hypocrisy and is a failure of the American right.
Make sense?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
Started?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
Yes. As long as we keep in mind that Hillary kept a private email server in her bathroom and arguably mishandled classified info. Vrs these guys were just lazy (among other things). I agree the hypocrisy is there to some degree, but the level of infraction is apples and oranges.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Apparently not illegal
Are you that obtuse to realize that your initial "point" is the strawman? Before you throw terms around like that to try and criticize me, you should take a little more introspection with your own argument.
You're not nearly as clever as you think you are.
[ link to this | view in chronology ]
Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Apparently not illegal
The issues with the Trump administration are that A) Trump and his campaign made a major issue of the problems with Hillary's email use, so they explicitly think its a problem. B) The biggest problem with Hillary's server in the eyes of her supporters was information classified 'after-the-fact', something that the Trump Administration also cant control, so official use has the same issues as it did with Hillary.
[ link to this | view in chronology ]
Re: Re: Apparently not illegal
So umm... you do realize what hypocrisy means right?
" I defended Hillary's use of a private email server as not criminal and not worthy of prosecution due to the sepecific circumstances, but also noted that it was a bad solution to her concerns."
According to yourself, you should hold the same standard for Trump, even if he is being a hypocrite too.
My solution is to burn all of you hypocrites at the voting booth.
No member of Government should be allowed to use private emails for government work, period. Nail their fucking asses to the walls, there are people in jail for fucking less!
[ link to this | view in chronology ]
Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Apparently not illegal
Leftist and hypocrite are synonymous.
Like when the left was chanting "lock her up?"
Was that what you were referring to?
Tell me...now that the big orange tard is in office, and staffed the department of justice, why isn't he following through on that?
You're saying the left is being hypocritical, but I'm not aware of any movement to following through on that promise either.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Apparently not illegal
[ link to this | view in chronology ]
Re: Re: Re: Re: Apparently not illegal
Can't see the forest for the trees?
[ link to this | view in chronology ]
Re: Apparently not illegal
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Government is About P&P Unless You're Big Enough to Ignore It
I've seen this first hand. If you're in IT it happens all the time. Some government Big Shot wants to buck the rules.
But the flip side issue is that the government servers are only so secure (partly because of Big Shots not following best practices). IT can only do so much on the budget they are given and the stupid work-arounds to Best Practices.
The bottom line is no mail server (Public or private) can be made 100% bullet-proof. Hackers will get in. But to save your Public service IT job you follow Best Practices and Standard P&P.
[ link to this | view in chronology ]
From your source Tim:
"Kushner's use of a private account, however, does appear to differ in degree from the former secretary of state and Democratic nominee, according to the descriptions provided Sunday."
"Fewer than a hundred emails from January through August were either sent to or returned by Mr. Kushner to colleagues in the White House from his personal email account," Kushner's lawyer Abbe Lowell said Sunday. "These usually forwarded news articles or political commentary and most often occurred when someone initiated the exchange by sending an email to his personal, rather than his White House, address. All non-personal emails were forwarded to his official address and all have been preserved in any event."
Sensitive information? Really? The sources you cited say otherwise.
Your other source (a Politico Tweet), is presenting no facts at all, and is simply making an assumption. Something that seems to be happening more and more in reporting.
Ivanka didn't use Government email, that part is true. But only because she wasn't a Government employee at the time and as such wasn't actually authorized to have one. She went on, per your sources again, to state that one of the reasons she became a Government employee was to get access to Government email so that she could protect the data. She even made sure to copy in someone that did have Government emails in the interim. I would argue she took reasonable steps.
I don't particularly like the Trump Administration either, but these stories are looking more and more like a witch hunt and less about actual facts.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
to state that one of the reasons she became a Government employee was to get access to Government email so that she could protect the data.
If she wasn't doing government work, what sort of data needed protection?
[ link to this | view in chronology ]
Re:
That's more than enough for me (a security expert with close to 40 years of experience) to compromise someone's security. It's WAY more than enough for me to compromise their privacy. And if I can do that with the limited resources that I have in my office right now at this very minute, imagine what anyone equipped with large amounts of money, a number of well-trained staff, and considerable computing resources could do.
It's not a matter of whether it's legal or not. It's not a matter of whether the content's innocuous or not. It's not a matter of whether it falls under official communication or not. It's a matter of basic opsec: when you KNOW, a priori, that you are one of the top ten most valuable targets in the country, you don't even attempt to do this...because you have absolutely no chance of succeeding.
I doubt, even with all my knowledge and experience, that I could even pull it off when faced with adversaries that are the intelligence agencies of major countries. As good as I am, and I'm damn good, I'd be hopelessly outclassed.
My best guess -- and yes, it's a guess, but it's based on a lot of expertise -- is that Kushner was compromised within minutes of the first use.
[ link to this | view in chronology ]
Re: Re:
"it's not just the tip of a much bigger iceberg."
I will concede that it may not be "all" of the truth. There may indeed be more too it that that, definitely a possibility. However; that is not what is being reported.
"My best guess -- and yes, it's a guess, but it's based on a lot of expertise -- is that Kushner was compromised within minutes of the first use."
Again; very good point. With your credentials and experience, I would defer to your judgment in casual conversation or as a consultant. However again; I would hold reporting to higher standard, some type of verifiable proof or intent to be deceitful would be warranted with this level of outrage. I just can't find it in the cited sources.
If you are going write a story accusing or "calling out" an administration for wrong-doing, I would hope that some verifiable factual information that clearly makes your case would be presented. I realize this is just a blog, and as such they are entitled to their opinion, but I've been reading Techdirt for years and years and I consider it a valid news source.
With that said, and in my opinion; The level of outrage presented in this story is not supported by the evidence from the cited sources. Feels a bit "attack" like when I'm reading it, and I think Tim and Techdirt are better than that.
[ link to this | view in chronology ]
Re: Re: Re:
That domain's located in GoDaddy's cloud, which means that it was insecure from the moment it was created.
Game over.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Besides, I was pointing out his cited sources didn't support his level of outrage. It very well may come to pass that it's warranted, but for me it wasn't at the time.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Clinton's crimes
Despite all the "lock her up" blabbering, Hillary Clinton was not charged with a crime.
Yet another unfulfilled promise of this incompetent administration.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I will concede that it may not be "all" of the truth. There may indeed be more too it that that, definitely a possibility. However; that is not what is being reported.
"My best guess -- and yes, it's a guess, but it's based on a lot of expertise -- is that Kushner was compromised within minutes of the first use."
Again; very good point. With your credentials and experience, I would defer to your judgment in casual conversation or as a consultant. However again; I would hold reporting to higher standard, some type of verifiable proof or intent to be deceitful would be warranted with this level of outrage. I just can't find it in the cited sources.
If you are going write a story accusing or "calling out" an administration for wrong-doing, I would hope that some verifiable factual information that clearly makes your case would be presented. I realize this is just a blog, and as such they are entitled to their opinion, but I've been reading Techdirt for years and years and I consider it a valid news source.
With that said, and in my opinion; The level of outrage presented in this story is not supported by the evidence from the cited sources. Feels a bit "attack" like when I'm reading it, and I think Tim and Techdirt are better than that.
[ link to this | view in chronology ]
Fake (yawn...) news
[ link to this | view in chronology ]
Re: Fake (yawn...) news
Partridge Farm remembers
[ link to this | view in chronology ]
Re: Re: Fake (yawn...) news
[ link to this | view in chronology ]
Re: Fake (yawn...) news
[ link to this | view in chronology ]
[ link to this | view in chronology ]