Did Clinton Cause Benghazi? The Unaddressed Problem With Her Unsecured Email Server

The latest report on Benghazi found no new evidence of Clinton misbehavior with regard to the disastrous attack on the Benghazi mission.  However, an unsecured email server without tracking not only would provide easily accessible information on anything the State department was involved with, it could also provide a hostile entity with virtually everything they would need to perform a phishing attack on virtually anyone in government.  Could it have outed this mission as a secret CIA site, which it was, and then caused the attack in the first place?  What the CIA was doing has yet to be fully disclosed and, I’ll bet, any email between Clinton and the CIA on CIA servers was not provided to the FBI because of the extreme secrecy of this effort. 

An email exchange that has been disclosed clearly showcased State knew of the danger, but more important, it showcased the mission was under-protected making it an easy and relatively safe target.  And the CIA part made it a particularly attractive one. 

Given what we now know about Clinton’s email server it seems likely that information pulled from it clearly put the nation at risk and the information on it would have made Benghazi a target had it been known by Libyan forces.  Thanks to the lack of tracking the only way to prove this is if we somehow got access to the trigger for the attack. 

Now it is interesting to note that while the cause for the attack was falsely blamed on a video entitled the “Innocence of Muslims” captured suspect Ahmed Abu Khattala stated that it was likely as a misdirection from what the real cause, likely to protect the actual trigger.   This is unusual, follow along, the administration created a false story as to the cause of the event, and the guy captured blesses this known false story.  That would certainly indicate something is rotten in Denmark, or in the Obama administration. 

The Big Problem With Clinton’s Email Server

If you watch the initial FBI disclosure, by the way this is some of the best wordsmithing I’ve ever seen, it is initially pretty harsh.  Not only was Clinton repeatedly caught in a lie about information marked confidential she was found to have also lying about the nature of the information that wasn’t classified.  As anyone in security knows it isn’t the classification that makes something secret it is the nature of the information.  For instance, if you got a document laying out the method for assassinating a world leader and you gave it to the press because it didn’t have a classification on it you’d still go to prison.  And, according to the FBI, Clinton clearly knew this, but we wouldn’t need to take their word for it, she is a professional politician.  

But the big problem here is that server was a massive security hole not just into Clinton’s email but into anyone she corresponded with using it public or private.  There was no tracking and because the server was in her control she could eliminate records on the server.  Granted if messages were then found on other servers which didn’t correspond to records on her own server this could be identify the problem.  Though, it should be noted, that during the FBI disclosure they did seem to say that was exactly what they found just nothing particularly damning. 

However, reconstructing an email server by looking at other servers is anything but comprehensive because you may not look where the email is (it is doubtful they scanned every government server) and you may not have access to highly secure servers to scan.  I’m pretty sure the CIA and NSA wouldn’t let the FBI scan all of their email servers for instance.  And, in this instance, it is a CIA server that would likely hold the conversation deleted off the Clinton server that could be the Benghazi trigger.

A Hole Drilled Through US Security

So you have an unsecured gateway into virtually all of the information the government holds, either directly or through phishing attacks, no way to determine if the information was compromised let alone what information and by whom and you have an attack on a poorly protected diplomatic mission which was also a front for the CIA.  You should at least wonder if that server outed the CIA mission which then resulted in its elimination.   Everything else was collateral damage or an attempt to cover up the cause of the attack. 

You’d always treat this level of breach as if a crime had occurred because you’d want to send a message that this kind of behavior is unacceptable.  A security breach at this level could literally mean the difference in a war between winning and losing.   In fact, it could cause the war in the first place bringing into focus the strange FBI recommendation that was worded, not at an FBI recommendation, but as something the Attorney General dictated.  (Which apparently came after she met with Bill Clinton and may have been assured she’d keep her job under a new Clinton administration).  This so smells to high heaven. 

Wrapping Up: 

Back when I was leading a field audit team, in fact it was the first time I led the team, I missed an active embezzlement in an audit.  Now we did catch and report it was possible and nothing we sampled identified an actual ongoing crime.  I was very distraught because I felt I’d let my team an organization down and my boss sat me down and explained the following. 

We simply didn’t have the resources to audit to a level that could catch crimes all we could do is showcase the potential and demand the holes be plugged.  I’d done that and I, my team, and my organization were actually rewarded because our findings that the site wasn’t properly protected were confirmed, not invalidated, by the subsequent discovery of a crime. 

What the FBI reported was evidence that crimes could have been committed, and actually evidence that laws were broken, but because of the lack of tracking and the ability of the server owner to eliminate evidence, you can’t say that because you didn’t find anything nothing existed.  You can only say a breach was likely (granted he said possible) but you’d likely also highlight what the result of such a breach might be.  And, it might have been Benghazi.  No wonder Snowden is pissed

Now I do agree with this piece, generally in cases like this in the commercial world the person responsible is fired and their security clearance is permanently revoked.  However, in no instance, would you then make them President. 

Maybe it’s time to reconsider Sanders. 

Something to noodle on this weekend.