Damn, you'd think that someone at that level would pay for better OPSEC support. But then, I guess that I'm not surprised. Blackberry does have a reputation, not at all deserved at this point. I'm pretty sure that the President's phone is just as poorly secured. Probably less, from what I've read.
This issue is huge in politics. The entire Clinton personal e-mail scandal was essentially her unwilling to give up her BlackBerry, something Obama was unwilling to give up too. These people learned how to use some technology decades ago, and will continue using it no matter what other issues it causes.
A dominant player, yet Obama needed a special highly modified version to securely access the White House network. A huge amount of work to keep using what he was comfortable with.
Which makes complete sense. He is the most powerful individual in a country of 300+ million people. If he needs a certain thing to keep him operating at peak efficiency and focus, he gets that thing. Period. Unless it violates national security.
Being elected president is not the time to learn a new technology suite. Hopefully most presidents have better things to do with their time than that.
At that level your people have people who have people to deal with that kind of minutiae.
>Being elected president is not the time to learn a new technology suite. Hopefully most presidents have better things to do with their time than that.
At what level does this stop being a waste of time for the person?
I'm not suggesting Obama should have been forced to change, but every else in his administration was forced to change. There's some serious clashing between the need for secure devices and the reluctance to change from old technology.
I think it's fair to ask what the secure alternative platform was. I wouldn't be surprised if it was five years out of date and barely functional. I think the President ought to be able to say "this is crap, improve it".
Hopefully your people's people's people don't interpret "setup e-mail for Mrs. Clinton to use on her Blackberry" as "setup an e-mail server on Mrs. Clinton's existing hardware and configure it on her Blackberrry."
Was there another smartphone platform he could have used at the time that would have been less work to secure? A secure smartphone for the President seems well worth the effort.
I don't know what their preferred phone was at the time, but they were unwilling to go through the same effort for the Secretary of State, instead offering her a choice of non-BlackBerry phones.
This is likely because his modified BlackBerry was a one-off project suited to his security requirements.
My understanding is that internal hardware was removed/shielded, and I assume software modifications were made as well, like only connecting to specific cellular base stations (such as the one in his official vehicle).
I think the importance of this cannot be understated. The Secretary of State is a nexus of not only extremely sensitive information, but of extremely sensitive information in motion which is also in overseas locations more often than not. If I were into tradecraft, I'd be much more likely to target the Secretary of State than the President for access to (relevant, valuable) sensitive information.
Thanks for that. I had come across some of Seneca's writing before, while researching / reading about Stoicism, but hadn't come across this specific text, that I recall.
> The entire Clinton personal e-mail scandal was essentially her unwilling to give up her BlackBerry
The main scandal was her violating FOIA. There were some additional security concerns, but her running on a platform of undoing civil rights era legislation was the bigger issue.
FOIA is civil rights legislation from 1967. Clinton's entire campaign was based around the premise of rolling back those sorts of civil rights era protections, which is why she didn't turn over her email to the state department as was required by law.
No, she destroyed devices, used Bleachbit to delete evidence and they still found ~ 70 secret and top secret emails on her server. There is also evidence of a cover-up. The Russia narrative is also bogus in the case of the DNC hack they even refused to give the server to the FBI.
Just a question. Who would they pay? I know a few people I might pay for that but only incidentally & I’ve worked in tech. for 20 years.
Where would an average though maybe high priced attorney go to get advice other than “use signal & WhatsApp” if they knew they needed protection from a federal investigation?
I'm probably able to give this kind of advice myself but I certainly know a few C-levels at public companies listed on Eurostoxx 50 that don't have the proper digital practices
I have more than a couple times witnessed and thought "are you actually exchanging highly sensitive information with your board while using an open wifi in the same room as 5 of your direct competitiors, their staff and 1k random guys like me?"
They can ask legal or IT but either way it will end up being a project relegated on a larger roadmap and will not be properly implemented in a timely manner.
I guess what I'm looking for is a piece written by a reputable source (from their POV) such as Bloomberg or the WSJ. Any ideas?
Name one company you could call up and ask “hey I’m doing some dirt that might get me inestigated by the feds, can you secure my comms?” And they’d say yes.
Now name one that an average attorney could find.
I’m not picking on you, I’m serious. I have a couple of people I might ask, but if expect most of them to say “no thanks”
>>Name one company you could call up and ask “hey I’m doing some dirt that might get me inestigated by the feds, can you secure my comms?” And they’d say yes.
No, "I'm doing sensitive work for a huge company and we fear that hackers are trying to penetrate our network and devices." How many would say yes now? Until the raid he was a big shot...and the personal "lawyer" to Trump.
I suppose we are now very much into personal bias.
Mine suggests that until very recently working as a personal lawyer for a reality star & planning for the “normal” security concerns therein wouldn’t be something high end firms would do (nor things lawyers would ask for) as a matter of course.
Remember by the time the feds come knocking it’s too late.
OK, his client was a reality star. But now he's working for a controversial president. Who's under investigation by various agencies, probably including rogue elements of the NSA.
So is it any surprise that he'd be targeted?
If there aren't security firms that handle stuff like that, isn't that quite the market opportunity? From what I know, one would start with an iPhone. And then tweak for known fails. Buy the various hacking services/systems, and test against them. Not cheap, I know. And not easily doable without connections. But hey, better safe than sorry.
Leave bias aside for a second: Trump (before election) is a high profile person, he does have a huge business with hundreds /thousands of employees and is worth at least billions. To want security is not just normal but a super smart move. If they pay, why wouldn't the top OPSEC companies tell them how to secure their devices?
The billions number has always been in dispute, but I’m not suggesting he couldn’t pay some hypothetical person. I’m suggesting his roladex doesn’t have a specific person to call to do this & without this how do you get it done?
I disagree with the assertion that reading gets the job done. He was using signal. He read something about encrypted messaging.
When the feds came calling it wasn’t enough. You need highly specialized skills.
He's a braggart and not a great businessman considering the head-start he had, IMO, but that is irrelevant. Whether he has $3 billion or $10 Billion, he's still super rich, private jet rich for life. Even his children can sit by a beach house or two and live like kings for the rest of their lives.
>>I disagree with the assertion that reading gets the job done. He was using signal. He read something about encrypted messaging.
Signal message: "Joe, I'm sending a message so open Whatsapp and let me know when you're online...."
"OK, time to kill Jimmy. The rest of the money will be there tomorrow."
There was literally a company dedicated to exactly that got busted for exactly that. I am honestly too lazy to provide a reference on this Saturday morning, but you could have contacted them with: "hey I need secure communication about large quantities of cocaine/mdma/meth smuggling, what do you have that can help with that"
Numerous people in that company outright went on the lamb. This happened extremely recently and the sinola cartel and Australian biker gangs were among their clients.
It was covered on risky.biz podcast
Edit: the Canadians actually did ask them about secure communication for cocaine smuggling
>>Damn, you'd think that someone at that level would pay for better OPSEC support
I think that he thought himself as untouchable and neglected it. Maybe dodged so many bullets over the years.
Question for HN: did the FBI break the Signal encryption or just managed to open his device to find all the messages there? Maybe sensitive messages need to be deleted.
> did the FBI break the Signal encryption or just managed to open his device to find all the messages there? Maybe sensitive messages need to be deleted.
I’m also interested in the answer to this question. From my layman’s understanding I see Signal as the most secure messaging solution out of the box, followed by WhatsApp but only if (and it’s a very big if) you don’t plan to do something that might raise the interest of a US 3-letter agency (i.e. you can use WhatsApp for random political corruption cases in European countries, like the politicians from my country do, but it’s not safe to use it if you plan to actively cross the interests of those 3-letter agencies). Telegram I also see as compromised by the Russian secret services, ignoring all the recent public brouhaha.
If anyone more knowledgeable has other views on this please feel free to correct me.
Based on the article it seems like the messages were recovered from the local copy stored in the device. Arguably (at least, this is my understanding of OWS's stance on the issue) Signal only really claims to protect in-transit communications. Once the message reaches the recipient, it is up to that individual to secure the local copies of the messages. Signal does have an option to encrypt the local copies, but FDE is the ideal for that
Which level was Michael Cohen at? From a career perspective he was an ambulance chaser (involved with a number of fraudulent car crash claims) with shady, Saul Goodman "back of the nail salon" style offices. Then he purportedly helped a reality star pay off people.
My point, I suppose, is that normally the associates of the president would be upstanding individuals who had achieved heights. In this case, as with many of DJTs associates, it is anything but that.
