A cybersecurity playbook for political campaigns


Originally published at: https://boingboing.net/2017/12/04/defending-digital-democracy-2.html


I’m glad this has been published. Unfortunately, control-freak candidates too often prioritise the political loyalty of an IT staffer over his competence. A case in point is the moron who maintained Clinton’s home e-mail server (formerly Bill’s Pornbot 5000 machine). If she’d hired someone halfway decent we wouldn’t still be hearing the tiresome “but her e-mails…” excuse from the Republicans to distract from the regime’s depredations.


2a: encrypt the hell out of anything you put into the cloud on somebody else’ computer.


Meanwhile in Westminster, meet Will Quince MP:


As I liked to bring up to the 6 sigma guys who were like we can improve our numbers with process improvement… Yes but only so much cause you can’t fix stupid.


4a. change all your passwords at least once a week

(I keed!)


Yeah… that right there is the headache of every IT admin everywhere. Jesus wept. I’m glad to see him being thoroughly taken apart in the replies though. No wonder awful, draconian legislation like the investigatory powers act swept through parliament with virtually no opposition, these people can’t even grasp the basics.


It’s very unfair to call him a “moron.” Do you think someone halfway decent could convince the Secretary of State to not use a personal server instead of State’s for State business (leaving aside the fact that it’s known that State’s servers were hacked but there’s no evidence that this home email server was)?


I read the highlights of the FBI report on the state of security on that server. Any IT person reading it can only conclude Bryan Pagliano is a moron in the context of IT. My 15-year-old nephew could have done a better job securing that machine and connection.

The homebrew server had no encryption safeguards, poor security patching, badly configured firewalls, RDP left on default port, was run on a residential connection, etc. It was subject to multiple hacking attempts (including one successful one via Tor) requiring repeated shutdowns. A competent IT person who’s serious about sensitive information does not allow that to happen. There’s a reason Pagliano took the 5th during questioning by Congress and later co-operated with the Justice Dept in exchange for immunity.

As for Clinton, I doubt that anyone could have convinced her to use the State Dept server because of her personality and paranoia (some of it justified). A competent person could have mitigated the damage, but loyalty is more important than technical ability when politicians and executives like Clinton hire IT people.


This topic was automatically closed after 5 days. New replies are no longer allowed.