NSA Warned Trump Staffers Against Personal Email/Device Use; Were Ignored
from the biggest-phish dept
Blatant hypocrisy aside, the Trump Administration’s use of personal email accounts isn’t just a low-flying middle finger to public records laws. It’s also a stupidly insecure method for handling sensitive communications.
Senior adviser Jared Kushner continued to use his personal email account — albeit in a limited fashion — after taking his official position. He did this despite being warned by the nation’s professional spooks that doing so was a really bad idea. Josh Meyer reports for Politico:
The National Security Agency warned senior White House officials in classified briefings that improper use of personal cellphones and email could make them vulnerable to espionage by Russia, China, Iran and other adversaries, according to officials familiar with the briefings.
The briefings came soon after President Donald Trump was sworn into office on Jan. 20, and before some top aides, including senior adviser Jared Kushner, used their personal email and phones to conduct official White House business, as disclosed by POLITICO this week.
As noted, the NSA also cautioned against the continued use of personal devices — something that makes every admin official who still insists on using their own laptops and phones attack vectors for cybercriminals and state-sponsored attacks from unfriendly governments.
But whatever, it’s just the nation’s top intelligence experts talking. Use of personal devices and email accounts continued, despite admin staff being told to assume these were already compromised. At this point — more than six months after that cautionary meeting — it’s likely bad guys are standing in line to access cycles on admin accounts and devices.
As Meyer notes, this isn’t necessarily just a Trump administration issue. It’s something that happens with every incoming president and their crew. No one wants to give up devices and email accounts and not many of them can be immediately convinced about the level of risk.
But the point remains: when the NSA explains what could possibly happen to insecure devices and accounts, its information is coming from a place of deep personal experience (as it were):
A second former U.S. intelligence official said that the NSA briefers understand how insidious the cyberespionage campaigns can be because they conduct similar operations against others.
So, it’s not the only administration to play it fast and loose for the first several post-inauguration months. But it’s the one that will (and should) take the most heat for it. For one, evidence is being amassed showing Russian interference and influence on the election run, if not on the administration itself. For another, it’s an administration that found its way into office using Hillary Clinton’s personal email server use as a springboard. The other problem is the Trump Team has decided to throw its energy into shutting down internal leaks rather than addressing its own security holes, which means info is probably being exfiltrated to state actors with something far more nefarious in mind than leaking docs to journalists.
Filed Under: jared kushner, nsa, security
Comments on “NSA Warned Trump Staffers Against Personal Email/Device Use; Were Ignored”
To-ma-to, to-mah-to
You say “espionage,” we say “maintain open channels of communication.”
Obvious explanation
The NSA has spent years (decades?) ruining its reputation for honesty and forthrightness. At this point, anyone who’s been paying attention assumes the NSA is truthful only by accident. Given that background, why would anyone listen to anything they say, even when it’s actually good advice?
Re: Obvious explanation
The NSA shouldn’t even need to tell them anything, for exactly the same reason.
Re: Not Obvious
That alleged NSA advice (TD posted here 5thHand) is a bit confusing:
“… improper use of personal cellphones and email could make them vulnerable to espionage” + “… NSA also cautioned against the continued use of personal devices”
So which is it — “improper use” or “continued use” is BAD ?
Is ‘continued proper use’ of personal devices OK ??
How are staffers supposed to conduct “personal” business … since government devices are for ‘official use only’ ?
Are staffers expected to entirely get rid of their “personal” phones and computers ?
(What would Hillary & Debbie Wasserman do ?)
Re: Re: Not Obvious
Are you suggesting that our fearless leaders are incapable of determining which business is personal and which is governmental? Or are you suggesting that the difference is so small (corruption vs doing the peoples business) that there is no discernible difference?
Re: Re: Not Obvious
Whaaaa Her emails!!!!! You’re pathetic.
Re: Obvious explanation
I think it’s still safe to say that if the NSA says that something is insecure, they’re telling the truth. They were probably the ones that broke the security in the first place and have since lost copies of the knowledge of how to break the security to foreign hackers.
It’s when the NSA says something is secure that you have to doubt them.
Re: Re: Obvious explanation
[ Puts on tinfoil hat. ]
Maybe, or maybe that’s just what they want you to think. See, if you trust them when they tell you something is insecure, you will stop using that thing and switch to something they haven’t publicly said is insecure. But that other thing might itself be secretly insecure (with vulnerabilities known to them) and they were actually lying about the first thing (in order to get you to abandon something they can’t break and migrate to one they can). So you can’t really trust their claims about security or insecurity until you establish that they have stopped trying to obtain unauthorized access to other people’s systems and returned to their honorable mandate of securing governmental systems against unauthorized intrusion.
Excuse me, I think there’s a suspiciously unmarked van watching this place …
[ Puts tinfoil hat away, begins whistling nonchalantly, and walks out. ]
Re: Re: Re:
[…sneaks in and extracts chip from inside the hat… ;]
Re: Obvious explanation
Those of us who are (1) security experts with (2) absolutely no connection to the NSA or any other intelligence agency are saying exactly the same thing. You, for a value of “you” approaching the population of the planet, have absolutely no chance of securing your computing devices against criminal attack, let alone state-sponsored ones, unless you have considerable assistance from experts AND you learn how to operate them safely.
Chances are fair that the devices now being used by Trump administration officials were compromised BEFORE THEY EVER TOUCHED THEM. (That isn’t particularly hard to achieve if you know a lot about your targets and you have a 9-figure budget to work with.)
The question is not if. The question is by whom and who are they sharing the gathered intelligence with.
Re: Obvious explanation
So… wait. Are you legitimately asking why the heads of a particular government would trust the intelligence apparatus of that government? Because you know the standards by which most of us judge the NSA aren’t the standards by which the upper echelons do…
You know what’s weird about living in 2017? I look at that comment – as well as the Anonymous Conspiracy Theorist two comments down – and I think “Wow, I wonder if these comments are being written from a Moscow suburb.” That seems entirely plausible.
Re: Re: Obvious explanation
Re: Re: Re: Obvious explanation
Whoops looks like Ivan just outed himself.
Re: Re: Re: Obvious explanation
Seriously, WHAT ARE YOU TALKING ABOUT?
Of course I considered those other things. The DEFAULT ASSUMPTION is that you’re just some anonymous troll sitting in his mother’s basement in the US. But we live in times where it’s been shown that Russia has a great amount of resources dedicated to doing precisely this – sowing doubt and disinformation in comments forums on American websites. Thus far, I have seen no evidence Egypt – that great international superpower – has equivalent capability or interest.
The russians are behind everything? Seriously? What is up with you people?
It's only wrong when someone else does it
But their emails!
Lock them up!
They are more concerned with leaks to the public that they are to foreign countries because they view the public as a greater threat than foreign countries.
Fake News!
More fake news from the anti-Trump biased media! Sad.
Re: Fake News!
Covfefe!!
Re: Fake News!
More fake news from the anti-Trump biased media! Sad.
/s
FTFY
Re: Fake News!
Do they still pay you to post Ivan or is it bots all the way down to Red Square?
Apparently not illegal
As Comey, Lynch and the entire Democratic party has argued, it is apparently not illegal. So why the fuss? You guys made the rules now you don’t want to play by them. Maybe you should quit overlooking the sins of your party if you want to elevate the state of government.
Re: Apparently not illegal
Maybe you should quit overlooking the sins of your party if you want to elevate the state of government.
Like you are now?
Re: Re: Apparently not illegal
I knew someone would say that. No where did I say it was ok. I pointed out the left set the bar low and is now crying about it when the right does it. Since I referred to it as a sin from the left you should have easily inferred I don’t agree with it. But the left are emotional basket case unable to make intelligent discussions.
Re: Re: Re: Apparently not illegal
Maybe we should call you the label maker. Both the left and the right are guilty of playing fast and loose with the rules…when it suits them. Try leaving the labels out, up, down, left, right, liberal, conservative are all pretty much meaningless as they tend to change positions over time. Even reverse positions. In addition the new label changer of neo this or neo that or alt this or alt that are just as meaningless.
Re: Re: Re:2 Apparently not illegal
you are both right, why is there a need to get into the weeds on this?
The original point still stands, there is no reason for you to get defensive over it. Let the sycophants take their lumps!
Labels are just labels and there is a reason they are created! Getting twisted over them is every bit as problematic as over using them!
Re: Re: Re:3 Apparently not illegal
If I had a nickel for every time you said the word sycophant I could afford to buy a one way ticket to the free market paradise of your dreams.
Re: Re: Re: Apparently not illegal
I pointed out the left set the bar low and is now crying about it when the right does it.
I see. So "lock her up" was bullshit and everyone in on it knew it?
I don’t think your "argument" is making you guys look any smarter.
Re: Re: Re:2 Apparently not illegal
Your reading comprehension is extremely low. Please work on it and get back to me.
Re: Re: Re:3 Apparently not illegal
I wouldn’t attribute my reading comprehension as to why your “argument” sucks.
Re: Re: Re:4 Apparently not illegal
I would because I made no argument in favour of it. In fact my wording shows I disagree with it. I merely pointed out how ironic it was that only now it is a problem for the left. So yes, your reading comprehension sucks.
Re: Re: Re:5 Apparently not illegal
I merely pointed out how ironic it was that only now it is a problem for the left.
And I merely pointed out that if the right was so hell bent on locking her up for it, they should at least not come out now saying "what’s the big deal?" Or at least they should follow through and lock her up…promises, promises.
I’m sure that’ll come right after the check from mexico.
Re: Re: Re:6 Apparently not illegal
Nice strawman there, bringing up a new point to hide the fact you lost on the real point. I see you did it again below. So not only does your reading comprehension suck, so does your debate skills.
Re: Re: Re:7 Apparently not illegal
Actually he’s pretty much won this by pointing out that the American right was demanding that Hillary face punishment for this, then when she wasn’t punished they started doing the exact same thing. This means two possible things:
1: what Hillary did was legally fine, so this is legally fine, and the entire emails scandal was a blatant GOP snark-hunt. Thus the failure to address the legal environment that made it fine is a failure of the American right.
2: what Hillary did was not fine, so this is not fine, and the entire emails scandal was a very real threat to national security that the GOP was correct to pursue. Thus the failure to correct the not fine behaviour is the height of hypocrisy and is a failure of the American right.
Make sense?
Re: Re: Re:8 Apparently not illegal
“then when she wasn’t punished they started doing the exact same thing”
Started?
Re: Re: Re:9 Apparently not illegal
I’m giving them the benefit of the doubt. You know, the doubt that they are functioning humans who are able to accept facts like “this is de-facto State Department policy and has been since the adoption of email”.
Re: Re: Re:8 Apparently not illegal
“Make sense?”
Yes. As long as we keep in mind that Hillary kept a private email server in her bathroom and arguably mishandled classified info. Vrs these guys were just lazy (among other things). I agree the hypocrisy is there to some degree, but the level of infraction is apples and oranges.
Re: Re: Re:9 Apparently not illegal
It’s there. There’s no “to some degree” about it. This is in many ways even worse from a security perspective, and there’s plenty of time to retroactively classify everything they said in those emails too.
Re: Re: Re:7 Apparently not illegal
So again, with the “lock her up” stuff…were you guys bullshitting then, or are you bullshitting now?
Are you that obtuse to realize that your initial “point” is the strawman? Before you throw terms around like that to try and criticize me, you should take a little more introspection with your own argument.
You’re not nearly as clever as you think you are.
Re: Apparently not illegal
Yeah, I made all those rules – all by myself
Re: Apparently not illegal
Because Illegal is not the only standard by which we measure wrongdoing. Hypocrisy is also a measure. I defended Hillary’s use of a private email server as not criminal and not worthy of prosecution due to the sepecific circumstances, but also noted that it was a bad solution to her concerns.
The issues with the Trump administration are that A) Trump and his campaign made a major issue of the problems with Hillary’s email use, so they explicitly think its a problem. B) The biggest problem with Hillary’s server in the eyes of her supporters was information classified ‘after-the-fact’, something that the Trump Administration also cant control, so official use has the same issues as it did with Hillary.
Re: Re: Apparently not illegal
“Hypocrisy is also a measure.”
So umm… you do realize what hypocrisy means right?
” I defended Hillary’s use of a private email server as not criminal and not worthy of prosecution due to the sepecific circumstances, but also noted that it was a bad solution to her concerns.”
According to yourself, you should hold the same standard for Trump, even if he is being a hypocrite too.
My solution is to burn all of you hypocrites at the voting booth.
No member of Government should be allowed to use private emails for government work, period. Nail their fucking asses to the walls, there are people in jail for fucking less!
Re: Re: Re: Apparently not illegal
Leftist and hypocrite are synonymous. I can’t believe Timmy even wrote this article. He defended Hillary and only now cries foul. As u started earlier, you let your ‘side’ skirt the law, you can’t complain when the other side does it. I don’t support his use of it but I do find it funny that Timmy wrote the article like the left didn’t just do this and get off work out even a slap in the wrist
Re: Re: Re:2 Apparently not illegal
Leftist and hypocrite are synonymous.
Like when the left was chanting "lock her up?"
Was that what you were referring to?
Tell me…now that the big orange tard is in office, and staffed the department of justice, why isn’t he following through on that?
You’re saying the left is being hypocritical, but I’m not aware of any movement to following through on that promise either.
Re: Re: Re:3 Apparently not illegal
Why is everyone who disagrees with the Far Right a leftist?
Re: Re: Re:2 Apparently not illegal
“Leftist and hypocrite are synonymous”
Can’t see the forest for the trees?
Re: Apparently not illegal
But her emails!!!!
When Trump leads with an I am in charge, and what I say goes attitude, why would the team listen to anyone trying to give them guidance, or telling them what the law is?
Why doesn’t the NSA tell them to forward all mail to their government mail (and give them a few extra addresses)
Government is About P&P Unless You're Big Enough to Ignore It
A government employee HAS to abide by the Administrative Code set for them by Policy and Procedure. (I don’t even know how many volumes of US Administrative Code there are, hundreds, maybe thousands.) That is the bottom line. The only way you can avoid obedience to the P&P is if you’ve got enough clout to ignore it. (Which Hillary did, and Trump staffers are doing.)
I’ve seen this first hand. If you’re in IT it happens all the time. Some government Big Shot wants to buck the rules.
But the flip side issue is that the government servers are only so secure (partly because of Big Shots not following best practices). IT can only do so much on the budget they are given and the stupid work-arounds to Best Practices.
The bottom line is no mail server (Public or private) can be made 100% bullet-proof. Hackers will get in. But to save your Public service IT job you follow Best Practices and Standard P&P.
“It’s also a stupidly insecure method for handling sensitive communications. “
From your source Tim:
“Kushner’s use of a private account, however, does appear to differ in degree from the former secretary of state and Democratic nominee, according to the descriptions provided Sunday.”
“Fewer than a hundred emails from January through August were either sent to or returned by Mr. Kushner to colleagues in the White House from his personal email account,” Kushner’s lawyer Abbe Lowell said Sunday. “These usually forwarded news articles or political commentary and most often occurred when someone initiated the exchange by sending an email to his personal, rather than his White House, address. All non-personal emails were forwarded to his official address and all have been preserved in any event.”
Sensitive information? Really? The sources you cited say otherwise.
Your other source (a Politico Tweet), is presenting no facts at all, and is simply making an assumption. Something that seems to be happening more and more in reporting.
Ivanka didn’t use Government email, that part is true. But only because she wasn’t a Government employee at the time and as such wasn’t actually authorized to have one. She went on, per your sources again, to state that one of the reasons she became a Government employee was to get access to Government email so that she could protect the data. She even made sure to copy in someone that did have Government emails in the interim. I would argue she took reasonable steps.
I don’t particularly like the Trump Administration either, but these stories are looking more and more like a witch hunt and less about actual facts.
Re: Re:
Part for the leftist course. Long on rage and lies, short on facts.
Re: Re: Re:
“Leftist” does not mean “People who criticise Trump.”
Re: Re: Re: Re:
It’s just another label to use on those one disagrees with, labels are much easier than constructing a well thought out series of sentences to express one’s thoughts.
Re: Re:
to state that one of the reasons she became a Government employee was to get access to Government email so that she could protect the data.
If she wasn’t doing government work, what sort of data needed protection?
Re: Re:
Let’s assume, for the sake of argument, that everything you wrote here is true and that it’s all of the truth — that is, it’s not just the tip of a much bigger iceberg.
That’s more than enough for me (a security expert with close to 40 years of experience) to compromise someone’s security. It’s WAY more than enough for me to compromise their privacy. And if I can do that with the limited resources that I have in my office right now at this very minute, imagine what anyone equipped with large amounts of money, a number of well-trained staff, and considerable computing resources could do.
It’s not a matter of whether it’s legal or not. It’s not a matter of whether the content’s innocuous or not. It’s not a matter of whether it falls under official communication or not. It’s a matter of basic opsec: when you KNOW, a priori, that you are one of the top ten most valuable targets in the country, you don’t even attempt to do this…because you have absolutely no chance of succeeding.
I doubt, even with all my knowledge and experience, that I could even pull it off when faced with adversaries that are the intelligence agencies of major countries. As good as I am, and I’m damn good, I’d be hopelessly outclassed.
My best guess — and yes, it’s a guess, but it’s based on a lot of expertise — is that Kushner was compromised within minutes of the first use.
Re: Re: Re:
“Comment held for moderation”…. Maybe my VPN?
“it’s not just the tip of a much bigger iceberg.”
I will concede that it may not be “all” of the truth. There may indeed be more too it that that, definitely a possibility. However; that is not what is being reported.
“My best guess — and yes, it’s a guess, but it’s based on a lot of expertise — is that Kushner was compromised within minutes of the first use.”
Again; very good point. With your credentials and experience, I would defer to your judgment in casual conversation or as a consultant. However again; I would hold reporting to higher standard, some type of verifiable proof or intent to be deceitful would be warranted with this level of outrage. I just can’t find it in the cited sources.
If you are going write a story accusing or “calling out” an administration for wrong-doing, I would hope that some verifiable factual information that clearly makes your case would be presented. I realize this is just a blog, and as such they are entitled to their opinion, but I’ve been reading Techdirt for years and years and I consider it a valid news source.
With that said, and in my opinion; The level of outrage presented in this story is not supported by the evidence from the cited sources. Feels a bit “attack” like when I’m reading it, and I think Tim and Techdirt are better than that.
Re: Re: Re: Re:
So it turns out that more news broke overnight and that this WAS only the tip of the iceberg: http://www.politico.com/story/2017/10/02/jared-kushner-email-account-white-house-243389
That domain’s located in GoDaddy’s cloud, which means that it was insecure from the moment it was created.
Game over.
Re: Re: Re:2 Re:
When we find out someone broke/is accused of breaking the law, then it’s going to get interesting. If as Tim suggests, it comes to pass that they did mishandle “sensitive communications.”, then I’ll get my torch out and join the mob, not before.
Besides, I was pointing out his cited sources didn’t support his level of outrage. It very well may come to pass that it’s warranted, but for me it wasn’t at the time.
Don’t try to equate this in any way with Clinton’s crimes. You just make yourself look stupid, and you’re a tech and law site, dammit.
Re: Re:
Clinton’s crimes
Despite all the "lock her up" blabbering, Hillary Clinton was not charged with a crime.
Yet another unfulfilled promise of this incompetent administration.
Re: Re:
Well you tried, pathetically and poorly, but you did try to make a point.
“it’s not just the tip of a much bigger iceberg.”
I will concede that it may not be “all” of the truth. There may indeed be more too it that that, definitely a possibility. However; that is not what is being reported.
“My best guess — and yes, it’s a guess, but it’s based on a lot of expertise — is that Kushner was compromised within minutes of the first use.”
Again; very good point. With your credentials and experience, I would defer to your judgment in casual conversation or as a consultant. However again; I would hold reporting to higher standard, some type of verifiable proof or intent to be deceitful would be warranted with this level of outrage. I just can’t find it in the cited sources.
If you are going write a story accusing or “calling out” an administration for wrong-doing, I would hope that some verifiable factual information that clearly makes your case would be presented. I realize this is just a blog, and as such they are entitled to their opinion, but I’ve been reading Techdirt for years and years and I consider it a valid news source.
With that said, and in my opinion; The level of outrage presented in this story is not supported by the evidence from the cited sources. Feels a bit “attack” like when I’m reading it, and I think Tim and Techdirt are better than that.
Fake (yawn...) news
Anti-American spies have compromised “official” communications. That said, when WH wants enemies to know something, they’ll surely use Democrat-controlled media.
Re: Fake (yawn...) news
Remember when Obama controlled the weather?
Partridge Farm remembers
Re: Re: Fake (yawn...) news
spell checker does not however
Re: Fake (yawn...) news
But Air America went bankrupt and Al Gore sold Current TV to Al Jazeera.
Surely NSA talk out of experience (they illegally spy people), but they can be deceiving those officials.