Where is (or was) the Clinton e-mail server?

| March 6, 2015

[UPDATE 03/10/15 0826 MDT]

Besides coming to the conclusion (for now, at least) that Confluence Networks is a dead-end, I also have a new post up in which someone with actual government experience setting up secure e-mail servers weighs in on the physical security of the Clinton e-mail server.

[END UPDATE]

In my prior post on the expanding clintonemail.com story, I indicated that domain analysis tools did not suggest that the Clinton e-mail server was being run out of a private residence. I have yet to find any news story that independently confirms the initial AP report, which itself appears to be based more on registration records for a particular static IP address (24.187.234.187) than actual evidence of the existence and location of a physical server. While those records contain the Clintons’ home address and the name ‘Eric Hoteham’, they don’t prove that this static IP address was ever in use at their home: one should not confuse a point-of-contact address with the actual location.

Instead, what I found was strong evidence that clintonemail.com was being hosted by two successive commercial web-hosting firm:

hosting1

The first IP address (209.62.20.200) is associated the ThePlanet.com, now known as SoftLayer and acquired by IBM a few years back. The second IP address (208.91.197.27) is associated with Confluence Networks, a hosting firm of very, very dubious provenance and management, to say the least.

On getting up this morning, I read this (excellent) article on the Fox News website, in which some hackers showed that there were multiple e-mail accounts for Hillary Clinton on the clintonemail.com. domain. The important — and rather significant — findings?

A screen grab of The Harvester’s findings provided to Fox News by the source in the hacker community – whose professional resume also boasts extensive experience in the U.S. intelligence community – lists rather similar, but nonetheless different, email addresses, including hdr@clintonemail.com, hdr18@clintonemail.com, hdr19@clintonemail.com, hdr20@clintonemail.com, and hdr21@clintonemail.com.

Also unearthed by the hacking tool were email addresses of a slightly varied structure, including h.clinton@clintonemail.com, Hillary@clintonemail.com, contact@clintonemail.com, and mau_suit@clintonemail.com.

This has significant implications for Congressional subpoenas and FOIA requests, as well as for determining the completeness of the “50,000 pages” of e-mails provided to the State Department by Clinton. It also strongly suggests an intent to partition, manage, and perhaps obscure e-mail communications.

When the article first went up, it had a static screen shot with the actual results from the hacking tool used.

theharvester_clintonemail.com

And when I looked closely at the screen shot, I saw that it was checking for clintonemail.com at a specific IP address: 208.91.197.27.

[UPDATE 03/09/15 1826 MDT]

As noted in this new story by James Rosen at Fox News, I have had indirect communications with the person who ran the utility above. S/he informed me that the IP address was retrieved by the Harvester from the same internet sources as, say, DomainTools, and that it had nothing to do with the subsequent tracking down of e-mail addresses. As for now, I am considering Confluence Networks to be a dead end; however, I am leaving the discussion below unchanged for historical reasons.

[END UPDATE]

That’s the IP address associated with Confluence Networks. 

hosting3

Most articles just take the word of the original AP article that the clintonemail.com e-mail server was physically located at the Clinton Chappaqua home, even though AP has never provided any specific supporting evidence for that, and no other news organization appears to have confirmed that independently. Furthermore, as far as I can tell, Clinton associates have never confirmed or denied the actual existence of a dedicated e-mail server hosting clintonemail.com at the Clinton home. It has been the media that has simply assumed the AP story to be accurate and has moved on from there.

We now have to consider the following possibilities for the physical location of the clintonemail.com e-mail server:

  • It was, in fact, located in the Clinton home in Chappaqua, though no evidence has been provide that it was.
  • It was located in a private office somewhere near Chappaqua, although again there is no evidence to that extent.
  • It was hosted by an external hosting firm — based on network records, first at ThePlanet.com and then at Confluence Networks. As pointed out in my prior article, in both cases, there are strong indications that the actual hardware would be in Texas.

There are strong security issues for all the solutions, as this likewise excellent Gawker article points out. But let me add a few more.

  • If the e-mail server was really located in the Clinton Chappaqua home, was it left as a stand-alone server, or did anyone ever use it as a regular PC: reading e-mails, browsing the web, etc.? If the latter, then you have the very real possibility of malware being installed on the e-mail server itself.
  • If the e-mail server was hosted in a private office somewhere, then it would need round the clock physical security. Who would provide that? The Secret Service? The State Department? Private contractors?
  • If the e-mail server was hosted by an external hosting firm, then you have lost physical control of the server itself and have to depend upon the server farm facilities and operators to provide security.

As has been pointed out by myself and others, the existence of clintonemail.com was divulged no later than March 2013, when the Guccifer documents were leaked — but since Clinton used this e-mail address exclusively at State, there is a very good chance that foreign intelligence agencies became aware of it very quickly. Given what news sources and private technical resources have found just in a few days, you would have to assume that foreign governments would find all this and more in very short order.

And if the server was physically hosted in an industrial park somewhere in Texas (which matches another address associated with Confluence Networks), I’m willing to bet they could find their way in, particularly given that they had a few years to do so.

So, once again, we’re back to a critical question: where was the Clinton e-mail server physically located?

This is a question whose answer is, quite literally, a matter of national security.

[UPDATE 03/07/15 0815 MST]

Confluence Networks has responded — full text of e-mail here.

[END UPDATE]

[Here are all posts related to the Clinton e-mail issue.]

Be Sociable, Share!

Category: 2016 Election, Clinton E-mails, Information Technology, Intelligence, Pitfalls

About the Author ()

Webster is Principal and Founder at Bruce F. Webster & Associates, as well as an Adjunct Professor of Computer Science at Brigham Young University. He works with organizations to help them with troubled or failed information technology (IT) projects. He has also worked in several dozen legal cases as a consultant and as a testifying expert, both in the United States and Japan. He can be reached at bwebster@bfwa.com, or you can follow him on Twitter as @bfwebster.

Comments (15)

Trackback URL | Comments RSS Feed

Sites That Link to this Post

  1. Curiouser and curiouser…. [MAJOR UPDATE] : And Still I Persist… | March 6, 2015
  2. Rabbit Hole News: State Dept’s Private Email Usage Policy, Plus Attn: State/OIG – Firecracker Coming Your Way « Diplopundit | March 6, 2015
  3. Clarice Feldman At American Thinker On clintonemail@com | YouViewed/Editorial | March 8, 2015
  4. Feldman: Benghazibabeatclintonemaildotcom (2) | Jack's Newswatch | March 9, 2015
  5. THE CLINTON EMAILS Could server's location have put national security at risk? | Country Connections | March 9, 2015
  6. Mystery location of Clinton email server seen as ‘matter of national security’ | March 9, 2015
  7. Mystery location of Clinton email server seen as ‘matter of national security’ | Conservative News | March 9, 2015
  8. Could location of Clinton’s email server have put national security at risk? | Trending Topic | March 9, 2015
  9. Confluence Network responds [UPDATED] : And Still I Persist… | March 9, 2015
  10. Mystery location of Clinton email server seen as 'matter of national security' - AllNews24 | March 9, 2015
  11. Notes on the Clinton email server for the technical audience | March 10, 2015
  12. Mystery location of Clinton email server seen as ‘matter of national security’ - Nfostation.com | March 10, 2015
  13. Physical security of the Clinton e-mail sever : And Still I Persist… | March 10, 2015
  14. Mystery location of Clinton email server seen as ‘matter of national security’ – Fox News | Expert fishing store | March 10, 2015
  15. No, we still don’t know where the Clinton server is, was, has been : And Still I Persist… | March 12, 2015