Article Lead Image

Gage Skidmore / Flickr Max Fleishman

Did this famous Romanian hacker really breach Hillary Clinton’s email server?

Time to dust off that April Fools' Day skepticism about the news.

 

Patrick Howell O'Neill

Tech

Posted on May 5, 2016   Updated on May 26, 2021, 8:16 pm CDT

You may have seen this headline blare across Fox News: Hillary Clinton‘s email server was hacked.

The Romanian hacker known as Guccifer, real name Marcel Lehel Lazar, told Fox News and NBC News that “it was easy” for him and everyone else to repeatedly hack into Clinton’s email server in 2013. 

Lazar is currently in FBI custody in Bucharest awaiting trial for hacking charges.

Guccifer offered precious little proof, according to what’s been published so far, either in documentation or even a detailed description of how the feat was accomplished. In the past, Guccifer has released secret information to the public following his hacks—and this one is now three years old.

The FBI, which is investigating the Democratic presidential front-runner’s use of a private email server during her time as secretary of state, has said they’ve found no evidence of a breach on the server. The Clinton campaign echoes that sentiment.

It doesn’t matter: Headline news.

Fox News

Neither Fox News or NBC could verify Guccifer’s claims, probably because it is unverifiable as it currently stands. The Clinton campaign denied the claim entirely:“There is absolutely no basis to believe the claims made by this criminal from his prison cell,” the campaign said in a statement to the media. “In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton’s server are inaccurate. It is unfathomable that he would have gained access to her emails and not leaked them the way he did to his other victims.”

Here’s the process Guccifer described.

First, he allegedly found and compromised Clinton confidant Sidney Blumenthal’s AOL account in March 2013 by guessing his security question.

Once inside, Lazar said, he spotted dozens of emails from Clinton, which included her server’s email address. Using “proxy servers in Russia,” Guccifer targeted the Clinton campaign with IP scanners, which essentially look at a server but do not breach it, and then… what?

He names a few port scanning tools but not which one actually was utilized.

“Which is it, he said those are the tools used, or he just named random programs with cool sounding names, but no one knows what they are or how they work?” security journalist Steve Ragan asked

“Here’s a hint, aside from establishing that a server exists, what ports are open, and possibly capturing traffic coming from the server itself, none of the tools listed would allow Lazar to break into your email server.”

Once allegedly inside, the emails bored Lazar and he accessed them only twice. That’s strange, given how at the same time in 2013 he was releasing emails containing photos of former President George W. Bush‘s paintings. 

Was there absolutely nothing in the years-old email account of Hillary Clinton worth looking into? That seems unlikely: When Lazar did successfully break into a Clinton aide’s emails, he leaked emails involving the former secretary of state.

So why would breaking into Clinton’s actual email server yield nothing from the notorious leaker?

Who knows? But it could be because he was never inside.

Share this article
*First Published: May 5, 2016, 1:10 pm CDT