True Pundit

Featured Politics Security

Hillary Clinton IT Guru Posted Server’s Security Keys to Public, Opening Door for Hackers to Access Emails

FOLLOW US!
Follow on FacebookFollow on Twitter

[ditty_news_ticker id=”25027″]

A computer specialist who maintained Hillary Clinton’s private email server divulged sensitive  security information on a public web forum, opening the door for hackers to easily access the former secretary of state’s emails.

Paul Combetta of Denver-based Platte River Networks posted Clinton’s proprietary IP address on a reddit.com web forum, soliciting help from clandestine IT specialists to help fix security patches on Clinton’s email server. According to one such post, obtained by True Pundit, Combetta divulged publicly that the secure socket layer encryption that protects the data from intrusion was not functioning. In an effort to have other IT specialists ping the server to try and troubleshoot the security holes, Combetta publicly provided Clinton’s coveted IP address.

In one particularly damaging forum post, Combetta in 2014 writing under the screen name “stonetear,” shared Clinton’s private server information with reddit user “Afroman” thanking him for his help and acknowledged the server was wide open to hackers. In the process, Combetta gave up Clinton’s IP address by publishing pings to the box for every would-be hacker to see and use.

csw4766xyaakel4
Full transcript of this archived reddit.com post can be read here.

Social media users and sleuths were busy combing Combetta’s reddit.com posts Monday and early Tuesday after True Pundit’s story went national. One user with an obvious IT background likewise recognized Combetta had opened the door to Clinton’s server by posting a 2015 forum entry from the Platte River employee.

https://twitter.com/ANONAMERICANHQ/status/778024984530812928

Yesterday, Combetta deleted the above web conversations from reddit.com after True Pundit broke a news story detailing how Hillary Clinton and her aides directed Platte River Networks to systematically alter, fabricate and forge emails to protect her communications from being “exposed to anyone.” The request was so unusual, complex, and likely illegal that Combetta had to turn to other IT gurus on reddit.com for a solution to try to satisfy Clinton’s demand.

Complying with such request would violate a host of federal criminal statutes of falsifying and altering federal records. Even Clinton directing Platte River to implement such a scheme likewise violates a number of federal criminal laws.

Hours after the story was published an analysis by True Pundit determined Combetta had deleted all posts and messages from his “stonetear” reddit.com account, including the smoking-gun correspondences detailed in the original expose. True Pundit, however, warehoused many of the posts in case they were deleted from the web site.

After publication, the True Pundit story went national with many larger news sites promoting the story as their own.

Combetta is also accused of deleting an untold number Clinton’s emails despite orders from Congress to preserve them. Platte River’s destruction of these emails followed months of warnings from by the House Select Committee on Benghazi to obtain them. The house select committee likewise instructed Clinton’s attorney David Kendall on Dec. 2, 2014, to retain these emails, and a formal House subpoena was issued on March 4, 2015.

Combetta and a Platte River colleague Bill Thornton were on Capitol Hill last week answering subpoenas to testify before the Oversight and Government Reform Committee. Combetta refused to answer all of committee chairman Congressman Jason Chaffetz’s questions about his role in maintaining Clinton’s private server. That included Chaffetz’s inquiry on whether Combetta received an immunity agreement from the Justice Deoartment to cooperate with the FBI’s now defunct criminal investigation into Clinton’s handling of classified email while secretary of state. Combetta cited his 5th Amendment right not to incriminate himself at the hearing. Combetta’s immunity agreement was divulged in a recent New York Times article detailing its stipulations.

Congressman Chaffetz’s committee has shed light on other internal Platte River communications where company executives scurried to distance the company from what they believed was Clinton “covering up some shaddy [shady] s- -t.”

In another internal message, one executive called Clinton’s requests to Platte River “Hillary’s coverup operation.”

These new revelations, however, place a white-hot light on the FBI’s arrangement with Combetta. If FBI agents were aware of this request from Clinton to illegally mask her emails, one has to wonder even more than usual how Clinton walked away without an indictment form the bureau’s year-long probe. This only adds to other recent troubling revelations regarding the FBI’s investigation.

True Pundit’s Original Expose can be read here.

-30-

 

FOLLOW US!
Follow on FacebookFollow on Twitter

  • Deplorable Bidnith

    I’m a novice when it comes to network admin but I don’t see any IP addresses here except for an internal network.
    That’s not to say “stonetear” never revealed them, just that I don’t see it here.

  • ScooterComputer

    Addresses in the 10.x.x.x range are non-routing, internal use addresses. None of those are the public IPs of the server. The 23.24.145.45 address is likely the client IP.

  • Old_Jester

    Agreeing with Scooter. When you publicly post a line of the configuration that reads : SNAT 10.1.1.1 ->23.24.145.45:62464 along with a post that states that your two factor authentication can be easily bypassed… well, that’s not good at all.

  • Watchmen News

    Kudos to True Pundit for doing the hard work of investigation and following the bread crumbs to break the story. Amazing that a team of citizen bloggers can do what no MSM outlet will do – real journalism.

  • Sovereign_Citizen

    As we have been saying, try to arrest all of them including HRC…if she fights back? Shoot her and anyone who tries to interfere in the judicial process.

  • Pingback: Hillary Clinton IT Guru Posted Server’s Security Keys to Public, Opening Door for Hackers to Access Emails | Curtis Ryals Reports()

  • Pingback: GOP Chairman Demands Interview with Hillary Clinton IT Guru After True Pundit Expose | True Pundit()

  • Pingback: Hillary Clinton IT Guru Posted Server’s Security Keys to Public, Opening Door for Hackers to Access Emails – Pingie.com()

  • Pingback: Hillary Clinton IT Guru Posted Server’s Security Keys to Public, Opening Door for Hackers to Access Emails | My Blog()

  • Greg Brunty

    Is this maybe how Guccifer originally latched on?

  • Hydrox

    Kind of what I was thinking. This is really kind of a non-issue and I think this guy is a moron and Hillary deserves to be in jail but this is not really any kind of smoking gun.

  • disqus_hEKewBkZ7o

    you dipshits don’t know anything about network. 10. is a local address space and not routable via the internet. How about you actually get an expert to evaluate your bullshit claims prior to making them? I don’t like Hillary either but your knowledge of networks is that of my 80 year old grandma.

  • disqus_hEKewBkZ7o

    by hard work you mean not knowing anything about how network address space works?

  • Buck Macklin ✓ᵛᵉʳᶦᶠᶦᵉᵈ

    So you don’t see any problem with sharing this data, about a server that has classified top secret data, with the public?

    Let us stay on the subject.

  • True Pundit

    The body of what he posted publicly is at play here. Not a single post. I can guarantee our experts are better than you at deciphering what’s open. closed, public, private et al.

  • disqus_hEKewBkZ7o

    Actually – I have a background and a fair amount of expertise in Computer Networks, specifically a CCNP;

    A 10.X.X.X network is a Class A network address space – that is not visible outside that network; usually a mechanism called NAT (Network Address Translation) brokers traffic to the outside world. What is in the post above does not reveal the servers public internet IP address; without that, hackers simply can not get in w/ a 10. address; your own network may actually have the exact same address – and exposing such generic information does not make you vulnerable to a hacker from the outside. Publicly available IP addresses – are especially hard to find; many customers actually choose to have registration privacy enabled as well – so its even more difficult to find.

    Now for the idea of going to Reddit for help – that in itself is stupid; this person could have just as easily called Cisco which likely would have an NDA in place with the computing consulting company; the substance of your article, specifically the point of the person revealing the IP address is largely false based on the premise of the generic idea of IP addresses all being the same (Local vs. Internet).

  • disqus_hEKewBkZ7o

    you deleted my comments for them being factually right? dang – first amendment people up in hur.

  • True Pundit

    Deleted because your swear words got snagged in the web filters. Clean it up or take a walk.

  • True Pundit

    Body of work. Many posts. Additionally, All a hacker had to do was offer this maniac help to social engineer his/her way further down the line. Not up for debate. Guy was listing all type of private Intel. Put the puzzle pieces together and you could easily access. Ask Guccifer, Guccifer 2.0. Simple access. You are pontificating on one single puzzle piece or two we chose to mention. This is always one of the dangers of adding supplemental data to news stories and why few do it. Stay tuned. What we have coming makes this look like a training film.

  • Anarchy Bunker

    In other words, you’re falling back on the ‘we have more super duper secret info’ when the facts do not align with your histrionics. His simple point that revealing the NAT address is useless to someone outside of the NAT is a fact.

  • SCMike1

    From all I have read, Guccifer only accessed Sid Blumenthal’s AOL account and got access to the emails to and from Hillary. He did not have the knowhow to penetrate the clintonemail.com servier(s), he chose his targets from email contact lists, then guessed at the passwords or engaged AOL help to access the account.

  • Buck Macklin ✓ᵛᵉʳᶦᶠᶦᵉᵈ

    So you don’t have any problem with sharing this data, about a server that has classified top secret data, with the public?

  • Pingback: George H. W. Bush Chooses Hillary Clinton: 41st President To Vote Democratic For November Presidential Election » Gossips()

  • Jimmy978

    If I’d of seen this at the time just to find out what VIP it was I’d of msgd him “special” utility I wrote just to help him (i’d of said to him “a util for cool guys like us” just to get his confidence).

    Yeah dude, just run hidemails.exe I am sending you on your VIPs server 😉

  • SSpeedracer

    New research confirms Combetta to username Stonetear via IP 23.24.145.45 from screen shot above. He was logged in from another customer’s computer, ET Investments. Search u/VTwinvapor reddit.

  • Mike Casillas

    Whoever wrote this article has no clue how IP addresses work

  • Basalat Raja

    Actually, if you look at the traces, the addresses he is sharing are of form 10.x.x.x The 10.x.x.x domain is reserved as a private A-class domain. Any large organization can assign IP addresses beginning with 10 without fear of exposing their internal computers directly to the Internet that way. In general, sharing or knowing the address of a server isn’t that big a deal. Servers expose their IP addresses in order to be able to provide services and accept connections from other servers.

  • MartinTruther

    Headline is misleading. Man is clearly no “guru”

  • IHC

    I like you and your info you provide but I must ask that you give credit to the person who truly discovered this info and it wasn’t you! Please do the right thing and give credit to the actual woman who discovered it.
    Having said – it is clear that our reps in DC, FBI, DOJ, white house and investigative committees are all compromised. This subject must have been known to everyone involved. Naturally – these douchebags think we are all dumb and would never keep on their heels and follow those who have become a threat to us all – including these fake investigative committees who have so far always end in a stalemate. What you suppose to think that not one person has been indicted or sent to prison. Hillary – the actual criminal conspirator against the US – walked free.
    Do you think one of us would have that much leeway to commit monster crimes remain out of prison?

  • ScooterComputer

    I’m just saying that the IP addresses in question are nonsense ones. They’re effectively the 555-1234 of the Internet world. Just like if you’d tell me that the cell phone number of the guy who totes the nuclear codes was 202-555-5634. I wouldn’t care. That number is nonsense. It doesn’t work on the public telephone system.

    Further, if bad guys had gotten in that far, determining the addressing on the private network wouldn’t be a road bump.

    Besides, as I mentioned, I actually TALKED to Hillary’s real mail server. The classified docs thing was just the cherry on the sundae, and most everyone fell for the misdirection. The real story is the fact Clinton had the system set up the way she did to end run FOIA, full stop. That’s the crime we citizenry shouldn’t tolerate. And the Feds didn’t even approach that. It was all about the classified stuff; once again, the leftists dangled trinkets and got America to miss the raging fire. Additionally no sane IT administrator would have configured a high-value Internet-facing mail server the way this thing was done. For one, it had insecure ports open. (In simpler terms, if she goes to North Korea, gets on a Wi-Fi network that is controlled, the bad guys could have blocked secure SSL ports and some mail clients of the era would have dropped back to an insecure connection and sent her email account credentials in the clear, for anyone managing the network to see. What mail clients did she use? We don’t know. Where did she use them? We don’t know. Why? Because all that data was stripped from the messages as delivered. Crime: destruction of evidence and official record.) Second, anyone who has configured a mail server for compliance knows to separate mail stores, not for the IF of handover but the WHEN. Hillary delivered her emails in f’ing boxes. Think about that. BOXES, OF PAPER. THOUSANDS of sheets, that then needed to be rescanned and OCR optical character recognized. Rather than simply handing over a $100 mirror hard drive of bits. And configuring a server like that, for easy compliance was trivial and inexpensive at the time, $1000 at most. How much expense went into the document management afterwards?? Hundreds of thousands at least, not to mention the committee investigation costs. Why hasn’t a single media person asked these basic questions? None have. If nothing else, Hillary is so grossly incompetent and therefore disqualified for President because in her mind spending a few million dollars after the fact is preferable to spending less that $1000 before hand, when she HAD TO HAVE KNOWN–after her own husband’s admin issues–what the NON-compliance costs were. (For the slow, eg she did this on purpose, duh.)

    But by all means, keep barking up the classified documents tree. The FOIA statute penalties say she’s ineligible for office if convicted. But instead of watching that fight out to the Supreme Court (there is legal opinion that Congress cannot make such dictums), you all seem hellbent on classified docs. I’m not saying the classified docs leaking wasn’t bad, it was, real bad, I’m just saying there was a lot more governmental corruption going on than that. And your narrow focus has allowed her campaign to reframe the narrative away from the wildfire that is raging. She intentionally thwarted FOIA compliance and conspired to do so for half a dozen comrades; it cost the American people at least a few million, and probably much more, and could cost even more past November. She is a crook. Remember how Capone got sent away? It sure wasn’t for murder.

  • Wayne Everhart

    I have to say, the True Pundit’s IT guru in question really has no clue.

    First the article title is clearly misleading to IT professionals.

    ‘Hillary Clinton IT Guru Posted Server’s Security Keys to Public, Opening Door for Hackers to Access Emails”. As soon as I saw the article title I thought, –what IT pro would have posted a private SSL key?

    In truth, there was no Secure Socket Layer private key posted on reddit.com Maybe your GURU knew this and was intentionally being misleading. But private IP are not “keys” and posting a ping test on a support forum between LAN interfaces to show communication on a private side of devices is a not a security issue in itself.

    The technical “supporting” detail in this article does not align with an argument of a security risk directly related to the IT posting on reddit. To anyone without internal access to the network this info is useless and frankly– most large companies use the same Class A network 10.x.x.x for internal systems, so nothing to be gleaned there.

    In regards to a True Pundit assertion that the reddit.com post gave all the information needed to social engineer/hack into the system… Please explain that thought, because nothing in this article supports the social engineering claim. If you are going to make such assertions back it up.

    In my humble opinion this article is not well written and is misleading. Anyone with a networking background will tell you similar.

  • Pingback: In Corners of Congress & FBI, Talk of Re-Opening Hillary Clinton Criminal Email Probe | True Pundit()

  • Buck Macklin ✓ᵛᵉʳᶦᶠᶦᵉᵈ

    I agree with every word. Every word.

  • Jayne Dough

    @GOPPollAnalyst on Twitter is who broke the story on 9/18 https://twitter.com/GOPPollAnalyst/status/777691379971612672 Why not give credit where it is due??

    Also, the post Combetta made with the pings was in April of THIS year… it was for a different server. FBI already had Clinton’s equipment in their possession. So, while it may have been stupid for him to post it, it has nothing to do with Clinton. https://archive.is/MjyK3

  • Matt Baker

    not specifically USELESS, but not as useful as a public IP address.

    While I agree that what was put up was mostly inert info, some of the other things he posted will be very bad for the former Sec. State such as purposefully bypassing 2FA, and publishing port forwarding rules.

    Oh, and that little piece about asking how to scrub to and from address info from sent and received emails already in the EDB.

    MSCE and Security+ here

  • Matt Baker

    I guess you missed this line…

    id=20085 trace_id=3 func=__ip_session_run_tuple line=2606 msg=”SNAT 10.1.1.1->23.24.145.45:62464″

  • Matt Baker

    he did expose a public IP, it just wasnt the one from the clintons

  • Matt Baker

    when he said he was doing something for a VERY VIP person (Scrubbing Emails) he opened himself up to someone with a little malicious social engineering

  • Matt Baker

    while that WAS a public IP it wasn’t the Clintons that post was from after the FBI had the remains of the server in their possession

  • True Pundit

    Settle down, Hillary.

  • ScooterComputer

    No, I didn’t. That is the client IP address coming inbound to the VPN service. So, in other words, it was whatever IP Combetta was using at the time, not the IP of the server. Sure, knowing that you might have been able to target an attack towards Combetta, maybe. Maaybe.

    But Clinton’s server’s IP address was publicly available. It still is. And it ain’t that. Again, I talked to the server likely–given the dates that have been uncovered–at Platte River at that time and before the rest of the world knew about it. And that wasn’t the IP. Again, however, her mail server’s IP address WAS PUBLICLY published! It had to be because it used a DNS name, and was listed at one time as a direct MX (mail exchange). I’m no black hat, I’m just a 30 year IT guy who knows this stuff. I talked to the server, I did a small amount of port probing, and a verified that insecure ports were open. Much past that and I didn’t want a visit from the FBI (or worse) working a CFAA case. I could have done substantially worse, and I feel it likely I could have pwn’d the box (it was running Windows Server, which had known black-hat vulns at the time) if I wanted. Honestly, I really doubt the data we’d all like to see was on the box by then (March 2015); it was likely a honeypot. (Several other what I’d consider to be “black hats” I conversed with at the time agreed. This is the internet, you can talk to just about anyone. So don’t think I’m some kind of “bad guy”, I just posted publicly available information to Twitter and got varied interest back.)
    The smoking gun here is the fact the server as configured existed. The smoking gun is that Hillary is so unfit for government work that she hired a sub-skilled idiot. And why? Because no self-respecting IT –professional– would have done what she wanted to do, break the law. And she was so paranoid of oversight she preferred to use substantially under-skilled “insiders” rather than comply with FOIA. Plus, she’s obviously that dumb; she hasn’t the foggiest idea how any of this works, and she doesn’t care, the ends would have justified the means… the very definition of a dangerous moron. The classified stuff wasn’t even in her mind because she never expected anyone to FIND OUT this thing existed in the first place.

  • chasrmartin

    You’re imagining the server is still up?

  • Buck Macklin ✓ᵛᵉʳᶦᶠᶦᵉᵈ

    No but it was up when the admin was discussing it, openly on Reddit.
    And he added the raw meat (“Very VIP”)

  • Dennis

    I smell a criminal indictment coming for destruction of government documents, obstruction of justice, contempt of congress breach of national security! They will throw this asshole under the bus and the train and maybe even waterboard his ass in the reflecting pool!

  • Dennis

    How about the fact that this bozo IT buffoon compromised the entire server security protocol cause he had his head up his ass and disclosed the above info on a bulletin board? Are you fucking kidding me? I don’t know much about this but I know enough that tells this guy is an idiot! No wonder you look like Archey Bunker!

  • Ursomonie

    Wow, you seem a little biased.

  • Ursomonie

    Someone with your knowledge needs to testify before congress to explain this. Chaffetz is a functional IT illiterate.

  • Ursomonie

    Because NONE of them want to their private emails subject to FOIA. Get it?

  • Ursomonie

    Hillary is not a crook. OMG. What is this? All of you calling her a criminal for not being IT literate. She is an executive she wanted her private life private. Do you not understand that? Her life is not our business. AT ALL.

  • Ursomonie

    You need to smell something else. This isn’t a crime and no national security was breached. Executives are not held responsible for network security as they dont’ understand it nor is it their job to understand it.

  • Ursomonie

    They don’t care about the truth. They just want to create the appearance of impropriety and crime. It’s a farce.

  • IHC

    I was hoping the author of this post would do the honorable thing but alas – no such correction and attribute to the source of this exposure has been forthcoming ergo “Katica” – a citizen and Trump supporter discovered this information. She deserves the credit for this find and not this author.
    Shame on you @True Pundit for your continuation fooling your readers by claiming credit!

  • Wayne Everhart

    Staying on the topic… as suggested. You clearly don’t understand the discussion. The issue in question… Was a server that an IT professional was troubleshooting , who posted ping tests of “private” non-publicly routable IPs on a public forum, put a server at additional risk. The answer to this question is unequivocally “NO”… Regardless of the fact whomever owned the server or it’s contents. The server was put at no additional risk based on the information I saw.

    An exploit which would glean more info then this common ping test… if we knew the Clinton’s email domain (which I do) we could obtain the public IP address of the mail server, by sending an email to the server and forcing a bouncback. i.e, by sending an email to a non existing user account on the server, or an attachment with the size too large, which in most cases generates a bounceback. Inspecting the messages headers would show a return path. which in most cases exposes the mail server’s Public IP. No hocus pocus or ping test needed…. I’ve queried the “Clinton’s” email domain, I will not share that info here. The point is, the information is readily available to anyone that knows how to obtain it. No need to troll Reddit.com for some “smoking gun”, to try to sway political opinion. This article was crafted for just that.. to sway political opinion by providing partial truths.

    The idea that the emailserver was receiving sensitive information is a different discussion. I totally agree she should be held accountable for misuse of classified material… But that is not this discussion…

  • Buck Macklin ✓ᵛᵉʳᶦᶠᶦᵉᵈ

    If you believe the FBI and think there is no evidence of intent, then I think the Reddit posts are very relevant.

  • Wayne Everhart

    I totally agree the idea this server exists and was being used to circumvent security protocols is inexcusable, but lambasting the IT pro that posted the benign ping tests for additional political sway is not OK with me. This article implies the IT Professional did something to make the server less secure. He did not.

  • Old_Jester

    If I recall, there are actually two servers. The original that the Clintons kept and maintained during her tenure (2008-2012), and then the one kept and maintained by Platte River Networks in Denver, who employed this fellow (2013-2015). Much of the material, including the mail files, that had been on the original box had been transferred to the box that this fellow maintained. There is what seems to be a reasonable timeline here, although the rest of the article seems a bit hyperbolic… http://www.thompsontimeline.com/the-hidden-smoking-gun-the-combetta-cover-up/

  • Wayne Everhart

    I’m your huckleberry…

  • Diane Pierce

    Even worse, they did more than the FBI did!!!!

  • Diane Pierce

    Then she should have not also included her work related emails. She knew what she was doing!

  • Diane Pierce

    Hillary was REQUIRED to turn over EVERY email to the State Department so she is still guilty as hell!

  • Ursomonie

    Not by law. By IT POLICY. It was not a crime and Colin Powell deleted ALL of his emails. So has everyone before her. This is pure politics. No national security was breached.

  • Pingback: The Combetta Cover-Up – Trumping Capitalist()

  • TheBigOldDog

    Holy smokes Scooter she used a domain name system (DNS) name as Sec of State pointing to an unprofessional, insecure MX Server! Wow. For the non-IT folks, that means every DNS server – the server that maps domain names to ips (e.g., google.com–> 172.217.23.46) – had her public ip address including the DNS server your computer used to reach this site.

    I think I read somewhere her name was part of her main server domain name right? Wasn’t it something like ClintonMail or something ridiculously obvious? And, she was up to such “shady shit” either no experienced IT Professional would touch it or the Clintons were unwilling to even ask outside people they could not absolutely trust – hence the State Dept “IT guy” she owned.

    I’m willing to bet the farm everybody was in her box (yuk! Sorry!) and those emails and attachments and file shares all exist in LOTS of places. They will be coming out sooner or later. Not everybody is holding them for blackmail. Somebody is going to release them.

    You ought to consider writing an article in simple terms that explains what she did. I think non-IT folks still don’t quite understand how reckless and shady she was.

  • Pingback: #54 The most positive this podcast has ever been | Worldwide IT Guys()

  • Matt Baker

    At least 8 TS/SCI email chains were discovered by the FBI just in the documents that the FBI had… forget all of the ones that were not turned over or destroyed… plus a few hundred of lower classification including secret, and top secret

  • Sharon

    You are an idiot.

  • Sharon

    He is an idiot.

  • Pingback: Episode 110 – Radioactive Riots Forever | GunBlog VarietyCast()

  • Ursomonie

    I wasn’t used to “circumvent security protocols” It was used to keep her private UNCLASSIFIED information private. This was an unclassified system. Hillary used HARD COPY in a SCIF for all classified communication. A completely separate system. On her personal UNCLASSIFIED system, she only communicated with 13 people.