According to news which has just surfaced, the infamous Romanian hacker Marcel Lehel Lazar has claimed he had managed to breach the security of the email servers of the then US Secretary of State Hilary Clinton. The servers were installed in Clinton’s home in Chappaqua, N.Y., and were used for all U.S. government communication when she was secretary of state.
Speaking from a Virginia jail, 42 year old Lazer, who’s nicknamed Guccifer, went on to give details about how he performed the hack, adding that it was “easy for him.”
The Clinton campaign team has not been quiet about the incident. Although three cyber security specialists have said Gucifer’s claims are plausible, the Clinton campaign has rubbished the reports citing the lack of proof, and Gucifer’s inaccurate description of Clinton’s servers. They also questioned why Guccifer did not leak the emails as he did with the others.
Despite The former secretary of state’s server holding almost 2,222 classified and top secret emails, Guccifer said he did not find the emails interesting. He claims to have accessed Clinton’s servers twice.
To get to the servers, Lazar says he first performed extensive web research which allowed him to hack into Clinton confidant Sidney Blumenthal’s AOL account, by guessing his security question. When he had managed to breach the account, he says he could see dozens of emails from Clinton’s email address.
“I then scanned with an IP scanner,” he said.
Although this was a difficult hack to pull, Lazar says he used common web programs including Netmap, Wireshark, Angry IP and Netscan to see what parts of the server were not secure.
Having no formal computer training, Lazar performed most of his hacks from a small Romanian village using Russian proxy servers, which he described as the best in hiding a hacker’s identity.
A former chief technology officer (CTO) for the Defense Intelligence Agency, Bob Gourley, said the web software Lazar claims to have used to gain access to the servers can be used in two ways. “Security experts use these programs to ensure that systems are properly configured. On the other hand, hackers will use the same software to seek out loopholes for penetrating a system,” Gourley said.
Morgan Wright, a cyber-security expert observed, “By accessing the Blumenthal account, Lazar gained a roadmap to get to Clinton’s server. Once you map out one system and gain intelligence from it, progressing is easier.”
Although Lazar said he didn’t find the Clinton emails interesting, he spoke in detail about Blumenthal’s account. He says the account had interesting emails with information about the Middle East and what was happening there.
Following his extradition to the US, Crucifer will stand trial on September 12th in Virginia. He faces a nine-count federal indictment for allegedly committing hacking crimes in the United States. Although the full list of his victims has not been released yet, it includes Colin Powel, a Bush family member plus Blumenthal, and others.
The FBI is looking to get Lazar to help them establish their case that Clinton’s server may have been breached by hackers. This could earn Lazar a plea agreement which would give him a reduced sentence. Guccifer says he is willing to cooperate with the US government. He claims to have hidden 2 GB of confidential data which he adds is a matter of national security.