I’m shocked, shocked, shocked. Also appalled. Amazed. Astounded and various other adjectives.

No I’m not.

I’m genuinely surprised (in a good way) that this was reported by anyone and I will genuinely be shocked if CNN, the NY Slimes, The Wapo and so on to follow up on this. In fact I suspect the only way they will is if President Trump tweets about it and they then have to do their duty to bury the story as best they can. I note that I totally missed the first report on this from a month ago which also, mysteriously, failed to get any traction in the wider media.

I have one technical quibble. The most recent article says:

A Chinese-owned company operating in the Washington, D.C., area hacked Hillary Clinton’s private server throughout her term as secretary of state and obtained nearly all her emails, two sources briefed on the matter told The Daily Caller News Foundation.

The Chinese firm obtained Clinton’s emails in real time as she sent and received communications and documents through her personal server, according to the sources, who said the hacking was conducted as part of an intelligence operation.

The Chinese wrote code that was embedded in the server, which was kept in Clinton’s residence in upstate New York. The code generated an instant “courtesy copy” for nearly all of her emails and forwarded them to the Chinese company, according to the sources.

I’d be really surprised if they wrote code. It is far more likely IMHO that they used any number of existing systems on the server to do it – I’m not an MS Exchange Server expert but I can think of two or three alternative methods.

The simplest would have been to fire up the admin console to MS Exchange and make a settings change to CC (or actually more likely BCC) everything to/from Clinton to their account. I strongly suspect no one would have noticed if they did this with a little misdirection such as setting up a second account on the server with an innocuous name (HRClintonBackup say) that got all mails to/from the real HRC account and then setting that account to autoforward everything it got to their external one. If they made the external one also something plausible, [email protected] say, it would be the sort of thing that any sysadmin could easily fail to spot. If they wanted something more subtle there are a bunch of troubleshooting methods that could also work and which are also trivially enabled. I also note that there is no suggestion that this was the only hack, in fact reports from 2 years ago say that more than one non US intelligence agency gained access to the server at some point, though they didn’t give details. Perhaps the Chinese did write code because they had found that the Russians / Israelis / GCHQ / Iranians / North Koreans had already done the easy methods.

I wrote in October 2016 that what we knew then about her server meant it was a bad thing. And, as I said in a follow up post, it was bad even if you think “information should be free”:

I get that people think the US government classifies too much stuff and they may have a point but a foreign spy (or spy agency) would like ANY email between a President and his Secretary of State on almost any topic that wasn’t entirely trivial. Indeed, given that Obama has exercised executive privilege to stop those emails being released, it seems clear that in principle he gets that they are sensitive.

In fact this episode proves that some of the regulations regarding classified information are valid and that violating them is against the national interest. And as noted before the fact the Clinton and her underlings seemed happy to ride roughshod over those regs is a clear indication that they put their own interests before those of their country.

I note that all those “experts” who said, essentially, “no harm, no foul” because there was no evidence that foreign intelligence agencies actually hacked her server should now reconsider their opinion. They won’t because all that was two years ago and President Trump, REEEEEEEEEEE… but they should. Particularly since there were reports in October/November 2016 that the server was hacked by multiple foreign agencies.

Of course as this twitter response points out, tongue in cheek, nothing serious was stolen: