
CIA Director John Brennan emails - dmschulman
https://wikileaks.org/cia-emails/
======
nostromo
Using an AOL email without any form of two-factor authentication should
preclude you from serving as director of the CIA.

How can these top government officials be so clueless about email security
when they know first-hand how effective our own intelligence agencies are at
reading everyone's email?

~~~
getpost
I agree. It's like Hillary Clinton's use of a private email server shows she's
too clueless to be president.

~~~
cwyers
Hillary wasn't using some AOL account, she was using a private server
configured by a private security firm. ON one hand, I am betting her e-mails
were much more secure than the CIA director's. On the other hand, the amount
of effort and thought put into acquiring a secure alternative to a government
e-mail account makes it far less likely that her motives were doing so were
simple ignorance.

~~~
Natsu
Scans claim that server had ports open for RPC and VNC, so that's an open
question. I know there was a VNC authentication bypass[1] some years back so
we may just have to wonder given that we don't know for sure what it ran or if
anyone noticed.

[1] It was a really dumb bypass, too: Client: The authN methods I support are:
[empty list]. Server: Ok, let's just skip authN.

~~~
zurn
By the same standard we should count people using SSH and TLS (really: about
any given protocol) as clueless, as implementations of both have had wide
impact remote vulnerabilities.

I agree this all is testament to widespread cluelessness, but more on the
software industry level...

~~~
Natsu
I don't believe I claimed anyone was clueless, that they were actually
vulnerable to any known issues, or even that VNC or RPC were actually running
on those ports. As far as I know, nobody knows any of that.

~~~
zurn
Mea culpa. Too much firewall angst I guess!

------
nobrains
The one to change allowed torture techniques from a whitelist to a blacklist
is scary. Its even phrased to sound like a good thing "I urge you to consider
my proposal to ban the use of certain harsh interrogation techniques expressly
prohibited by the Army Field Manual". And the specific prohibitions looks like
a list of Iraq abuse leaked pictures checklist (pose in sexual manner, hood,
using dogs, etc.), so the army is free to "invent" new inhuman techniques.

------
fiberoptick
Why did they publish his SF-86? This seems like a very irresponsible invasion
of Brennan's personal privacy; nothing in there could possibly be of
legitimate public interest.

~~~
NN88
Why? Its obvious why at this point.

 __* _Theres a theory that WIKILEAKS has been a FSB front since 2010:_ __*

[https://www.reddit.com/r/conspiracy/comments/3pobtq/is_russi...](https://www.reddit.com/r/conspiracy/comments/3pobtq/is_russia_secretly_influencing_wikileaks_i_dont/)

They haven't posted a SINGLE ANTI-Russian document since they threatened to
leak documents in 2010

This is ONLY about Embarrassing the West.

At first I was skeptical, now i'm fully convinced that Assange and crew are
TOTAL useful idiots.

~~~
tinco
There are no anti-russian documents because Assange nor any of his activists
_care_ about Russia. They care about the Western world, that's why they prod
it.

~~~
NN88
If this is the case, they can't claim to be objective.

~~~
jacquesm
They don't claim to be objective, they claim to pass on data that is real. You
don't know what they don't pass on, you don't know what they change and you
can't know whether or not something is real without outside verification.
Think of them as an imperfect channel that seems to present - to date at least
- an insane amount of real data and the occasional manipulated video.

------
r0naa
I have a midterm next monday, yet here I am... procrastinating by reading
CIA's director emails.

What a time to be alive.

~~~
jedberg
I was in college in 1998 when the Starr report came out, detailing President
Clinton's sex life. Back then it wasn't easy to download such a big document
to your computer, so a lot of people came to the computer center, which I
managed, to look at it. But it was long and they didn't want to read it in the
computer center, so they started printing out the 90+ page report! (printing
was free)

It go so bad we had to ask all the people that printed it if they could bring
their copies back when they were done, so we could have a lending library of
the Starr report.

My point is, you're right, it's a great time to be alive -- you don't have to
tell anyone about your interest in these things. :) (although on the flip side
there was a pretty good watercooler discussion of the report at the computer
center)

------
DrRobinson
Blacklist by default and whitelist what is wanted is better in almost all
context. Otherwise people will always find a way to circumvent the rules to
get the expected results.

> placing hoods or sacks over the head of the individual or using duct tape
> over the individual’s eyes;

So using other kind of tape is totally ok (for example).

~~~
rhizome
Like Gorilla Tape.

------
kushti
The one question not asked yet. The guy knew probably about Clinton emails
case. And made nothing with his personal mailbox having the same problems.
He's unlikely to be an idiot(who knows though). So has he thought he's more
protected from a prosecution than Hillary?

~~~
panarky
Not only that, but the whole reason Brennan got the job as Director of the CIA
was that the prior Director, David Petraeus, resigned[1] in the wake of his
own email and information leak scandal.

    
    
      Petraeus and Broadwell used fake names to create free webmail
      accounts exchanging messages without encryption tools.
    
      The FBI, using electronic metadata that pinpointed the times,
      places and IP addresses, identified Paula Broadwell as the source.
    

[1]
[https://en.wikipedia.org/wiki/Petraeus_scandal](https://en.wikipedia.org/wiki/Petraeus_scandal)

~~~
scintill76
Ooh, I didn't think about Petraeus. I was glad to learn recently that he was
actually convicted of unauthorized removal and retention of classified
information in April -- two years' probation and $100k fine (fine more than 2x
what DoJ asked for!)[0] I'm sure that's all they'll give Snowden. /s (Yeah, I
know Snowden is a bigger magnitude, but Petraeus was more reckless and self-
serving, and as the leader he should set the example -- he deserves at least a
few months in Club Fed.)

[0] [http://www.nytimes.com/2015/04/24/us/david-petraeus-to-be-
se...](http://www.nytimes.com/2015/04/24/us/david-petraeus-to-be-sentenced-in-
leak-
investigation.html?rref=us&module=Ribbon&version=context&region=Header&action=click&contentCollection=U.S.&pgtype=article&_r=0)

------
golergka
The document on Iran is really curious: it seems that this draft from 2008 (?)
really resembles how US decided to behave with Iran.

~~~
ianhawes
I also found it curious that there was not even a inkling of insight into a
possible Arab Spring with regard to Iran.

~~~
throwawayaway
I've been led to believe that they are persians and not arabs. correct me if I
am wrong.

~~~
thieving_magpie
And the Arab Spring was 2-3 years after this document was created.

~~~
pazimzadeh
The Arab Spring was partially inspired by Iran's Green Movement in 2009:
[https://en.wikipedia.org/wiki/Iranian_Green_Movement](https://en.wikipedia.org/wiki/Iranian_Green_Movement)

~~~
thieving_magpie
Which still predated this email.

------
NN88
__* _Theres a theory that WIKILEAKS has been a FSB front since 2010:_ __*

[https://www.reddit.com/r/conspiracy/comments/3pobtq/is_russi...](https://www.reddit.com/r/conspiracy/comments/3pobtq/is_russia_secretly_influencing_wikileaks_i_dont/)

They haven't posted a SINGLE ANTI-Russian document since they threatened to
leak documents in 2010

~~~
lvs
This is completely illogical and tinfoily. If an intelligence outfit knows
something, it's unwise to show their cards. It reveals sources and methods to
do so. Nobody operates this way.

~~~
chatmasta
I'm not sure how "tinfoily" a suggestion is when it's referencing _wikileaks_.
Wikileaks is in the business of conspiracies. It isn't much of a stretch to
suggest a conspiracy might be behind wikileaks itself.

------
astaroth360
From what I've seen this is all pretty tame. Brennan was definitely stupid to
keep around an AOL email after becoming one of the highest ranking law
enforcement officials, but it doesn't seem like there was that much damning
information sitting around.

------
dang
Url changed from [https://www.washingtonpost.com/politics/wikileaks-
publishes-...](https://www.washingtonpost.com/politics/wikileaks-publishes-
cia-director-john-brennan-
emails/2015/10/21/5e37c758-782c-11e5-a5e2-40d6b2ad18dd_story.html), which is
just a summary.

~~~
morisy
Just FYI: The page you changed it to includes links with Social Security
Number(s) and other private, personally identifiable information.

~~~
15charlimit
And? It's not like they'd magically go away if one site didn't link to them,
and they're easily found with a 1-second search. There's no point in not
linking to the most accurate/direct source of information.

------
seiji
_be so clueless about email security_

Old people + technology = failure. Really common pattern. We like to believe
people in positions of power know what they are doing, but sometimes the
facade cracks and we see they are just regular old crazy people.

But, it's more like inconvenience + people + technology = policy violations.
In one company I worked at a new CEO was installed (the old one was faulty;
turned out the new one was still faulty) and he told people to forward all
their company email accounts to their personal gmail accounts because he just
liked the gmail interface better.

 _edit: _gasp_ it 's like online people read comments while wearing hair
trigger hostility goggles and don't use their contextually aware kindness
beanies. go figure!_

~~~
dang
We detached this subthread from
[https://news.ycombinator.com/item?id=10428726](https://news.ycombinator.com/item?id=10428726)
and marked it off-topic.

~~~
seiji
Is it better to move things around instead of just deleting things? Replies
don't exist in a vacuum, so detaching from parent comments breaks meaning and
intent, not just location on a page.

Seems better to censor by deleting unwanted content with prejudice instead of
waffling and breaking context.

~~~
dang
There's a link to the original parent in what I posted.

Eventually we might build more software support for this.

------
sotojuan
This guy went to my university, and so did Donald Trump (before he transferred
to Penn).

Very proud of my alma mater.

