There is probably no one more acutely aware of the importance of good cybersecurity right now than Hillary Clinton’s campaign chairman John Podesta, whose emails have been laid bare by WikiLeaks, are being mined for news by journalists (including at The Intercept), and are available for anyone with internet access to read.
So as a public service to Podesta and everyone else on Clinton’s staff, here are some email security tips that could have saved you from getting hacked, and might help you in the future.
Use a strong password
There’s a method for coming up with passwords that are mathematically unfeasible for anyone to ever guess by brute force, but that are still possible for you to memorize. I’ve written about it before, in detail, including an explanation of the math behind it.
But in short: You start with a long list of words and then randomly select one (by rolling dice), then another, and so on, until you end up with something like: “slinging gusty bunny chill gift.” Using this method, called Diceware, there is a one in 28 quintillion (that is, 28 with 18 zeros at the end) chance of guessing this exact password.
For online services that prevent attackers from making very many guesses — including Gmail — a five-word Diceware password is much stronger than you’ll ever need. To make it super easy, use this wordlist from the Electronic Frontier Foundation.
Do not use a weak password
So if that’s a strong password, what does a weak password look like? “Runner4567.”
How did the 3l33t h4x0r5 figure out Podesta's super secure password?https://t.co/QSEntXWhGj pic.twitter.com/qMsM9UEXge
— Phil Kerpen (@kerpen) October 12, 2016
Use a unique password for each application
The same day that WikiLeaks published Podesta’s email, his Twitter account got hacked as well. How do you think that happened? I have a guess: He reused a password that was exposed in his email, and someone tried it on his Twitter account.
Even if you use a strong password, it quickly becomes worthless if you use it everywhere. The average person has accounts on dozens of websites. For those who reuse passwords, all it takes is for any one of those sites to get hacked and your password to get compromised, and the hacker can gain access to your accounts on all of them.
You can avoid this by using different strong passwords for every account. The only way this is possible is by using a password manager, a program that remembers all your passwords for you (in an encrypted database) so you don’t have to. You should secure your password manager with an especially strong password. I recommend a seven-word Diceware passphrase.
There are many password managers to choose from: KeePassX, LastPass, 1Password, and more. Shop around for whichever one fits your organization the best. It doesn’t so much matter which you use, so long as you use strong, unique passwords for each account. Password managers also help you generate secure random passwords.
Turn on two-factor authentication
Last year, when I asked National Security Agency whistleblower Edward Snowden what ordinary people could do to improve their computer security, one of the first pieces of advice he gave was to use two-factor authentication. If Podesta had enabled it on his Gmail account, you probably wouldn’t be reading his email today.
Google calls it “2-Step Verification” and has an excellent website explaining why you need it, how it works, and how it protects you. In short: When you log in to your account, after you type in your password you’ll need one more piece of information before Google will allow you to proceed. Depending on how you set it up you might receive this uniquely generated information in a text message, a voice call, or a mobile app, or you could plug in a special security key into your USB port.
Once you start using it, hackers who manage to trick you into giving up your password still won’t be able to log in to your account — at least not without successfully executing a separate attack against your phone or physically stealing your security key.
Do it right this second
Google handles all of the email for hillaryclinton.com. If you’re a Clinton staffer, you should immediately stop what you’re doing and make sure you’ve enabled 2-Step Verification for your email. You should also enable two-factor authentication for all of the many other services that support it, including Twitter, Facebook, Slack, and Dropbox, to name just a few. (If Podesta had enabled it on his Twitter account, that probably wouldn’t have gotten hacked either.)
Watch out for phishers
How did these prominent political figures get their emails hacked in the first place? It appears that Russian hackers used “spear-phishing” attacks against many high-profile political targets, and some of them bit.
Spear-phishing works like this: The attacker sends a target a carefully crafted email, something that looks legitimate but is actually a fake. The target clicks a link in the email and ends up at what looks like a login page for their bank, or an online store, or, in this case, the Google login page. But it’s not. If they carefully examined the URL of the website, they would see that it doesn’t begin with https://accounts.google.com/ and therefore isn’t a real Google login page.
But they don’t notice, so they go ahead and enter their username and password. Without realizing it, they just gave their Google password to the attacker. Now the attacker can use this password to log in to the target’s Gmail account and download all of their email (assuming they are not using two-factor authentication, that is).
Well-crafted spear-phishing emails can be incredibly hard to spot, but if you ever end up on a website asking you for a password, you should be skeptical. Check the URL and make sure you’re at a legitimate login page before typing in your password, or navigate to the login page directly.
Encrypt your email
All of the previous tips are aimed at keeping your email account secure. But even if you follow all of the security best practices, it’s still possible that your email could get compromised. For example:
- You could fall for an incredibly sophisticated spear-phishing attack that tricks you into giving up your password as well as your two-factor authentication token
- Your Google Apps administrator could get hacked, giving the hacker the ability to reset the email passwords of everyone in your organization
- A hacker could find a fundamental security flaw in Gmail itself and use that to gain access to your account
- A state-level actor could find a way to exploit the infrastructure of the internet to spy on all of your data held by Google
Or maybe you just don’t trust Google, or anyone who can compel the company with legal requests for data, with the contents of your email.
For any or all of those reasons, it’s probably worth using encrypted email.
Using encrypted email is more complicated than using a strong password and using two-factor authentication — which are really easy — but it’s simple enough that everyone at The Intercept, including all of the non-nerds, uses it. An important caveat is that everyone needs to be ready to use encrypted email before you can start using; you can’t send an encrypted email to someone who doesn’t have an encryption key yet. (You can find our encryption keys on our staff profiles if you want to send us encrypted emails.)
To get started, check out the Electronic Frontier Foundation’s Surveillance Self-Defense guide for using email encryption for Windows, Mac OS X, and Linux. If enough people in your organization use encrypted email, consider using our newly released tool GPG Sync to make it somewhat simpler.
Had Podesta, or anyone in the Democratic National Committee — or really anyone who’s had their email leaked in recent years — used encrypted email, a lot more of the emails would look something like this:
What an encrypted email looks like from Gmail’s perspective.
If a hacker steals all of your encrypted email and then wants to decrypt it, they’ll need to hack into your computer and steal your secret encryption key. That is a whole level of difficulty higher than just getting your password. If you choose to keep your secret encryption key on a physical USB device, such as a Yubikey, the hacker has even more hoops to jump through before they have any hope of decrypting your emails.
Alternately, use an encrypted messaging app instead of email
If encrypting your email sounds too hard, it might make sense to just use email less, in favor of easy-to-use encrypted message apps such as Signal. The Clinton campaign is reportedly already using Signal for its mobile communications about Donald Trump. Now the iPhone version of the app has desktop support, too. So if you need to send a quick, but sensitive, message to a colleague, why not type it into the Signal app instead of sending an email?
Don’t listen to the wrong people
Hillary Clinton’s policy on encryption is dubious, even to the point of calling for the government to commission a “Manhattan-like project” to figure out how to create strong, unbreakable encryption that nevertheless has a back door for law enforcement to access. This idea is firmly in the realm of fantasy, because a back door is definitionally a weakness.
And no matter what U.S. policy is in the future, the email encryption I described above will not contain a backdoor and will be available to everyone in the world, because it’s open source software developed largely outside of the United States.
The obvious conclusion is that Clinton simply doesn’t understand cybersecurity, in theory or in practice.
On the practical level, she needs better in-house technical expertise.
On the theoretical level, she should listen to the unanimous consensus of cryptography experts and take a firm stance in support of strong encryption without back doors. This will improve the cybersecurity of both government and private businesses, protect the constitutionally protected privacy rights of Americans — and maybe even save herself from similar embarrassments in the future.
Top photo: A cellphone case featuring an image of Hillary Clinton.
Earlier this year, I made a variant of Diceware called NiceDiceWare, which may also prove helpful for crafting secure passwords:
http://www.szcz.org/posts/2016-05-01-introducing-nicediceware/
https://github.com/msszczep/nicediceware
So, will Snowden be voting for or against the Whore of Chappaqua?
A password manager is one of the best things you can do for online security. Check out bitwarden for a free password manager. Open source too. I’ve been using it and it works great. https://bitwarden.com
Yes, “she should listen to the unanimous consensus of cryptography experts.”
But I bet it’d help if they coughed up a couple mil for the Clinton Foundation.
Since I don’t trust the CIA, FBI and the other alphabet soup intelligence agencies can you provide us with the proof that the Russians incontrovertibly did the hacking…….
The needed security measures for a PC are beyond the ability of most users to be honest. They need to be incorporated into the OS. And it would not be difficult for Microsoft and Apple to do. They could easily enable default encryption of all binaries and files, enforce encryption on all email messages, and apply up to date anti-trojan horse scans of all email documents. I feel sure such features are coming soon.
The problem is not the technical barriers to implementing something in the operating system. The problem is whether or not they “want” to. Microsoft is spying on Windows 10 users right now.
There are allegations that Bitlocker drive encryption may have a backdoor for example already. The Elephant Diffuser in Bitlocker was lost around 2014.
If you hope for the type of change that you are looking for, it would be far more likely that Linux would provide the type of encryption needed. Also, it is open source, which makes it far easier for an independent party to perform a code audit.
Hi Micah,
another great solution based reporting. many thanks.
question: any “simple” encryption tool for Windows PC email exchange? i am using 3rd party email service (Protonmail) but i know it is not as “safe”. thanks again!
j
As a former technician, I can tell you; you need to button down your machine log-in first. I use two of my old phone numbers from forty-years-ago that I will never forget. I jumble them up like this: prefix -suffix – area code, plus the first letter of the city and the first letter of the state. So, if I lived in Kingman, Arizona, and my old phone number was: 928-753-1982. I use the following combination for the first half of my machine login: 7531982928KA. The second number I use would be from San Francisco, California: 415-767-1234. So the second half of my machine login: 7671234415SC, makes my password — which I use for all of my computers — is twenty-six characters long.
SUPER article, Micah – THANKS SO MUCH!!!
Question: Will the email encryption programs you mention protect you from standard Parental Supervisory Systems, i.e., keyloggers that are so inexpensive and ubiquitous?
Without constant 7/24 physical security on your devices, it’s very fast, easy and inexpensive for someone to plant a bug, correct? What do you recommend for keylogger prone environments like offices?
MANY THANKS!!!!
see krebsonsecurity
love it !
The arrogance, greed, and cynicism which are central to the democrat and
republican organizational criminality actually seems to love the idea
of flaunting their corruption. They know the suckers will still continue to
support these predators in their game of passing the power back and
forth in the name their beloved privatized global domination and greed.
Yes, let’s help them hide their corruption! What a great idea – NOT!
Let’s also pretend that each one of these power lusting liars is
capable of making anything better for anyone with less power.
Maybe we can also figure out how sharks need to be hired to
take care of toddlers!
let them take all the correct measures they want to – wont make a significant difference it they are using m.i.c.r.o.s.o.f.t. w.i.n.d.o.w.s.
http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/
Somehow the Nobel selection committee decrypted Dylan’s lyrics and singing to reveal the hidden messages. Nothing is safe.
> There are many password managers to choose from: KeePassX, LastPass,
> 1Password
I would recommend Master Password App[1]. No password store to sync or loose, passwords are regenerated from your master password and site name/url (inside your browser or native open source apps).
[1] http://masterpasswordapp.com/
Good ideas.
But this is prob not what happened.
The clintonemail.com was to talk to criminals. So they did. They knew all this stuff.
Bet it happened quite differently.
“Using this method, called Diceware, there is a one in 28 quintillion (that is, 28 with 18 zeros at the end) chance of guessing this exact password.”
That’s not true. You’re using dictionary words.
Schneier’s scheme is not vulnerable to that:
https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html
It is true…
http://world.std.com/~reinhold/dicewarefaq.html#someoneknows
I just use “iliketofvckmy3.1415jewishsisterfreemasonscottwoltertakesituptheass”. Crack that.
Probably one of the easiest ways to get someone’s email is to inject malware in the form of text skimming java-script into the web browser. Any service (Google, Skype) that serves 3-rd party adds is vulnerable to this. This kind of attack is normally used to harvest credit card numbers from web shops and kiosks.
If the browser can run any kind of script or “active content”, it will be attacked.
HTTPS doesn’t help, the attacker is reading what is typed into the screen, before it is encrypted.
And speaking of Browser vendors are way to permissive on the “built in” CA’s they accept as “good”. Why the hell should my Firefox be programmed to trust anything from Turkey? I should be the judge of that, thank you.
On an operational level, compartmentalisation is good. Why have all the eggs in one account and what the hell is up with leaving CC’-chains 10, 20 mails deep?
The CC’-chains mean that if someone snatch one mail, they have mails from several people to work on, as well as several accounts.
But, my pet peeve with all this, is that in my opinion, these people are clearly operating on the near side of illegal. Yet, they still think they are just some kind of office workers and managers, they never act according to the real situation because it doesn’t occur to them what they are. Incompetence, Ignorance and Arrogance. A fine set of skills on display here.
” Incompetence, Ignorance and Arrogance. A fine set of skills on display here.”
And preferred qualifications for high office.
In “Wheel of Fortune” or “Hangman” you get feedback along the way to solving a phrase. With a pass-phrase or word there is no feedback unless you get the entire phrase, right?
An NBC article (which itself cites numerous unnamed sources) is somewhat dubious as an authority on who was responsible for the email hacking. Surely as a cybersecutiy expert, you can do better…
Hi Micah
Can you give us advice on macbook? What to do there? What to do with office 2016 on macbook? How to encrypt in the onedrive? We need tips on the mac
Open System Preferences > go to Security and Privacy > File Vault > Turn On.
That’s disk encryption. Do it.
Turn two step verification on on your Microsoft account:
https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification
As well as Apple ID:
https://support.apple.com/en-us/HT204152
Snowden advises pass phrases rather than words with 1 and ! at the end. Like “yoHowareyoudoingoffice?foodisgood”. Don’t reuse passwords between accounts. You’re assumably less of a target than Clinton, but you may as well take steps to protect yourself.
I don’t understand this claim about how the government can’t technically arrange a backdoor in encryption. It seems very simple as straight “key escrow” – the victim is forced to use keys handed out by the government, and if they spot him receiving any message they can’t understand they spy on all his mail until they make a case against him.
I *especially* don’t understand it because as far as I understand the entire goddamn HTTPS thing all the security people are pushing is one big key escrow scheme, with the site keys doled out by Responsible Authorities. You tell me it’s not possible when it seems to be the prevailing model for what encryption we see happening.
Key escrow systems hurt security because the collection of keys (or the golden key, depending on how the system works) could get stolen by an attacker. Without a backdoor, the attacker has one place to go to steal the key: the user. With a backdoor, the attack can attack either the user, or the organization that holds a copy of everyone’s keys. Also, key escrow systems have serious problems with important crypto developments like forward secrecy. And if U.S. law enforcement gets backdoor access to everyone’s communications, does that mean that Russia, China, Brazil, Mexico, and all other governments should get the same backdoor access? Why not, if the companies that provide these services have global customers?
That said, key escrow might be good in some limited circumstances, such as within the White House, when there is a transparency/accountability need for it. But legally mandating that companies use key escrow for law enforcement is very bad idea indeed. You should read the full paper, written by people smarter than myself: https://dspace.mit.edu/handle/1721.1/97690
And as far as HTTPS, that’s actually not how it works. Certificate Authorities don’t have access to the keys for individual HTTPS websites that use them. Each website generates their own key, and no one but that website has the key (normally… there are some exceptions, like sites that use CloudFlare). The job of the CA is to verify that the key that The Intercept uses for https://theintercept.com actually legitimately belongs to The Intercept — but they don’t actually have a copy of The Intercept’s key.
hacking systems is reported to be a lot simpler than going thru the trouble of backdoors and escrow systems.
http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/
Thanks – I’ve been caught being gullible where I should have researched better. Even so, that paper seems more like extended pleading than proof. There are shell games there like talking about how one enforcement agency can’t do it because “thousands” would need their own mechanisms – when it is clear that the kind of totalitarian country that embraces such a scheme won’t care much beyond its own needs … and it is equally clear that US/UK/NZ/CA/AU all collaborate extremely closely already. I mean, I suppose it is OK to try to deceive politicians in a good cause, yet if we ourselves believe this stuff, we’re more likely to be blindsided I think than they are. I mean, I’m sure the people hawking the key escrow have their own papers written up under a classified seal without the shuck and jive.
Every once in a while you still run into a site that helpfully notifies you of your new account by emailing the plain text of your password back to you, unencrypted of course. Generally speaking these are sites for applying to jobs where you’re expected to enter every possible detail about yourself just in case some hacker needs to know.
I honestly think there are a lot of things business does not because it pays or out of any rational reason, but simply to humiliate and distress people. I mean, why can’t you find an employee in the store, but there’s somebody out on the road paid to dress up like a chicken? Because bosses don’t laugh when they see employees helping somebody in the store!
LOVL!
NOTICE that they wont tell you what operating system they are using. hmm.. if it wasn’t Linux, you would about it..
i am guessing the server was a microsoft windows server.
Given the history of microsoft windows, here are the 5 best email security tips.
1. Don’t use microsoft windows.
2. Don’t use microsoft windows.
3. Don’t use microsoft windows.
4. Don’t use microsoft windows.
If you doubt that, put these gems into your search box
MICROSOFT WINDOWS SECURITY NIGHTMARE
MICROSOFT WINDOWS SECURITY SUCKS
MICROSOFT PRIVACY LIES
Microsoft won’t fix Windows flaw that lets hackers steal your username and password
https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
TIP #5
5. Don’t use microsoft windows.
Better yet — don’t do and say things in emails (or anyplace else!) that are different from your public utterances. Either be an honest person in both public and private , or pay the cost of humiliation and exposure you deserve. The Clinton campaign doesn’t need to learn how to cover up and hide better, they need a new moral compass. Go Jill!
Deserve?? Ok Goebbels.
I always circumvent these problems by setting up my own private e-mail server. It works like a charm.
As long as you don’t mention sex in your e-mails, nobody cares, even if they are subsequently hacked and published. The only thing the general public takes away from the Podesta e-mails is that affairs of state are complex and that you need a private policy as well as a public (understandable) one.
The private policies of government officials are nobody’s business and therefore the public studiously ignores them (and rightly so).
For extra security, I find that hiding my server in a closet prevents nosy internet people from reading my secret emails.
I learned that from Hillary,
That works too, but in Mrs. Clinton’s case, it must have been hard to find room because of all the skeletons.
Judging the amount of emails released, it must have been a walk-in closet. She needs the extra room.
An excellent and very helpful article.
Thank you, Mr Lee.
That’s nice, Micah. With these helpful guidelines, Podesta, Clinton & the DNC should be able to check their seals .. . in the future.
*Meanwhile Putin is hacking everything they say (privately) and Assange (& TI at least) is publishing it in real time, with little effect (one might think the NYT and Graun, anyway, would be interested in Mrs. Clinton’s Saudi connections… but evidently, not.) At this point, what could Mrs. Clinton possibly say or do that’s not already been exposed, publically or privately (email etc.), that would make a money grubbing pussy grabber like The Turnip look like a good alternative?
lol. Looking up skirts? Table top runways? Ass swatting? Yeah. Christmas parties on wallstreet, contract celebrations, boat parties, special conventions and industry parties, bachelor parties, hollywood interviews….
What, vote for hillary and suddenly every man is up on criminal charges? I think maybe Trump just won the election.
Good advice and it seems to me that someone named – it will come to me in a second – yes – it was Edward Snowden that has posted extensively about being secure on the internet.
Pete
Microsoft handed the NSA access to encrypted messages | US news …
https://www.theguardian.com/world/…/microsoft-nsa-collaboration-user-data
Jul 11, 2013 … Microsoft helped the NSA to circumvent its encryption to address … with the FBI, developed a surveillance capability to deal” with the issue.
NSA Partner in Crime? Microsoft Admits Windows 10 Auto-Spying …
21stcenturywire.com/…/nsa-partner-in-crime-microsoft-admits-windows-10-auto-spying-cant-be-disabled/ – Cached – Similar
Nov 4, 2015 … 1-microsoft-windows-10-NSA-Hack · Techworm confirms the brazen move by Gatestown product engineers: “As more and more users are …
NSA’s access to Microsoft’s services detailed – BBC News – BBC.com
http://www.bbc.com/news/technology-23285642 – Cached – Similar
Jul 12, 2013 … Microsoft helped the NSA get around its encryption systems so the agency could spy on users of … Aviation industry agrees emissions deal.
Report: Microsoft collaborated closely with NSA – CNN.com
http://www.cnn.com/2013/07/12/tech/web/microsoft-nsa-snooping/ – Cached – Similar
Jul 13, 2013 … A new report from the Guardian newspaper claims Microsoft willingly collaborated with the NSA on users’ data.
http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/
“The obvious conclusion is that Clinton simply doesn’t understand cybersecurity, in theory or in practice”
Now, now Micah… don’t you know you’ll be called a Putin apologist if you criticize anything about Hillary?
And, there’s a rumor going around that they don’t even care if it’s true or not.
Micah, you’re great. But why would you want to give helpful information to these criminals? They deserve to be hacked, and the public has a right to know about their activities.
If they haven’t got somebody on the payroll – or along the way, for chrissakes, to tell them this, than she is too ignorant to be running the country.
They do and we do, but everybody has a right to be completely safe in their home/office and in/with their personal devices.
Right on target! You’d think with the presidency at stake there would be at least the realization that we are in the “computer hacking age”!
Just goes to show what kind of sub-mentality rules the D’s (and the R’s)…..
Or just plain enormous, “hubris”!
“What, we get hacked?” (!!!!)
ever notice it is a problem mainly with the US?
Ever hear about china or russia getting hacked?
stupid american systems.
exactly
And you know what else is really starting to irk me, places like Daily Kos and LGM who are permitted to basically libel Glenn Greenwald imputing positions to him he’s never held or stated in any venue.
Check out Glenn’s Twitter feed and the link to the hatchet job that was done on him by some Daily Kos member (since “updated” and “apologized” for, sorta), on the topic of journalistic integrity and the handling of leaks vs. hacks depending on the status or function in society of the object of the leak or hack. And as he discussed with Chris Hayes yesterday, also linked on Glenn’s Twitter feed. I was disappointed Chris Hayes at times seemed to struggle with the relevant distinctions at times.
Glenn has maintained a totally coherent consistent (and nuanced) position on these topics throughout his writing, at least to the extent his writing implicates or relies upon leaks or hacks. Hell he had a detailed interview with Slate on most of these topics back in July of this year and has never deviated from his stated position.
http://www.slate.com/articles/news_and_politics/interrogation/2016/07/glenn_greenwald_on_donald_trump_the_dnc_hack_and_a_new_mccarthyism.html
I have a solution: Don’t visit crap sites like Daily Kos!!
I visit those sites so I can keep abreast of the “centrist” mindset and arguments. I don’t particularly care what that prevailing sentiment is, but I think it is important to be familiar with it.
Like I said, my problem is when they get away with something that is almost libelous–i.e. attributing a factual position to another person, who has never stated or held that position in a sleazy (or stupid) attempt to avoid addressing the point(s) that person is actually making.
Character assassination is poor argument in almost every context. And attempting to divine an individual’s motivations is usually pointless. Address the logic and morality of facts and actions (of course in context to the degree that is relevant), because motivations are complex, conflicting and usually nearly impossible to discern accurately. That’s assuming they are ever/even relevant to a particular argument.
Can one send document attachments using Signal? Right now I only see photo support.
Reason #531 I will not be voting for Hillary Clinton–if she hand her hand picked advisers know this little about cybersecurity (and/or she and her advisers actually do and this is just her false flag way of undermining cybersecurity for the entire world so US agencies can spy better on everyone through legislative changes that weaken cybersecurity), then she and her advisers have no business whatsoever being responsible for America’s, and American citizen’s, cybersecurity. None.
Oops that was a weird brain misfire:
Should have read . . . “if her hand picked . . . .”
really excellent point
she is either extremely incompetent or, she did this for a more nefarious reason to set the stage for a more involved secret police state for her wallstreet prompted “just trust us” slew of laws and policies to protect “the people”.
the woman is insane.
No, she is very cunning and backed by one of the worlds most powerful men.
she has so many thieving wallstreet lovers i had to think
haim saban
heard of him, recall some stuff, sounds like a foreign person
if he is wealthy and unheard of, could be a weapons maker
he must want to influence american elections in a real bad way
sounds israeli, maybe he gets a cut of the $38 billion
i wonder is hellary is a citizen of israel
To steal a familiar statement, “there you go again”. Israel orchestrates everything evil in the world, including the centuries old long list of poor candidates running for POTUS. None of the 4 candidates are either qualified and/or ethical. What’s a voter to do? I’m going for smart and corrupt rather than stupid and corrupt. PS – Someone did grab my ass as I was walking NY Trump a Plaza
oops, that PS should read “Someone did grab my ass as I was walking by Trump Plaza”.
Besides encrypting my emails I’ve got to turn that darn Autocorrect off.