2010: Clinton appears in a cybersecurity video for State Department personnel.

It will remain publicly unknown until the video is leaked to Fox News in October 2016.

A photo capture of Clinton as she appears in the 2010 cybersecurity video. (Credit: Fox News)

A photo capture of Clinton as she appears in the 2010 cybersecurity video. (Credit: Fox News)

In the video, Clinton says that employees have a “special duty” to recognize the importance of cybersecurity. “The real key to cybersecurity rests with you. Complying with department computing policies and being alert to potential threats will help protect all of us.”

According to a later account by Fox News, “Clinton goes on in the video to underscore the important work the State Department Bureau of Diplomatic Security and IT department were doing to guard against cyber-attacks. She warns hackers try to ‘exploit’ vulnerabilities and penetrate department systems. She then urges staffers to log onto the internal cybersecurity awareness website or subscribe to their ‘cybersecurity awareness newsletter.’”

Representative Jason Chaffetz (R), chair of the House Oversight and Government Reform Committee, will later find the video ironic, given Clinton’s own security issues with her private email server. He will say, “Hillary Clinton needs only to look into the mirror to find the biggest cybersecurity risk.”

Clinton spokesperson Brian Fallon will say, “This is not new. It has been widely reported that during Clinton’s tenure the State Department issued these kinds of warnings about possible cybersecurity to employees. These warnings were more than appropriate given that it was subsequently confirmed that State’s email was hacked.” (Fox News, 10/22/2016)

Around January 12, 2010: Clinton and her aides allegedly demonstrate lax communication security while in Hawaii.

Clinton speaks on her Blackberry in the lobby of a Honolulu hotel on January 13, 2010. (Credit: Mandel NGAN / Agence France Presse / Getty Images)

Clinton speaks on her Blackberry in the lobby of a Honolulu hotel on January 13, 2010. (Credit: Mandel NGAN / Agence France Presse / Getty Images)

Bill Johnson, the State Department’s political adviser to the special operations section of the US Pacific Command (PACOM), will later claim that he is present in Honolulu, Hawaii, while Clinton comes to visit. During her trip, news breaks of a large earthquake in Haiti, which takes place on January 12, 2010.

Clinton goes to a security communications facility in the basement of PACOM headquarters to help organize a humanitarian response to the earthquake. She wants to communicate with her top staff back at State Department headquarters in Washington, DC, but she and her aides are not allowed to bring their cell phones into PACOM headquarters because they are using unsecured, personal devices. They ask Johnson for an exception to the rules, but he refuses, citing alarms and lockdowns that would be automatically triggered if anyone brought an unauthorized signal-emitting unit into the building.

So instead, according to Johnson, “She had her aides go out, retrieve their phones, and call [State Department headquarters] from outside,” using open, unsecure lines. “It was really an eye-opener to watch them stand outside using nonsecure comms [communications] and then bring messages to the secretary so she could then conduct a secure [call] with the military” and the State Department. (Newsweek, 5/25/2016)

January 13, 2010: Clinton is photographed on this day using a phone that clearly isn’t her blue-colored Blackberry that is seen in many other photos of her from before and after this time.

Left: Clinton reads her BlackBerry at a ceremony in New York on November 11, 2008. (Credit: Saul Loeb / Agence France Presse / Getty Images) Center: Clinton speaks on a phone in a hotel in Honolulu, Hawaii, on January 13, 2010. (Credit: Mandel Ngan / Agence France Presse) Right: Clinton uses her Blackberry inside a military plane bound for Tripoli, Libya, on October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

Left: Clinton reads her BlackBerry at a ceremony in New York on November 11, 2008. (Credit: Saul Loeb / Agence France Presse / Getty Images) Center: Clinton speaks on a phone in a hotel in Honolulu, Hawaii, on January 13, 2010. (Credit: Mandel Ngan / Agence France Presse) Right: Clinton uses her Blackberry inside a military plane bound for Tripoli, Libya, on October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

It is not known if it is a borrowed phone or her phone. (Getty Images) (Getty Images) In 2015, after her use of only one private email address will become public, she will claim that this was because she only had one phone. She will mention that she bought an iPad in 2010, but the first iPad model will not be released until April 2010 and she will not buy one until July 2010. (The Associated Press, 3/11/2015) (The Washington Post, 3/31/2015) (US Department of State, 8/31/2015)

March 2010: Clinton judges a possible department watchdog, raising independence concerns.

The permanent position of State Department inspector general has been vacant since 2008, before Obama became president. An inspector general serves as a department’s internal watchdog. Some time in March 2010, Clinton’s chief of staff Cheryl Mills emails Clinton about a possible nominee for the position. Mills writes, “Let me know if you DON’T want to proceed.”

Clinton writes back, “Are you ok [with] him?”

Then Mills writes, “Yes – he’ll be good.”

It is not known who they are talking about since the name will later be redacted, but Obama will not nominate anyone for the position until mid-2013, after Clinton’s term as secretary of state is over.

The Wall Street Journal will later comment, “The exchange raises questions about the independence of the inspector general’s office. Government inspectors general have broad latitude within government agencies to investigate cases of waste, fraud, mismanagement, and abuse.” (The Wall Street Journal, 2/20/2016)

May 2010: The Associated Press files the first FOIA request for Clinton’s communications.

FOIA Logo (US Dept. of Justice)

FOIA Logo (US Dept. of Justice)

The Freedom of Information Act (FOIA) request is apparently for Clinton’s schedules, not her emails. In March 2015, it will be reported the request still had not be fulfilled, causing the Associated Press to finally sue to force the issue. (The New York Times, 3/3/2015) (The Associated Press, 3/11/2015)

May 21, 2010—October 21, 2010: Computer records suggest Clinton’s private server could be located at the Clinton Foundation’s headquarters.

The result of an IP location look up of where Clinton's private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

The result of an IP location look up of where Clinton’s private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

According to publicly available computer records, the IP [Internet Protocol] address for the mail.presidentclinton.com server is 24.187.234.187 from at least 2009 to 2011. Records also show that mail.clintonemail.com server has the same exact IP address, 24.187.234.187, from at least May 21, 2010 to October 21, 2010. That means the two servers must have been in the same location for that overlapping time period.

Computer records can also indicate where the IP addresses are physically located, and that IP address at that time is somewhere in the middle of Manhattan, New York City. That makes sense for presidentclinton.com, since former President Bill Clinton’s offices are there, and the Clinton Foundation headquarters is also there. But that would suggest that Hillary Clinton’s clintonemail.com server used for all her secretary of state work is also based in Manhattan and not Chappaqua, New York, for at least part of 2010. (DNS History, 9/7/2015) (DNS History, 9/7/2015) (IP Tracker, 9/3/2015)

Around Mid-2010 and After: After contacting a Secret Service agent about frequent hacking attacks on Clinton’s server, the managers of the server apparently never contact anyone else from other government departments for help.

Justin Cooper (Credit: Alex Wong / Getty Images)

Justin Cooper (Credit: Alex Wong / Getty Images)

According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.

Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)

However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.

Representative Jody Hice (Credit: Twitter)

Representative Jody Hice (Credit: Twitter)

Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)

It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.

The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)

Around Mid-2010 to January 2013: “Brute force” hacking attempts on Clinton’s private server begin and steadily increase, but it is unknown if any are successful.

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly Roll Call)

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly)

Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”

The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)

Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”

Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”

After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)

July 23, 2010: An email forwarded to Clinton includes the name and email address of at least one secret CIA official.

A US official whose name is later classified sends an email to at least two dozen other US officials. Most of their names will later be classified as well. At least one redacted recipient’s name is that of a secret CIA official. The email concerns a recent WikiLeaks release of classified documents and includes an attachment that has a statement by senior Defense Department officials and relevant talking points. Clinton aide Jake Sullivan forwards the email to Clinton. (US Department of State, 2/26/2016)

July 24, 2010: Clinton may start accessing the Internet at her Washington home using an unsecure, typical Wi-Fi connection.

Philippe Reines (Credit: Washington Post)

Philippe Reines (Credit: Washington Post)

Clinton and Philippe Reines have an email chain about Clinton’s new iPad. Reines is Clinton’s press secretary and a senior advisor. It is a Saturday and apparently Clinton is at her home in Washington, DC, and trying to get her new iPad to work. She cannot connect to the Internet with it, so she asks Reines, “I don’t know if I have wi-fi. How do I find out?” (Wi-Fi technology allows one to connect to the Internet using a wireless local area network.)

Reines responds, “Let me talk to Justin & Huma to check out the situation, and if there is wi-fi I’m happy to swing by and set it up.” “Justin” is a likely reference to Clinton aide Justin Cooper, who registered Clinton’s private server in her Chappaqua, New York, house, and “Huma” is a likely reference to Clinton’s deputy chief of staff Huma Abedin. (US Department of State, 11/30/2015) 

It is not known what happens, but it appears Reines is prepared to enable Clinton to regularly use her iPad at her home using a typical Wi-Fi network, without any extra security measures. Clinton begins using her iPad for her emails the next day, while continuing to use her BlackBerry. (US Department of State, 8/31/2015)

July 25, 2010: An email chain forwarded to Clinton includes the name and email address of a secret CIA official.

Julian Assange (Credit: David G. Silver / Flickr)

Julian Assange (Credit: David G. Silver / Flickr)

Clinton aide Jake Sullivan forwards Clinton an email chain that has been discussing the recent releases of classified US government information by WikiLeaks and Julian Assange. Over 30 US officials are included in the email chain; the name and email address of one of them will later be redacted because that person is a secret CIA official. (US Department of State, 2/13/2016)

July 25, 2010: Clinton invites a US diplomat to discuss communications with foreign ministers with her using her private email address.

100725Montage

Italian Foreign Minister Franco Frattini (top left) (Credit: European Press Agency), Greek Prime Minister George Papandreou (top right) (Credit: Greek Reporter), Spanish foreign minister Miguel Angel Moratinos (lower left) (Credit: 525-gi gazet), Israeli Prime Minister Benjamin Netanyahu (lower right) (Credit: Israel Ministry of Foreign Affairs)

Clinton writes an email to former senator George J. Mitchell (D), who is the US Special Envoy for Middle East Peace at the time. The subject heading is “Here’s my personal email,” and the entire message is “Pls [Please] use this for reply–HRC [Hillary Rodham Clinton].” (US Department of State, 9/30/2015) 

Mitchell replies, “I talked with Frattini again and went over the point again. He said he understands and agrees.” The rest of his email is later redacted because it contains “foreign government information.” “Frattini” is a likely reference to Italian Foreign Minister Franco Frattini.

Clinton replies, “I told Papandreou the same.” “Papandreou” is a likely reference to Greek Prime Minister George Papandreou. (US Department of State, 9/30/2015) 

Mitchell then discusses communicating with “Moratinos,” a likely reference to Spanish foreign minister Miguel Angel Moratinos.

Clinton replies by mentioning a plan to call “Ashton,” a likely reference to the European Union foreign policy chief Catherine Ashton, and “Bibi,” the nickname of Israeli Prime Minister Benjamin Netanyahu. (US Department of State, 9/30/2015) 

It is not clear why Clinton invites Mitchell to discuss such high-level diplomatic communications via her unsecure personal email address. In 2015, J. William Leonard, former director of the US Information Security Oversight Office, will make the general comment, “If a foreign minister just told the secretary of state something in confidence, by US rules that is classified at the moment it’s in US channels and US possession. […] It’s born classified.” (Reuters, 8/21/2015)

September 12, 2010: An email forwarded to Clinton apparently reveals the names and emails of four secret CIA officials.

Judith McHale (Credit: public domain)

Judith McHale (Credit: public domain)

State Department official Mary Sanderson emails over a dozen other officials some analysis about Turkey from the department’s Bureau of Intelligence and Research (INR). State Department official Judith McHale forwards the email to Clinton and a couple of her aides. Nothing in the analysis will later be deemed classified, but it appears four other recipients of Sanderson’s email are secret CIA officials. (US Department of State, 9/12/2010)

November 2010: Clinton writes she doesn’t want “any risk of the personal being accessible” in her emails, contradicting her later claim that her main concern is “convenience.”

The seventeen words that merited a headline by the New Yorker: "Let's get separate address or device but I don't want any risk of the personal being accessible." (Credit: The New Yorker)

The seventeen words that merited a headline by the New Yorker: “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (Credit: The New Yorker)

Clinton and her deputy chief of staff, Huma Abedin, discuss the fact that Clinton’s emails to other State Department employees are sometimes not being received. Apparently, they are getting discarded as spam because they are coming from an unofficial address.

Abedin tells Clinton in an email that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.”

In response, Clinton writes, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (US Department of State, 5/25/2016)

In 2016, the New Yorker Magazine will comment that Clinton’s “personal being accessible” comment “seem[s] to confirm what many observers have suspected from the outset: Clinton’s main motive in setting up the email system wasn’t to make it easier for her to receive all her messages in one place, or to do all her business on her beloved BlackBerry; it was to protect some of her correspondence—particularly correspondence she considered private—from freedom-of-information requests and other demands for details, for example, from Republican-run congressional committees.” (The New Yorker, 5/26/2016)

These emails between Clinton and Abedin will not be included in the 30,000 work-related emails that Clinton turns over to the State Department in December 2014, even though they clearly discuss work matters. The State Department will later discover them through other means, most likely from Abedin’s email inbox. (The Associated Press, 5/26/2016)

November 28, 2010: WikiLeaks releases over 250,000 State Department cables, but Clinton does not change her unsecure communication methods.

Mark Penn (Credit: PR News)

Mark Penn (Credit: PR News)

WikiLeaks, working with several major media outlets, begins publicly releasing over 250,000 diplomatic cables between the State Department and US embassies around the world. The cables date from 1966 to February 2010. None of the cables are classified at a level higher than “confidential,” the lowest classification level.

Clinton responds with the public comment, “This disclosure is not just an attack on America’s foreign policy interests, it is an attack on the international community: the alliances and partnerships, the conversations and negotiations that safeguard global security and advance economic prosperity. […] It puts people’s lives in danger, threatens our national security, and undermines our efforts to work with other countries to solve shared problems.” (USA Today, 11/29/2010) (The New York Times, 11/28/2010) 

Mark Penn, Clinton’s chief strategist for her 2008 presidential campaign, sends Clinton an email in which he recommends, “I think you need to order a full scale review and upgrading of the cyber security of the State Department immediately.” (US Department of State, 9/30/2015) 

However, despite this being the largest breach of State Department classified information in history, Clinton doesn’t change her personal communication methods, and continues to use an unsecured BlackBerry and an unsecured private email server. It is unknown if the State Department changes its cybersecurity as a whole, and if so, how.

November 29, 2010: Clinton pledges improved communication security after the WikiLeaks leak, but the department remains highly vulnerable.

WikiLeaks Logo (Credit: WikiLeaks)

WikiLeaks Logo (Credit: WikiLeaks)

One day after WikiLeaks releases over 250,000 State Department cables, Clinton states, “I have directed that specific actions be taken at the State Department, in addition to new security safeguards at the Department of Defense and elsewhere to protect State Department information so that this kind of breach cannot and does not ever happen again.” (US Department of State, 11/29/2010

However, in October 2013, Buzzfeed will report that “The State Department’s communications system is operating without basic technical security measures in place, despite warnings about its vulnerabilities…” The system, called SMART (the State Messaging and Archive Retrieval Toolset), is used to share department communications, including the exact same kind of cables leaked by WikiLeaks. Buzzfeed further reports that its anonymous sources “say the failures have left thousands of cables and messages, including highly sensitive and classified ones, vulnerable to espionage or leaks for the last four years.” (Buzzfeed, 10/2/2013)

December 2010: Pagliano gets help from other State Department staffers to fix a communication problem involving Clinton’s private server.

Clinton’s computer technician Bryan Pagliano is working with staff from the State Department’s Information Resources Management (IRM) office to resolve issues affecting the ability of emails sent from Clinton’s private server to be received at department .gov email addresses. Pagliano shows some staffers the computer logs from the server. The issue is eventually resolved. On December 21, 2010, IRM staff send an email to Clinton’s top aides describing the issue and summarizing what was done to resolve it. This appears to be one of the few times Clinton’s server is discussed with other department employees. (US Department of State, 5/25/2016)

December 22, 2010: Clinton is told a new rule that all work emails must be preserved.

The National Archives building in Washington, DC. (Credit: public domain)

The National Archives building in Washington, DC. (Credit: public domain)

The National Archives and Records Administration (NARA) issues guidelines to the heads of all federal agencies, including Secretary of State Clinton, stating that all emails and email attachments relating to government business are considered records to be preserved under the Federal Records Act. (The Wall Street Journal, 9/30/2015)

December 23, 2010: A Clinton aide wants to talk on the phone about classified information.

Clinton aide Jake Sullivan emails Clinton and mentions a State Department diplomat who has “some interesting reports from the Pal [Palestinian] side, if you have a moment to talk secure.” The Washington Post will later refer to this as a rare instance where either Clinton or any of her aides shows concern about the communication of classified information. (The Washington Post, 9/1/2015) (US Department of State, 8/31/2015)

Late 2010: A State Department official falsely claims Clinton’s computer system has legal approval and warns staffers never to speak of the issue again.

John Bentel (Credit: public domain)

John Bentel (Credit: public domain)

Two members of Clinton’s senior executive staff will later claim they discussed their concerns about Clinton’s use of a personal email address, each in a separate meeting with John Bentel, the director of the Office of the Executive Secretariat for Information Resource Management.

In one of those meetings, Bentel says that Clinton’s personal communication system has been reviewed and approved by the department’s legal staff and that the matter is not to be discussed any further. However, a later State Department inspector general investigation will find no evidence that any department lawyers ever make such a review.

The other staff member who raised concerns about the server is told by Bentel that the mission of his office is to support Clinton and, in the words of a May 2016 inspector general report, “instruct[s] the staff never to speak of the Secretary’s personal email system again.”

Bentel will later claim he has no memory of any of these issues and will refused to be interviewed by any investigators. (US Department of State, 5/25/2016) (Yahoo News, 5/25/2016)

Late 2010 or Early 2011: Clinton’s computer technician is given a briefing; this shows some know Clinton has a private server.

Bryan Pagliano giving a speech in March 2011. (Credit: public domain)

Bryan Pagliano giving a speech in March 2011. (Credit: public domain)

According to later released emails, Bryan Pagliano receives an IT [information technology] security briefing in late 2010 or early 2011. It has to do with cybersecurity risks facing the State Department. A letter by Charles Grassley (R) which summarizes the emails says this briefing is “in connection with his work on the Secretary’s non-government server.” Pagliano continues to run Clinton’s private email server after he is hired by the State Department in May 2009, and at least initially, his bosses and co-workers don’t know about his second job with Clinton’s server. It’s not clear who else learns about it and when. (Reuters, 3/24/2016) (US Department of State, 5/25/2016)