Around January 12, 2010: Clinton and her aides allegedly demonstrate lax communication security while in Hawaii.

Clinton speaks on her Blackberry in the lobby of a Honolulu hotel on January 13, 2010. (Credit: Mandel NGAN / Agence France Presse / Getty Images)

Clinton speaks on her Blackberry in the lobby of a Honolulu hotel on January 13, 2010. (Credit: Mandel NGAN / Agence France Presse / Getty Images)

Bill Johnson, the State Department’s political adviser to the special operations section of the US Pacific Command (PACOM), will later claim that he is present in Honolulu, Hawaii, while Clinton comes to visit. During her trip, news breaks of a large earthquake in Haiti, which takes place on January 12, 2010.

Clinton goes to a security communications facility in the basement of PACOM headquarters to help organize a humanitarian response to the earthquake. She wants to communicate with her top staff back at State Department headquarters in Washington, DC, but she and her aides are not allowed to bring their cell phones into PACOM headquarters because they are using unsecured, personal devices. They ask Johnson for an exception to the rules, but he refuses, citing alarms and lockdowns that would be automatically triggered if anyone brought an unauthorized signal-emitting unit into the building.

So instead, according to Johnson, “She had her aides go out, retrieve their phones, and call [State Department headquarters] from outside,” using open, unsecure lines. “It was really an eye-opener to watch them stand outside using nonsecure comms [communications] and then bring messages to the secretary so she could then conduct a secure [call] with the military” and the State Department. (Newsweek, 5/25/2016)

May 21, 2010—October 21, 2010: Computer records suggest Clinton’s private server could be located at the Clinton Foundation’s headquarters.

The result of an IP location look up of where Clinton's private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

The result of an IP location look up of where Clinton’s private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

According to publicly available computer records, the IP [Internet Protocol] address for the mail.presidentclinton.com server is 24.187.234.187 from at least 2009 to 2011. Records also show that mail.clintonemail.com server has the same exact IP address, 24.187.234.187, from at least May 21, 2010 to October 21, 2010. That means the two servers must have been in the same location for that overlapping time period.

Computer records can also indicate where the IP addresses are physically located, and that IP address at that time is somewhere in the middle of Manhattan, New York City. That makes sense for presidentclinton.com, since former President Bill Clinton’s offices are there, and the Clinton Foundation headquarters is also there. But that would suggest that Hillary Clinton’s clintonemail.com server used for all her secretary of state work is also based in Manhattan and not Chappaqua, New York, for at least part of 2010. (DNS History, 9/7/2015) (DNS History, 9/7/2015) (IP Tracker, 9/3/2015)

Around Mid-2010 and After: After contacting a Secret Service agent about frequent hacking attacks on Clinton’s server, the managers of the server apparently never contact anyone else from other government departments for help.

Justin Cooper (Credit: Alex Wong / Getty Images)

Justin Cooper (Credit: Alex Wong / Getty Images)

According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.

Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)

However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.

Representative Jody Hice (Credit: Twitter)

Representative Jody Hice (Credit: Twitter)

Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)

It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.

The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)

Around Mid-2010 to January 2013: “Brute force” hacking attempts on Clinton’s private server begin and steadily increase, but it is unknown if any are successful.

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly Roll Call)

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly)

Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”

The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)

Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”

Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”

After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)

July 24, 2010: Clinton may start accessing the Internet at her Washington home using an unsecure, typical Wi-Fi connection.

Philippe Reines (Credit: Washington Post)

Philippe Reines (Credit: Washington Post)

Clinton and Philippe Reines have an email chain about Clinton’s new iPad. Reines is Clinton’s press secretary and a senior advisor. It is a Saturday and apparently Clinton is at her home in Washington, DC, and trying to get her new iPad to work. She cannot connect to the Internet with it, so she asks Reines, “I don’t know if I have wi-fi. How do I find out?” (Wi-Fi technology allows one to connect to the Internet using a wireless local area network.)

Reines responds, “Let me talk to Justin & Huma to check out the situation, and if there is wi-fi I’m happy to swing by and set it up.” “Justin” is a likely reference to Clinton aide Justin Cooper, who registered Clinton’s private server in her Chappaqua, New York, house, and “Huma” is a likely reference to Clinton’s deputy chief of staff Huma Abedin. (US Department of State, 11/30/2015) 

It is not known what happens, but it appears Reines is prepared to enable Clinton to regularly use her iPad at her home using a typical Wi-Fi network, without any extra security measures. Clinton begins using her iPad for her emails the next day, while continuing to use her BlackBerry. (US Department of State, 8/31/2015)

July 25, 2010: Clinton invites a US diplomat to discuss communications with foreign ministers with her using her private email address.

100725Montage

Italian Foreign Minister Franco Frattini (top left) (Credit: European Press Agency), Greek Prime Minister George Papandreou (top right) (Credit: Greek Reporter), Spanish foreign minister Miguel Angel Moratinos (lower left) (Credit: 525-gi gazet), Israeli Prime Minister Benjamin Netanyahu (lower right) (Credit: Israel Ministry of Foreign Affairs)

Clinton writes an email to former senator George J. Mitchell (D), who is the US Special Envoy for Middle East Peace at the time. The subject heading is “Here’s my personal email,” and the entire message is “Pls [Please] use this for reply–HRC [Hillary Rodham Clinton].” (US Department of State, 9/30/2015) 

Mitchell replies, “I talked with Frattini again and went over the point again. He said he understands and agrees.” The rest of his email is later redacted because it contains “foreign government information.” “Frattini” is a likely reference to Italian Foreign Minister Franco Frattini.

Clinton replies, “I told Papandreou the same.” “Papandreou” is a likely reference to Greek Prime Minister George Papandreou. (US Department of State, 9/30/2015) 

Mitchell then discusses communicating with “Moratinos,” a likely reference to Spanish foreign minister Miguel Angel Moratinos.

Clinton replies by mentioning a plan to call “Ashton,” a likely reference to the European Union foreign policy chief Catherine Ashton, and “Bibi,” the nickname of Israeli Prime Minister Benjamin Netanyahu. (US Department of State, 9/30/2015) 

It is not clear why Clinton invites Mitchell to discuss such high-level diplomatic communications via her unsecure personal email address. In 2015, J. William Leonard, former director of the US Information Security Oversight Office, will make the general comment, “If a foreign minister just told the secretary of state something in confidence, by US rules that is classified at the moment it’s in US channels and US possession. […] It’s born classified.” (Reuters, 8/21/2015)

September 12, 2010: An email forwarded to Clinton apparently reveals the names and emails of four secret CIA officials.

Judith McHale (Credit: public domain)

Judith McHale (Credit: public domain)

State Department official Mary Sanderson emails over a dozen other officials some analysis about Turkey from the department’s Bureau of Intelligence and Research (INR). State Department official Judith McHale forwards the email to Clinton and a couple of her aides. Nothing in the analysis will later be deemed classified, but it appears four other recipients of Sanderson’s email are secret CIA officials. (US Department of State, 9/12/2010)

November 2010: Clinton writes she doesn’t want “any risk of the personal being accessible” in her emails, contradicting her later claim that her main concern is “convenience.”

The seventeen words that merited a headline by the New Yorker: "Let's get separate address or device but I don't want any risk of the personal being accessible." (Credit: The New Yorker)

The seventeen words that merited a headline by the New Yorker: “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (Credit: The New Yorker)

Clinton and her deputy chief of staff, Huma Abedin, discuss the fact that Clinton’s emails to other State Department employees are sometimes not being received. Apparently, they are getting discarded as spam because they are coming from an unofficial address.

Abedin tells Clinton in an email that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.”

In response, Clinton writes, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (US Department of State, 5/25/2016)

In 2016, the New Yorker Magazine will comment that Clinton’s “personal being accessible” comment “seem[s] to confirm what many observers have suspected from the outset: Clinton’s main motive in setting up the email system wasn’t to make it easier for her to receive all her messages in one place, or to do all her business on her beloved BlackBerry; it was to protect some of her correspondence—particularly correspondence she considered private—from freedom-of-information requests and other demands for details, for example, from Republican-run congressional committees.” (The New Yorker, 5/26/2016)

These emails between Clinton and Abedin will not be included in the 30,000 work-related emails that Clinton turns over to the State Department in December 2014, even though they clearly discuss work matters. The State Department will later discover them through other means, most likely from Abedin’s email inbox. (The Associated Press, 5/26/2016)

November 28, 2010: WikiLeaks releases over 250,000 State Department cables, but Clinton does not change her unsecure communication methods.

Mark Penn (Credit: PR News)

Mark Penn (Credit: PR News)

WikiLeaks, working with several major media outlets, begins publicly releasing over 250,000 diplomatic cables between the State Department and US embassies around the world. The cables date from 1966 to February 2010. None of the cables are classified at a level higher than “confidential,” the lowest classification level.

Clinton responds with the public comment, “This disclosure is not just an attack on America’s foreign policy interests, it is an attack on the international community: the alliances and partnerships, the conversations and negotiations that safeguard global security and advance economic prosperity. […] It puts people’s lives in danger, threatens our national security, and undermines our efforts to work with other countries to solve shared problems.” (USA Today, 11/29/2010) (The New York Times, 11/28/2010) 

Mark Penn, Clinton’s chief strategist for her 2008 presidential campaign, sends Clinton an email in which he recommends, “I think you need to order a full scale review and upgrading of the cyber security of the State Department immediately.” (US Department of State, 9/30/2015) 

However, despite this being the largest breach of State Department classified information in history, Clinton doesn’t change her personal communication methods, and continues to use an unsecured BlackBerry and an unsecured private email server. It is unknown if the State Department changes its cybersecurity as a whole, and if so, how.

December 22, 2010: Clinton is told a new rule that all work emails must be preserved.

The National Archives building in Washington, DC. (Credit: public domain)

The National Archives building in Washington, DC. (Credit: public domain)

The National Archives and Records Administration (NARA) issues guidelines to the heads of all federal agencies, including Secretary of State Clinton, stating that all emails and email attachments relating to government business are considered records to be preserved under the Federal Records Act. (The Wall Street Journal, 9/30/2015)

Late 2010: A State Department official falsely claims Clinton’s computer system has legal approval and warns staffers never to speak of the issue again.

John Bentel (Credit: public domain)

John Bentel (Credit: public domain)

Two members of Clinton’s senior executive staff will later claim they discussed their concerns about Clinton’s use of a personal email address, each in a separate meeting with John Bentel, the director of the Office of the Executive Secretariat for Information Resource Management.

In one of those meetings, Bentel says that Clinton’s personal communication system has been reviewed and approved by the department’s legal staff and that the matter is not to be discussed any further. However, a later State Department inspector general investigation will find no evidence that any department lawyers ever make such a review.

The other staff member who raised concerns about the server is told by Bentel that the mission of his office is to support Clinton and, in the words of a May 2016 inspector general report, “instruct[s] the staff never to speak of the Secretary’s personal email system again.”

Bentel will later claim he has no memory of any of these issues and will refused to be interviewed by any investigators. (US Department of State, 5/25/2016) (Yahoo News, 5/25/2016)

2011: Clinton misses a cybersecurity presentation meant just for her.

Julia Frifield (Credit: The Department of State Archives)

Julia Frifield (Credit: The Department of State Archives)

State Department diplomatic security staff give a cybersecurity PowerPoint presentation meant for Clinton. However, she doesn’t attend it. According to a 2016 letter by Julia Frifield, the department’s assistant secretary for legislative affairs, “although the PowerPoint indicates the briefing was for former Secretary Clinton, we understand from the testimony of the briefers that she was not in attendance.” The PowerPoint presentation has not yet been declassified so it can be publicly released. (US Senate Judiciary Committee, 3/3/2016)

2011: A “top secret” Clinton email contains intelligence from CIA sources and US spy satellites

The National Geospatial-Intelligence Agency logo. (Credit: public domain)

The National Geospatial-Intelligence Agency logo. (Credit: public domain)

Very little is known about Clinton’s 22 emails that are later deemed “top secret,” since all details about them have remained classified. However, it is known that one of them is sent sometime this year. A few details about just this one email are known because it will be included in a random selection of 40 emails that will get reviewed by State Department Inspector General Steve Linick in 2015.

After Linick decides the email should be top secret, the Central Intelligence Agency (CIA) and the National Geospatial-Intelligence Agency will perform a second review and confirm that the email should be top secret. That indicates the email contains information obtained from both CIA sources and US spy satellites. (The New York Times, 9/7/2015) (The New York Times, 2/29/2016)

March 9, 2011: Clinton asks an aide to print a Blumenthal email without any identifiers.

Sid Blumenthal sends Clinton an email with the subject line, “H: Serious problems for Libyan Rebels. Sid.” Blumenthal is a journalist and Clinton Foundation employee who frequently sends intelligence emails to Clinton, despite being a private citizen with no security clearance. Clinton forwards the email to her top aide Huma Abedin and asks her to print it out. But she also asks, “Can you print for me w/o any identifiers?” Abedin replies “Yes.” (The New York Times, 6/29/2015)

March 11, 2011: Clinton doesn’t think two emails from a former British prime minister should be flagged for classified content.

British Prime Minister Tony Blair (Credit: David Levene / The Guardian)

British Prime Minister Tony Blair (Credit: David Levene / The Guardian)

Clinton emails her deputy chief of staff Huma Abedin and tells her to print out two recent emails from former British Prime Minister Tony Blair. Both Clinton and Abedin are using private email accounts on Clinton’s server. The emails are CCed to Clinton aide Jake Sullivan, who also is using a private email account. Nearly all of the content of Blair’s messages is later redacted, due to containing “Foreign government information” and “foreign relations or foreign activities of the US, including confidential sources.” (Judicial Watch, 1/29/2016) At the time, Blair is the official Middle East envoy representing the US, Russia, the UN and the EU, and he is heavily involved in Middle Eastern peace negotiations. (BBC, 5/27/2015)

April and May 2011: Clinton and her top aides are warned again to minimize the use of personal emails for business due to hacker attacks.

In March 2011, State Department security officials warned Clinton and other senior officials that there was a “dramatic increase” in hacker attacks specifically targeting senior US officials. It concluded, “We urge department users to minimize the use of personal web email for business.”

This is followed by a cybersecurity briefing in April 2011 and then another one in May. Clinton’s immediate staff and other top officials attend the briefings, but it is not clear if Clinton herself does. However, after Clinton ends her term in 2013, a copy of a classified presentation used during one of the briefings will be found in her papers. It contains warnings similar to the March 2011 warning. (US Department of State, 5/25/2016)

April 3, 2011: Clinton’s comments about a Libyan defector will later be deemed “secret.”

Moussa Koussa (Credit: PA)

Moussa Koussa (Credit: PA)

Clinton aide Jake Sullivan sends Clinton a forward of a Reuters article explaining how former Libyan foreign minister Moussa Koussa has just defected to Britain and will be talking to British intelligence. The article will not be redacted later, but all of the extensive comments by Under Secretary of State for Political Affairs William Burns will be. Then Clinton adds three lines of commentary that also will be totally redacted. Her email will later be deemed “secret,” which is the middle level of classification. (US Department of State, 2/29/2016)

April 10, 2011: An email forwarded to Clinton appears to contain the most recent US military intelligence, which should have been classified.

US Ambassador Christopher Stevens. He dies from smoke asphyxiation on September 11, 2012, due to a terrorist attack on the US Consulate in Benghazi, Libya. (Credit: Reuters)

US Ambassador Christopher Stevens. He dies from smoke asphyxiation on September 11, 2012, due to a terrorist attack on the US Consulate in Benghazi, Libya. (Credit: Reuters)

The email discusses the current security situation in Libya. It says that due to violence in the town of Ajdabiyah, US Special Envoy Christopher Stevens “is considering departure from Benghazi.” It also discusses Stevens’ concerns about departing and it details the “phased checkout” of Stevens’ staff from the area, possibly in a few hours. Additionally, it contains the latest secret intelligence from AFRICOM (US Africa Command, the US military in Africa), detailing nearby troop movements in the Libyan civil war that could threaten Stevens and his staff. Tim Davis, a special assistant to Clinton, writes the email and then sends it to Clinton aide Huma Abedin, who forwards it to Clinton. Davis marks it “SBU,” which means “sensitive but unclassified.” The email will be released to the public in full on May 13, 2015.

However, the State Department’s inspector general will later conclude that the email should not have been made public without redactions. Furthermore, in August 2015, an unnamed government official familiar with the investigation into Clinton’s emails will tell CBS News that at least the part of the email containing current military intelligence should have been marked classified at the time. Additionally, because that information originated from the military, the State Department did not have the right to declassify it at the time it was sent or later. The unnamed official will say that this kind of mistake is not unusual for State Department officials when they discuss information from multiple sources, but the difference is that this email is stored on Clinton’s private server, which can be easily hacked or monitored. (CBS News, 8/19/2015) (US Department of State, 5/13/2015

In 2015, Fox News will claim that the email contained intelligence from the Defense Intelligence Agency (DIA), the National Security Agency (NSA), and the National Geospatial-Intelligence Agency (NGA), which oversees satellite imagery. Furthermore, “all three agencies confirmed to the intelligence community inspector general that the intelligence was classified when it was sent four years ago by Abedin to Clinton’s private account, and remains classified to this day.” (Fox News, 8/26/2015) Even though the email will be made public in full in May 2015, it will be reclassified as “secret” in September 2015. “Secret” is the medium level of classification, below “top secret.” (The New York Times, 9/30/2015)

April 26, 2011: An email forwarded to Clinton includes the name and email address of a secret CIA official who might be in Libya.

Christina Tomlinson (Credit: Linked In)

Christina Tomlinson (Credit: Linked In)

State Department official Christina Tomlinson writes an email about a recent traffic accident involving US Special Envoy Christopher Stephens in Libya that killed four Libyan civilians. The email is sent to over 20 other US officials; most of them appear to have jobs related to the US military effort in the on-going Libyan civil war. The name and email address of one recipient will later be redacted due to that person being a secret CIA official. Clinton’s chief of staff Cheryl Mills forwards the email to Clinton. (US Department of State, 1/7/2016)