2012: Clinton’s private server is vulnerable to a hacker attack described in a government warning.

Marc Maiffret (Credit: Fox News Business)

Marc Maiffret (Credit: Fox News Business)

The Homeland Security Department’s Computer Emergency Readiness Team issues a warning about remote access attacks, that would allow hackers to take control of computers. The warning notes that “An attacker with a low skill-level would be able to exploit this vulnerability.”

In 2015, the Associated Press will report that Clinton’s private email server could have been vulnerable to a hostile takeover by this very type of attack. Clinton’s server appears to have lacked encrypted protections, and could accept commands from the computers over the Internet.

Marc Maiffret, who founded two cybersecurity companies, will later comment, “That’s total amateur hour. […] Real enterprise-class security, with teams dedicated to these things, would not do this.”

Another cybersecurity expert, Justin Harvey, will comment that Clinton’s server “violates the most basic network-perimeter security tenets: Don’t expose insecure services to the Internet.” (The Associated Press, 10/13/2015)

2012: Clinton’s private server is still run on software newly prohibited by the State Department.

At some point in 2012, The State Department bans the use of remote-access software for its technology officials to maintain unclassified servers, unless a waiver is given. It also bans all instances of remotely connecting to classified servers. However, according to records from December 2012, Clinton’s private email server continues to use remote-access software, and no evidence of a waiver allowing this has yet emerged.

Computer security expert Mikko Hypponen will say in 2015 that the use of remote-access software on her server was “clearly serious” and could have allowed hackers to run malicious software on it. (The Associated Press, 10/13/2015)

March 30, 2012—March 31, 2012: Clinton’s BlackBerry emails could be intercepted by Saudi Arabia while she visits that country.

Assistant Secretary for Near Eastern Affairs Jeffrey Feltman, Ambassador to the Clinton meets with King Abdullah bin Abdulaziz Al Saud of Saudi Arabia on March 30, 2012. (Credit: US Embassy Riyadh)

Clinton meets with King Abdullah bin Abdulaziz Al Saud of Saudi Arabia on March 30, 2012. (Credit: US Embassy Riyadh)

Clinton travels to Riyadh, Saudi Arabia, from March 30 to 31, 2012. (US Department of State, 3/30/2012)

This is notable because a September 2016 FBI report will reveal that Clinton regularly used her unsecure BlackBerry while outside the US, including sending and/or receiving “hundreds” of emails containing classified information. (Federal Bureau of Investigation, 9/2/2016)

Furthermore, in August 2010, it was reported that Research in Motion (RIM), the company that makes BlackBerrys, agreed to locate three computer servers within Saudi Arabia, “putting them under the jurisdiction of local security forces,” according to an article at the time by the Register.

Headquarters of Research In Motion (RIM) located in Waterloo, Ontario (Credit: public domain)

Headquarters of Research In Motion (RIM) located in Waterloo, Ontario (Credit: public domain)

The effective result is that the Saudi government was able to intercept emails that have to briefly pass through the servers. RIM did not want to agree to this, but the Saudi government briefly suspended BlackBerry service until RIM gave in. Even emails sent through Saudi Arabia using personal encryption keys could be easily intercepted due to this agreement. (The Register, 8/9/2010)

Clinton is sent emails virtually every day, and her days in Saudi Arabia are no exceptions. One email classified at the “confidential” level is sent to Clinton on March 31, 2012, though it’s not clear if she is in Saudi Arabia at the time or not. The email concerns politics in Sudan and South Sudan. (US Department of State, 1/29/2016)

 

April 2012: A photo leads to confirmation Clinton is not using a government email account, but no action is taken.

Clinton checks her Blackberry in a military C-17 plane bound for Tripoli, Libya October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

Clinton checks her Blackberry in a military C-17 plane bound for Tripoli, Libya October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

A photo of Clinton using her BlackBerry while wearing sunglasses on a military plane in 2011 becomes popular on the Internet, prompting a “Texts from Hillary” meme.

In court testimony in 2016, State Director of Executive Secretariat Staff Karin Lang will recall that Clarence Finney, who oversees the State Department’s responses to Freedom of Information Act (FOIA) searches, sees the photo in the media and wants to know if Clinton still does not have a government email account. Finney checks with the department’s information management staff and confirms she still doesn’t have one. According to Lang, Finney will not recall who told him this, or when it happened exactly. (Politico, 6/9/2016

However, the photo’s popularity starts and peaks in April 2012. The Washington Post comments about the photo at the time, “When Hillary Rodham Clinton checks her phone, she’s probably reading top secret e-mails…” But this does not lead to any attempt by Finney or others to find if she might have a private email account that could be responsive to FOIA requests. (The Washington Post, 4/5/2012)

July 14, 2012: Blumenthal sends Clinton another email that contains obviously classified information, but Clinton doesn’t flag it as such.

Mohamed Morsi, a member of the Muslim Brotherhood, is declared winner of the Egyptian presidential election on June 24, 2012. (Credit: The European Press Agency)

Mohamed Morsi, a member of the Muslim Brotherhood, is declared winner of the Egyptian presidential election on June 24, 2012. (Credit: The European Press Agency)

Clinton confidant and private citizen Sid Blumenthal marks the email “CONFIDENTIAL,” and then gives this warning: “SOURCE: Sources with access to the highest levels of the Muslim Brotherhood in Egypt, The Supreme Council of the Armed Forces, and Western Intelligence and security services. THE FOLLOWING INFORMATION COMES FROM AN EXTREMELY SENSITIVE SOURCE AND SHOULD BE HANDLED WITH CARE.” The email then discusses secret meetings between senior members of the Muslim Brotherhood and the Egyptian army which have taken place in recent days. (US Department of State, 1/7/2016

However, Clinton does not warn department security about this email that could jeopardize an intelligence asset in Egypt. Instead, she forwards the email to her aide Jake Sullivan with the comment, “More timely info.” (US Department of State, 1/7/2016)

August and December 2012: An Internet-wide hacker attack makes Clinton’s private server even more vulnerable.

An anonymous hacker using a computer in Serbia scans hundreds of millions of Internet addresses for accessible openings, called “ports.” Clinton’s private server is scanned by this hacker in August 2012 and again in December. The hacker’s millions of results are then made widely available on-line. It is unknown if anyone looking at this data figures out if the server belongs to Bill and Hillary Clinton, although the name “clintonemail.com” is a clue. (The Associated Press, 10/13/2015)

September 3, 2012: Blumenthal sends an email to Clinton that later will be almost entirely redacted.

Clinton confidant and private citizen Sid Blumenthal emails Clinton another one of his many intelligence updates, despite having no security clearance. This one will later be nearly entirely classified, including the email title. There are only two sentence fragments later made public. One is Blumenthal’s marking: “CONFIDENTIAL.” The other is: “SOURCE: Sources with access to the highest levels of the governments and institutions discussed below. This includes—” Six blank pages of fully redacted text follow. (US Department of State, 1/29/2016) Most of Blumenthal’s emails relate to Libya, and the email is sent just eight days prior to a terrorist attack on the US consulate in Benghazi, Libya.

October 13, 2012: Clinton receives an email that reveals undercover CIA officers use State Department cover in Afghanistan.

Jeremy Bash (left) Leon Panetta (right) (Credits: public domain)

Jeremy Bash (left) Leon Panetta (right) (Credits: public domain)

Jeremy Bash, who is chief of staff to Defense Secretary Leon Panetta at the time, sends an email to four other US officials, including Clinton aides Jake Sullivan and Cheryl Mills. Sullivan then forwards the email to Clinton. The email has the subject heading: “This a.m. Green on Blue.” That is an idiom referring to when police attacks soldiers. The email refers to an Afghan police officer triggering a suicide vest and killing or wounding 14 Americans or Afghans, including one dead American.

The email will later be classified at the “secret” level, suggesting some important classified information in it, but its redactions make it difficult to understand. There is no indication of a reply from Clinton. (US Department of State, 1/29/2016)

In Clinton’s July 2016 FBI interview, she will be specifically asked about this email, again suggesting something unusual about it. However, her answer will also be heavily reacted. For instance, “Clinton believed she would be speculating if she were to state what [redacted] meant when he referred to [redacted].” (Federal Bureau of Investigation, 9/2/2016)

Dario Lorenzetti (public domain)

Dario Lorenzetti (public domain)

On February 4, 2016, NBC News will reveal that the email concerns undercover CIA officer Dario Lorenzetti. He died in the suicide attack described in the email. Lorenzetti’s CIA connection was leaked to the media by anonymous officials four days after his death and was widely reported in the news media, although his CIA cover was not lifted until later.

According to NBC News, in the redacted portions of the email, it seems Bash was trying “to preserve the CIA officer’s cover. But some of the language he used, now that Lorenzetti is known to have been a CIA officer, could be read as a US government acknowledgement that CIA officers pose as State Department personnel in a specific country, Afghanistan — something widely known but not formally admitted.” This is why the email is classified at the “secret” level.

Bash ends the email by instructing a CIA spokesperson to “please lash up with [redacted].” NBC News will indicate the missing word is “presumably either the spy agency or one of its employees.” (NBC News, 2/4/2016)

This may be the phrase that the FBI asked Clinton about, and to which she replied that “she would be speculating if she were to state what [redacted] meant when he referred to [redacted].” (Federal Bureau of Investigation, 9/2/2016)

NBC News will also interview Bash about this email. Bash will claim that the email “did not reference the individual’s name, employer, nor any identifying description or information.” Additionally, once the CIA posthumously lifted Lorenzetti’s cover, “the original unclassified email could be read to confirm the general use of cover, prompting the redactions we now see. But any suggestion that this email contained confirmation about the person or his cover, or any inappropriate information, is flat wrong.” (NBC News, 2/4/2016)

Around October 28, 2012: Clinton’s computer technician is still managing her private server, but there is no known email trail.

Clinton’s private email server in Chappaqua, New York, stops working for days after New York is hit by Hurricane Sandy. Bryan Pagliano is still the lead specialist for the server and is tasked to fix it. The email system is not always reliable, and Pagliano is always the one on call to fix problems as they come up. (The Washington Post, 8/4/2015) However, no emails between Pagliano and Clinton will be included in Clinton’s over 30,000 publicly released work emails, except for one where he wishes her a happy birthday. (US Department of State, 11/30/2015)

December 6, 2012: A non-profit group files a Freedom of Information Act (FOIA) request seeking Clinton’s emails, but a Clinton aide says the emails don’t exist despite knowing that they do.

The CREW logo (Credit: CREW)

The CREW logo (Credit: CREW)

The request by Citizens for Responsibility and Ethics in Washington (CREW) ask for “records sufficient to show the number of email accounts of or associated with Secretary Hillary Rodham Clinton.” (US Department of State, 7/29/2016)

This request is sparked by reports that Lisa Jackson, administrator of the Environmental Protection Agency, had been using an email account at work under the name “Richard Windsor.”

Clinton is still secretary of state at the time, and her chief of staff Cheryl Mills soon learns of CREW’s request, due to a December 11, 2012 email sent to her  (and possibly Clinton) about it. But although Mills is very aware of Clinton’s private email address since she frequently sends emails to it, she doesn’t take any action and merely has an aide monitor the progress of CREW’s request.

In May 2013, the State Department will respond to CREW, “no records responsive to your request were located.”

Other requests for Clinton’s records will meet the same fate until the House Benghazi Committee finds out about her private email account in 2014. (The Washington Post, 3/27/2016) (The Washington Post, 1/6/2016)

January 2013—May 31, 2013: Clinton uses an agent to find new management for her private server.

Tania Neild (Credit: public domain)

Tania Neild (Credit: public domain)

Tania Neild runs a company called InfoGrate that connects very wealthy people with companies who oversee their personal technologies, such as emails, and her company is based only about twenty miles from Clinton’s New York house. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

An FBI report will later state that “due to user limitations and reliability concerns regarding the [existing] server, staff for [Hillary] Clinton and President [Bill] Clinton discussed future email server options, and a search was initiated to find a vendor to manage a Clinton email server. Additionally, [Clinton’s computer technician Bryan] Pagliano’s expressed desire to seek new employment contributed to the decision to move to a new server.”

Clinton will also be interviewed, and she will recall “that the transition to [a new company] was initiated by President Clinton’s aides seeking a higher level of service than could be provided by the [existing] server.”

Around January 2, 2013, Neild is introduced to Clinton’s chief of staff Cheryl Mills through an unnamed mutual business associate. Neild will later tell the FBI that she worked with Mills and Pagliano to produce a proposal to solicit responses from multiple companies. (Federal Bureau of Investigation, 9/2/2016)

January 2013, Platte River Networks, a small company based in Colorado, is told by Neild they are in he running for a new contract. In mid-February, they find out they are a finalist for the contract, and that they might be working for Clinton. They will be hired by Clinton to manage her private server on May 31, 2013. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

01-2013AlexMcGeorgeNewsmax

Alex McGeorge (Credit: Newsmax)

Pagliano will later tell the FBI who made the final decision to pick Platte River. But this person’s name will be redacted, and only identified as someone working for President Clinton. (Federal Bureau of Investigation, 9/2/2016)

In retrospect, the choice of Platte River will seem to be an odd one. Cybersecurity expert Alex McGeorge will later comment, “My big issue here is do you want a small firm with little/no government experience or contracting (according to what’s being reported) and no stated security expertise to be in charge of the email system for our secretary of state? That is fundamentally ridiculous.” (Business Insider, 8/17/2015)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

January 17, 2013: Blumenthal is sent clearly marked classified information by a business partner.

A screenshot of Blumenthal's email account showing the January 17, 2013 email from Cody Shearer. (Credit: public domain)

A screenshot of Blumenthal’s email account showing the January 17, 2013 email from Cody Shearer. (Credit: public domain)

Clinton associate Cody Shearer sends Clinton confidant Sid Blumenthal a clearly classified document in an email. The subject heading for the email is: “Sid – This is Classified.” There is no text, but a document is attached called “Washington,_DC_Itinerary_for_D.doc.” In 2011 at least, Shearer and Blumenthal were business partners.

This email will only come to light because the hacker nicknamed Guccifer will post a screenshot of it after breaking into Blumenthal’s email account in March 2013.

It is not known if Shearer sent Blumenthal other classified information or if Blumenthal forwarded any such information to Clinton. (Gawker, 3/31/2015) Blumenthal has no security clearance to receive classified information at the time.