2012: Clinton’s private server is vulnerable to a hacker attack described in a government warning.

Marc Maiffret (Credit: Fox News Business)

Marc Maiffret (Credit: Fox News Business)

The Homeland Security Department’s Computer Emergency Readiness Team issues a warning about remote access attacks, that would allow hackers to take control of computers. The warning notes that “An attacker with a low skill-level would be able to exploit this vulnerability.”

In 2015, the Associated Press will report that Clinton’s private email server could have been vulnerable to a hostile takeover by this very type of attack. Clinton’s server appears to have lacked encrypted protections, and could accept commands from the computers over the Internet.

Marc Maiffret, who founded two cybersecurity companies, will later comment, “That’s total amateur hour. […] Real enterprise-class security, with teams dedicated to these things, would not do this.”

Another cybersecurity expert, Justin Harvey, will comment that Clinton’s server “violates the most basic network-perimeter security tenets: Don’t expose insecure services to the Internet.” (The Associated Press, 10/13/2015)

March 14, 2012: An email forwarded to Clinton appears to reveal the secret identity of the CIA director’s chief of staff.

Cheryl Mills, Clinton’s chief of staff, forwards to Clinton an email with the subject heading: “URGENT — From Dave Petraeus’s Chief of Staff…” The name of the sender of the original email will later be redacted because it mentions the name of a secret CIA official. However, the subject heading logically suggests the sender is the chief of staff of CIA Director David Petraeus. The original email is sent at 4:44 a.m., suggesting it is quite urgent.

Parts of the email chain are later redacted due to containing “foreign government information” as additional mentions of secret CIA officials, although it’s unclear if all of these are the same person. Emails in the chain are too heavily redacted to be understood, although it might relate to security protocols, because Mills makes the comment, “I do want to discuss this situation as it will reoccur and we have protocols that we follow that I welcome covering with you.”

The email will later be classified at the “secret” level, which is the medium classification level, although it is not clear how much of this is due to the mention of a secret CIA name or names and how much is due to the urgent content in the emails. (US Department of State, 1/29/2016) 

Clinton replies to Mills at 6:49 a.m., presumably just after arriving to work, agreeing to receive a phone call from Mills about the matter a short time later. Clinton’s reply email will also be later deemed “secret,” because it includes all of the previous emails in the chain. (US Department of State, 1/29/2016)

March 14, 2012: Cheryl Mills reveals the name of a secret CIA official in an email that is forwarded to Clinton.

Ambassador Henry Ensher (Credit: public domain)

Ambassador Henry Ensher (Credit: public domain)

Clinton’s chief of staff Cheryl Mills writes an email to US Ambassador to Algeria Henry Ensher. Most of the short email will later be deemed classified both for containing “foreign government information” as well as the name of a secret CIA official. Ensher replies on March 19, and that also will later be deemed classified for containing “foreign government information” as well as the name of a secret CIA official. Mills then forwards the email chain to Clinton. The email to Clinton will later be deemed “secret,” the medium classification level. (US Department of State, 1/29/2016)

March 25, 2012: An email to Clinton mentions the name of a secret CIA official.

Marc Grossman (Credit: public domain)

Marc Grossman (Credit: public domain)

State Department official Christina Tomlinson sends Clinton aide Jake Sullivan an email entitled “MG-Z in Dushanbe.” Sullivan then forwards it to Clinton. Other Clinton emails indicate that “MG” is a reference to US Special Representative for Afghanistan and Pakistan Marc Grossman. Dushanbe is the capital of Tajikistan. Different portions of Tomlinson’s email will be deemed classified for various reasons. But one section is classified because it mentions the name of a secret CIA official. As a result, the entire email will later be deemed “secret,” the middle classification level. There is no apparent response from Clinton. (US Department of State, 1/29/2016)

April 2012: A photo leads to confirmation Clinton is not using a government email account, but no action is taken.

Clinton checks her Blackberry in a military C-17 plane bound for Tripoli, Libya October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

Clinton checks her Blackberry in a military C-17 plane bound for Tripoli, Libya October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

A photo of Clinton using her BlackBerry while wearing sunglasses on a military plane in 2011 becomes popular on the Internet, prompting a “Texts from Hillary” meme.

In court testimony in 2016, State Director of Executive Secretariat Staff Karin Lang will recall that Clarence Finney, who oversees the State Department’s responses to Freedom of Information Act (FOIA) searches, sees the photo in the media and wants to know if Clinton still does not have a government email account. Finney checks with the department’s information management staff and confirms she still doesn’t have one. According to Lang, Finney will not recall who told him this, or when it happened exactly. (Politico, 6/9/2016

However, the photo’s popularity starts and peaks in April 2012. The Washington Post comments about the photo at the time, “When Hillary Rodham Clinton checks her phone, she’s probably reading top secret e-mails…” But this does not lead to any attempt by Finney or others to find if she might have a private email account that could be responsive to FOIA requests. (The Washington Post, 4/5/2012)

April 8, 2012: Clinton gets an email clearly marked as “classified,” contradicting her later claims.

Former Malawi President Joyce Banda (Credit: Reuters)

Former Malawi President Joyce Banda (Credit: Reuters)

Clinton is sent an email by State Department official Monica Hanley regarding a phone call to new Malawi president Joyce Banda. All the text of the email will later be redacted except for the first few lines, one of which states, “(C) Purpose of Call: to offer condolences on the passing of President Mukharika and congratulate President Banda on her recent swearing in.” The “(C)” is an official code known as a “portion marking,” and it indicates the information is classified at the “confidential” level.

In June 2016, Fox News will report that an unnamed US government source claims “there are other Clinton emails with classified markings, or marked classified, beyond” this email, but presumably those markings are in later-redacted portions of the emails. Clinton does not flag the email for having classified information in an insecure channel, but merely makes a brief comment that the timing of the phone call works for her.

Also in June 2016, Clinton spokesperson Brian Fallon will be asked directly about the email. However, he will ignore the direct evidence the email was marked classified at the time by saying, “The fact that this email was classified after the fact suggests again that agencies in the government tend to err on the side of classifying even routine matters of diplomacy.” (Fox News, 6/11/2016) (US Department of State, 1/29/2016) (LawNewz, 6/11/2016)

April 25, 2012: Clinton asks if an email contains classified information, despite a lack of classification markers.

Jake Sullivan (Credit: public domain)

Jake Sullivan (Credit: public domain)

Clinton aide Jake Sullivan emails Clinton information from a blog promoting Islamic jihad, saying it is “pretty interesting.” Clinton forwards the email to State Department spokesperson Philippe Reines while also asking Sullivan, “If not classified or otherwise inappropriate, can you send to the NYTimes reporters who interviewed me today?” Politico will later comment, “The email suggests Clinton may have known some of the messages that came to her were classified, as she had to ask her staff whether the content was or was not guarded at such a level for national security reasons.” (Politico, 2/29/2016) (US Department of State, 2/29/2016)

June 28, 2012—July 1, 2012: Clinton sends President Obama an email from on or above Russian soil; Obama uses a pseudonym for his email address.

Clinton meets with Russian Foreign Minister Sergey Lavrov in St. Petersburg, Russia, on June 29, 2012. (State Department)

Clinton meets with Russian Foreign Minister Sergey Lavrov in St. Petersburg, Russia, on June 29, 2012. (State Department)

It has been reported that Clinton and President Obama exchanged 18 emails in the four years of Clinton’s secretary of state tenure. However, very few details have been released about any of them, except for this one. This email is an exception because when Clinton will be interviewed by the FBI in July 2016, she will be asked about the email, apparently since it was sent from Russia. A September 2016 FBI report will mention it is sent on July 1, 2012 and that the subject line is: “Fw: Congratulations!”

Additionally, an FBI summary of her interview will mention, “Clinton stated she received no particular guidance as to how she should use the president’s email address [redacted]. Since the foregoing email was sent from Russia, Clinton stated she must have sent it from the plane.”

Elsewhere in the FBI report, it will be mentioned that the FBI was unable to determine whenever Clinton sent emails overseas while on the ground or in an airplane because the State Department didn’t give the FBI detailed enough information about her travel schedule. (Federal Bureau of Investigation, 9/2/2016)

Clinton’s former deputy chief of staff Huma Abedin will be asked about this email in an April 2016 FBI interview, though it will be described as “an email chain dated June 28, 2012, with the subject ‘Re: Congratulations!'” According to the FBI summary, “Abedin did not recognize the name of the sender. Once informed that the sender’s name is believed to be a pseudonym used by [President Obama], Abedin exclaimed ‘How is this not classified?’ Abedin then expressed her amazement at the president’s use of a pseudonym and asked if she could have a copy of the email. Abedin provided that she did not go on the trip to St. Petersburg [Russia] and noted that security protocols in St. Petersburg were not necessarily the same as they were in Moscow, where they were not allowed use to their BlackBerrys.” (Federal Bureau of Investigation, 9/23/2016)

Based on Abedin’s comments, it appears probable that Clinton sends an email in the chain with her BlackBerry from St. Petersburg, Russia, though it is unclear if she is on an airplane at the time or not, or if the plane is flying on on the ground.

Accordng to some basic details that will be revealed about the Clinton-Obama emails in September 2016, it appears Obama emails Clinton on June 28, 2012, then Clinton replies to him on June 28, 2012, which coincides with her time in St. Petersburg, on June 28 and 29, 2012. Then her aide Monica Hanley sends an email to Obama on July 1, 2012. It is not clear why this Hanley email will later be included in a list of Obama-Clinton emails or why the FBI wil refer to a July 1, 2012 email in Clinton’s FBI interview instead of the June 28, 2012 Clinton email mentioned in the Abedin FBI interview. (Vice News, 09/15/16) (Vicc News, 09/15/16)

July 14, 2012: Blumenthal sends Clinton another email that contains obviously classified information, but Clinton doesn’t flag it as such.

Mohamed Morsi, a member of the Muslim Brotherhood, is declared winner of the Egyptian presidential election on June 24, 2012. (Credit: The European Press Agency)

Mohamed Morsi, a member of the Muslim Brotherhood, is declared winner of the Egyptian presidential election on June 24, 2012. (Credit: The European Press Agency)

Clinton confidant and private citizen Sid Blumenthal marks the email “CONFIDENTIAL,” and then gives this warning: “SOURCE: Sources with access to the highest levels of the Muslim Brotherhood in Egypt, The Supreme Council of the Armed Forces, and Western Intelligence and security services. THE FOLLOWING INFORMATION COMES FROM AN EXTREMELY SENSITIVE SOURCE AND SHOULD BE HANDLED WITH CARE.” The email then discusses secret meetings between senior members of the Muslim Brotherhood and the Egyptian army which have taken place in recent days. (US Department of State, 1/7/2016

However, Clinton does not warn department security about this email that could jeopardize an intelligence asset in Egypt. Instead, she forwards the email to her aide Jake Sullivan with the comment, “More timely info.” (US Department of State, 1/7/2016)

August and December 2012: An Internet-wide hacker attack makes Clinton’s private server even more vulnerable.

An anonymous hacker using a computer in Serbia scans hundreds of millions of Internet addresses for accessible openings, called “ports.” Clinton’s private server is scanned by this hacker in August 2012 and again in December. The hacker’s millions of results are then made widely available on-line. It is unknown if anyone looking at this data figures out if the server belongs to Bill and Hillary Clinton, although the name “clintonemail.com” is a clue. (The Associated Press, 10/13/2015)

August 2, 2012: Clinton gets another email clearly marked as “classified,” contradicting her later claims.

Former U.N. Secretary General Kofi Annan meets with Chinese Premier Wen Jiabao, unseen, at the Great Hall of People in Beijing on Tuesday, March 27, 2012. Syria accepted a peace plan by Annan, which includes a cease-fire by Syrian forces and a daily two-hour halt to fighting to evacuate the injured, Annan's spokesman said Tuesday. (AP Photo/Lintao Zhang, Pool)

Former UN Secretary General Kofi Annan (Credit: Lintao Zhang / The Associated Press)

Clinton is sent an email by State Department official Monica Hanley regarding a phone call to United Nations/Arab League Joint Special Envoy for Syria Kofi Annan. The email is a call sheet to help Clinton with her talking points while speaking to Annan. The first paragraph starts with the text: “(C) Purpose of Call.”  The “(C)” is an official code known as a “portion marking,” and it indicates the information is classified at the “confidential” level. Other sections of the email are marked with (SBU), a code meaning “sensitive but unclassified.” (US Department of State, 11/30/2015)

This is the second time it is known Clinton received an email clearly marked as classified, after getting another one from Hanley in April 2012.  (US Department of State, 1/29/2016) This email’s existence won’t be publicly noticed until after FBI Director James Comey will comment on July 5, 2016 that a very small number of Clinton’s emails were marked classified at the time. (The New York Times, 7/5/2016)

September 3, 2012: Blumenthal sends an email to Clinton that later will be almost entirely redacted.

Clinton confidant and private citizen Sid Blumenthal emails Clinton another one of his many intelligence updates, despite having no security clearance. This one will later be nearly entirely classified, including the email title. There are only two sentence fragments later made public. One is Blumenthal’s marking: “CONFIDENTIAL.” The other is: “SOURCE: Sources with access to the highest levels of the governments and institutions discussed below. This includes—” Six blank pages of fully redacted text follow. (US Department of State, 1/29/2016) Most of Blumenthal’s emails relate to Libya, and the email is sent just eight days prior to a terrorist attack on the US consulate in Benghazi, Libya.

September 11, 2012: Islamic extremists launch a terrorist attack on the US consulate in Benghazi, Libya.

The US consulate in Benghazi, Libya, is aflame on September 11, 2012. (Credit: NPR)

The US consulate in Benghazi, Libya, is aflame on September 11, 2012. (Credit: NPR)

Islamic extremists launch a terrorist attack on the US consulate in Benghazi, Libya, killing Ambassador Christopher Stevens and three other American citizens. (The New York Times, 8/8/2015)

September 15, 2012—October 17, 2012: A mysterious email somehow related to talking points and the Benghazi attack mentions the name of a secret CIA official.

On September 15, 2012, an email from an redacted name is sent to about a dozen other redacted names. The only email recipient whose name is later unredacted is Clinton aide Jake Sullivan. Classification codes indicate that at least one of the many redacted names is a secret CIA official. The entire contents of the email will later be redacted except for the first two sentences: “Per the discussion at Deputies, here are the revised TPs for HPSCI. Let me know what you think.” “Deputies” is a likely reference to deputy cabinet members; “TPs” is a likely abbreviation of “talking points,” and “HPSCI” stands for the “House Permanent Select Committee on Intelligence.”

On September 27, Sullivan forwards the email to Clinton.

On October 17, Clinton finally replies, “Pls [Please] print.”

Clinton’s email will first be released to the House Benghazi Committee, indicating its content is somehow related to the 2012 Benghazi terrorist attack. (US Department of State, 5/13/2015)

October 13, 2012: Clinton receives an email that reveals undercover CIA officers use State Department cover in Afghanistan.

Jeremy Bash (left) Leon Panetta (right) (Credits: public domain)

Jeremy Bash (left) Leon Panetta (right) (Credits: public domain)

Jeremy Bash, who is chief of staff to Defense Secretary Leon Panetta at the time, sends an email to four other US officials, including Clinton aides Jake Sullivan and Cheryl Mills. Sullivan then forwards the email to Clinton. The email has the subject heading: “This a.m. Green on Blue.” That is an idiom referring to when police attacks soldiers. The email refers to an Afghan police officer triggering a suicide vest and killing or wounding 14 Americans or Afghans, including one dead American.

The email will later be classified at the “secret” level, suggesting some important classified information in it, but its redactions make it difficult to understand. There is no indication of a reply from Clinton. (US Department of State, 1/29/2016)

In Clinton’s July 2016 FBI interview, she will be specifically asked about this email, again suggesting something unusual about it. However, her answer will also be heavily reacted. For instance, “Clinton believed she would be speculating if she were to state what [redacted] meant when he referred to [redacted].” (Federal Bureau of Investigation, 9/2/2016)

Dario Lorenzetti (public domain)

Dario Lorenzetti (public domain)

On February 4, 2016, NBC News will reveal that the email concerns undercover CIA officer Dario Lorenzetti. He died in the suicide attack described in the email. Lorenzetti’s CIA connection was leaked to the media by anonymous officials four days after his death and was widely reported in the news media, although his CIA cover was not lifted until later.

According to NBC News, in the redacted portions of the email, it seems Bash was trying “to preserve the CIA officer’s cover. But some of the language he used, now that Lorenzetti is known to have been a CIA officer, could be read as a US government acknowledgement that CIA officers pose as State Department personnel in a specific country, Afghanistan — something widely known but not formally admitted.” This is why the email is classified at the “secret” level.

Bash ends the email by instructing a CIA spokesperson to “please lash up with [redacted].” NBC News will indicate the missing word is “presumably either the spy agency or one of its employees.” (NBC News, 2/4/2016)

This may be the phrase that the FBI asked Clinton about, and to which she replied that “she would be speculating if she were to state what [redacted] meant when he referred to [redacted].” (Federal Bureau of Investigation, 9/2/2016)

NBC News will also interview Bash about this email. Bash will claim that the email “did not reference the individual’s name, employer, nor any identifying description or information.” Additionally, once the CIA posthumously lifted Lorenzetti’s cover, “the original unclassified email could be read to confirm the general use of cover, prompting the redactions we now see. But any suggestion that this email contained confirmation about the person or his cover, or any inappropriate information, is flat wrong.” (NBC News, 2/4/2016)

Around October 28, 2012: Clinton’s computer technician is still managing her private server, but there is no known email trail.

Clinton’s private email server in Chappaqua, New York, stops working for days after New York is hit by Hurricane Sandy. Bryan Pagliano is still the lead specialist for the server and is tasked to fix it. The email system is not always reliable, and Pagliano is always the one on call to fix problems as they come up. (The Washington Post, 8/4/2015) However, no emails between Pagliano and Clinton will be included in Clinton’s over 30,000 publicly released work emails, except for one where he wishes her a happy birthday. (US Department of State, 11/30/2015)

December 6, 2012: A non-profit group files a Freedom of Information Act (FOIA) request seeking Clinton’s emails, but a Clinton aide says the emails don’t exist despite knowing that they do.

The CREW logo (Credit: CREW)

The CREW logo (Credit: CREW)

The request by Citizens for Responsibility and Ethics in Washington (CREW) ask for “records sufficient to show the number of email accounts of or associated with Secretary Hillary Rodham Clinton.” (US Department of State, 7/29/2016)

This request is sparked by reports that Lisa Jackson, administrator of the Environmental Protection Agency, had been using an email account at work under the name “Richard Windsor.”

Clinton is still secretary of state at the time, and her chief of staff Cheryl Mills soon learns of CREW’s request, due to a December 11, 2012 email sent to her  (and possibly Clinton) about it. But although Mills is very aware of Clinton’s private email address since she frequently sends emails to it, she doesn’t take any action and merely has an aide monitor the progress of CREW’s request.

In May 2013, the State Department will respond to CREW, “no records responsive to your request were located.”

Other requests for Clinton’s records will meet the same fate until the House Benghazi Committee finds out about her private email account in 2014. (The Washington Post, 3/27/2016) (The Washington Post, 1/6/2016)

December 11, 2012: Clinton’s chief of staff Mills is sent an email about a FOIA request from Clinton’s emails, but does nothing about it; Clinton may get the email as well.

On December 6, 2012, the non-profit group Citizens for Responsibility and Ethics in Washington (CREW) files a Freedom of Information Act (FOIA) request, asking for records that show the number of Clinton’s email accounts. (US Department of State, 7/29/2016)

121211brockjohnson

Brock Johnson (Credit: Facebook)

Five days later, State Department official Brock Johnson sends an email to Clinton’s chief of staff Cheryl Mills about this. It has the subject heading: “FW: Significant FOIA Request.” This email will be made public in July 2016 due to a different FOIA request by Judicial Watch.

Johnson writes in his email: “FYI [For your information] on the attached FOIA request from: ‘The request by Citizens for Responsibility and Ethics in Washington (CREW) ask for “records sufficient to show the number of email accounts of or associated with Secretary Hillary Rodham Clinton.”‘” Then he forwards an email to him about the request, and also includes the entire request as an attachment. (US Department of State, 7/29/2016)

A snippet of Brock Johnson's email to Cheryl Mills. (Credit: public domain)

A snippet of Brock Johnson’s email to Cheryl Mills. (Credit: public domain)

It appears likely that Mills then forwards this email to Clinton, because Clinton will be interviewed by the FBI in July 2016, and she will be asked about over a dozen specific emails sent to her, and she will be asked about an email sent on the same date, December 11, 2012, with the exact same subject heading, “FW: Significant FOIA Report.” If Clinton is sent the email, it isn’t included in the over 30,000 work-related emails Clinton will give to the State Department in December 2014.

According to a later FBI report, “Clinton stated she did not recall the specific request and was not aware of receiving any FOIA requests for information related to her email during her tenure as secretary of state. [The] State [Department] had a FOIA department and Clinton relied on the professionals in that department to address FOIA matters.” (Federal Bureau of Investigation, 9/2/2016)

Although it has not been confirmed Clinton gets the email, there’s no doubt Mills does. And even though Mills is very aware of Clinton’s private email address since she frequently sends emails to it, she doesn’t take any action and merely has an aide monitor the progress of CREW’s request.

Melanie Sloan (Credit: CREW)

Melanie Sloan (Credit: CREW)

Melanie Sloan, the executive director of CREW, will later say, “Cheryl Mills should have corrected the record. She knew this wasn’t a complete and full answer.”

In May 2013, the State Department will respond to CREW, “no records responsive to your request were located.” Other requests for Clinton’s records will meet the same fate until the House Benghazi Committee finds out about her private email account in 2014.

Steve Linick, the State Department’s inspector general, will conclude in a 2016 report that the State Department gave an “inaccurate and incomplete” response about Clinton’s email use to CREW and in other similar cases. (The Washington Post, 3/27/2016) (The Washington Post, 1/6/2016)

December 13, 2012: Clinton is directly asked by a Congressperson if she uses a private email account for work, and fails to reply.

Darrell Issa (Credit: The Associated Press)

Darrell Issa (Credit: The Associated Press)

Representative Darrell Issa (R) asks Clinton in a letter, “Have you or any senior agency official ever used a personal email account to conduct official business? If so, please identify the account used.” His letter also asks if State Department employees have to turn over work-related emails from personal accounts by the time they leave office, and it seeks written documentation of the department’s policies for the use of personal email for government business.

Issa is the chair of the House Committee on Oversight and Government Reform, and he is investigating how the Obama administration handles its officials’ use of personal email.

However, Clinton never sends a reply, and leaves office seven weeks later.

Issa finally gets a response from the State Department on March 27, 2013, but it fails to mention Clinton’s use of a private email address for work matters and just describes the department’s general email policies.

In 2015, a department spokesperson will decline to explain why Issa was never told about Clinton’s personal email usage. (The New York Times, 4/14/2015)

January 2013—May 31, 2013: Clinton uses an agent to find new management for her private server.

Tania Neild (Credit: public domain)

Tania Neild (Credit: public domain)

Tania Neild runs a company called InfoGrate that connects very wealthy people with companies who oversee their personal technologies, such as emails, and her company is based only about twenty miles from Clinton’s New York house. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

An FBI report will later state that “due to user limitations and reliability concerns regarding the [existing] server, staff for [Hillary] Clinton and President [Bill] Clinton discussed future email server options, and a search was initiated to find a vendor to manage a Clinton email server. Additionally, [Clinton’s computer technician Bryan] Pagliano’s expressed desire to seek new employment contributed to the decision to move to a new server.”

Clinton will also be interviewed, and she will recall “that the transition to [a new company] was initiated by President Clinton’s aides seeking a higher level of service than could be provided by the [existing] server.”

Around January 2, 2013, Neild is introduced to Clinton’s chief of staff Cheryl Mills through an unnamed mutual business associate. Neild will later tell the FBI that she worked with Mills and Pagliano to produce a proposal to solicit responses from multiple companies. (Federal Bureau of Investigation, 9/2/2016)

January 2013, Platte River Networks, a small company based in Colorado, is told by Neild they are in he running for a new contract. In mid-February, they find out they are a finalist for the contract, and that they might be working for Clinton. They will be hired by Clinton to manage her private server on May 31, 2013. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

01-2013AlexMcGeorgeNewsmax

Alex McGeorge (Credit: Newsmax)

Pagliano will later tell the FBI who made the final decision to pick Platte River. But this person’s name will be redacted, and only identified as someone working for President Clinton. (Federal Bureau of Investigation, 9/2/2016)

In retrospect, the choice of Platte River will seem to be an odd one. Cybersecurity expert Alex McGeorge will later comment, “My big issue here is do you want a small firm with little/no government experience or contracting (according to what’s being reported) and no stated security expertise to be in charge of the email system for our secretary of state? That is fundamentally ridiculous.” (Business Insider, 8/17/2015)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

February 1, 2013: Clinton’s four year tenure as secretary of state ends.

Clinton exiting an airplane in her last week as secretary of state. (Credit: The New Yorker)

Clinton exiting an airplane in her last week as secretary of state. (Credit: The New Yorker)

(The Washington Post, 3/10/2015) Clinton is succeeded by Senator John Kerry (D). Kerry apparently uses a government email account for all work matters, and all his emails are automatically preserved by the State Department for posterity. (The New York Times, 3/2/2015) 

Most of her top aides leave the State Department around the same time, such as Cheryl Mills, Huma Abedin, Jake Sullivan, and Philippe Reines, while Patrick Kennedy remains. (The New York Times, 8/13/2013)

Around February 1, 2013: Clinton fails to turn over her work emails as she leaves office, despite a legal requirement to do so.

When Clinton ends her tenure as secretary of state, she is required by law to turn over all of her work-related documents to the State Department, including emails, but she fails to do so.

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

A May 2016 State Department inspector general’s report will conclude, “Secretary Clinton should have preserved any federal records she created and received on her personal account… At a minimum, [she] should have surrendered all emails dealing with department business before leaving government service and, because she did not do so, she did not comply with the department’s policies that were implemented in accordance with the Federal Records Act.”

The report will note that at least she turned over 30,000 emails in December 2014, 21 months later. However, the report will also conclude that the emails she gave then are “incomplete,” because many of her work-related emails have since been discovered through other means, such as being found in other email inboxes. For instance, although her tenure began on January 21, 2009, and she started using her email account by January 28, no emails received prior to March 17, 2009, were turned over, nor were any emails sent prior to April 12, 2009. (US Department of State, 5/25/2016)

Shortly After February 1, 2013: Clinton apparently leaves the State Department without signing a required form stating that she returned all her work-related documents.

All State Department officials are required to sign a form when they leave office stating that they returned all their work-related documents back to the government. Although Clinton becomes a private citizen after ending her term as secretary of state on February 1, 2013, there is no evidence she signs such a form. Those who sign the OF-109 form acknowledge they could be subject to “criminal penalties” for not turning over the documents.

In March 2015, Jen Psaki, a State Department spokesperson, will say, “We have reviewed Secretary Clinton’s official personnel file and administrative files and do not have any record of her signing the [form]. […] I think we’re fairly certain she did not.” Psaki also notes that Clinton’s predecessors as secretary of state also don’t seem to have signed the form.

A State Department manual declares that “a separation statement will be completed whenever an employee is terminating employment,” but Psaki says there is no penalty for not signing the form. (Politico, 3/17/2015)

Shortly After February 1, 2013: Clinton’s chief of staff Cheryl Mills leaves blank a required form stating that she has returned all of her work-related documents.

Cheryl Mills (Credit: Vimeo)

Cheryl Mills (Credit: Vimeo)

All State Department officials are required to sign the “separation statement,” known as the OF-109 form. Those who sign the OF-109 form acknowledge they could be subject to “criminal penalties” for not turning over the documents.

In 2015, the Daily Caller will sue the State Department for several OF-109 forms. They will be given a form with Mills’ name on it, but with the date and signature spaces left blank. Mills used a private Yahoo email account for at least some of her government work.

A State Department official will neither explain the discrepancy nor confirm that Mills did not sign the agreement.

Clinton apparently never turns in her form. Huma Abedin, Clinton’s deputy chief of staff, does sign her form in February 2013, but she doesn’t turn over her private, work-related emails. (The Daily Caller, 11/13/2015) (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

February 13, 2013: Clinton’s deputy chief of staff Huma Abedin signs a pledge that she has given all of her work-related documents back to the State Department, but she didn’t.

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

All State Department officials are required to sign the “separation statement” when they leave the department, known as the OF-109 form. However, Abedin has a private email address (huma@clintonemail.com) on the same private server that Clinton does, and when she leaves the department in February 2013 she does not turn over any of her emails from it, including work-related emails.

Her emails will not be handed over until a couple of years later, after various lawsuits and investigations. In signing the form, Abedin acknowledges she could be subject to “criminal penalties” for lying on the document.

The Hill will later report, “It’s unclear whether Abedin would be subject to prosecution, given the unusual nature of Clinton’s private email setup.” (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

March 14, 2013: Guccifer accesses the email account of Clinton confidant Sid Blumenthal.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large "G" for "Guccifer" added. Because it was sent on February 16, 2013, two weeks after Clinton's term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large “G” for “Guccifer” added. Because it was sent on February 16, 2013, two weeks after Clinton’s term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

Guccifer, an unemployed Romanian whose real name is Marcel-Lehel Lazar, breaks into the AmericaOnline (AOL) email account of Blumenthal. Guccifer does not have typical hacking skills but instead attempts to guess passwords and answers security questions. In recent months, he broke into the accounts of famous people, or the friends and family of famous people, including those of former secretary of state Colin Powell and former US president George W. Bush.

He takes screenshots of the text of emails of Clinton and Blumenthal discussing sensitive foreign policy issues during her time as secretary of state. He also takes a screenshot of Blumenthal’s inbox showing a list of the latest emails sent from Clinton.

In the next few days, the screenshots are made public, and for the first time, Clinton’s private email address hdr22@clintonemail.com is revealed to the world. (USA Today, 3/22/2013) (The Smoking Gun, 3/3/2015)

Shortly After March 15, 2013: After her email address is exposed, Clinton changes to a new email address run from the same server.

Marcel-Lehel Lazar, a.k.a. "Guccifer" (Credit: Cristian Movila / The New York Times)

Marcel-Lehel Lazar, a.k.a. “Guccifer” (Credit: Cristian Movila / The New York Times)

Marcel-Lehel Lazar, the hacker nicknamed “Guccifer,” exposes Clinton’s private email address hdr22@clintonemail.com to the public on March 15, 2013. Clinton then changes her email address to hrod17@clintonemail.com, though it is unclear exactly how quickly she does this. In 2015, Clinton spokesperson Nick Merrill will only say that her new address is registered some time in March 2013.

But this new address shows that it is still being run from the same private server, which would be even more vulnerable now that its existence has been publicly exposed. (Hillaryclinton.com, 7/13/2015) (USA Today, 5/22/2015) (Buzzfeed, 7/1/2015

Clinton’s old mail account is still working on March 20, 2013, but her new account could have been made prior to that. (Gawker, 3/3/2015) 

Clinton will make some security changes, but apparently not until the end of May 2013, when she will hire a new company to manage her server. (McClatchy Newspapers, 10/6/2015)

May 21, 2013—February 12, 2014: Clinton’s emails are not searched in response to a relevant FOIA request.

On May 21, 2013, Judicial Watch files a Freedom of Information Act (FOIA) request relating to Clinton aide Huma Abedin and the six-month time period starting in 2012 when she held three outside jobs in addition to being Clinton’s deputy chief of staff. Part of the request is for communications about this matter from Clinton and Abedin.

State Department official Jonathon Wasser is asked to search for relevant records on October 1, 2013. He searches several department databases in November 2013, but does not check for emails from Abedin’s government email account or her private account, or Clinton’s private account. As a result, the official response given to Judicial Watch on February 12, 2014, contains only eight documents, and none of them are emails. Thus, Clinton’s exclusive use of a private email account will remain a secret.

It will later be revealed that department officials at the time generally did not search for emails even when a FOIA request asked for that type of communication.

In 2015, after Clinton’s email scandal becomes public, the department will finally search for and find emails from both Clinton and Abedin responsive to the FOIA request. (Politico, 6/9/2016(Judicial Watch, 6/8/2016)

May 28, 2013: Clinton sends an email containing classified information despite having left the State Department.

Clinton sends an email to former Deputy Secretary of State William Burns, former Assistant Secretary of State Kurt Campbell, State Department official Jeffrey Feltman, Clinton’s former deputy chief of staff Jake Sullivan, Clinton’s former chief of staff Cheryl Mills, and Clinton’s deputy chief of staff Huma Abedin. Many of the email recipients continue to advise Clinton after leaving the department at the same time she did, around February 2013.

130528StateOfficialsUpdate

From left to right, William Burns (Credit: public domain) Kurt Campbell (Credit: public domain) Jeffrey Feltman (Credit: PatrickTsui / FCO)

In the email, Clinton recalls “remember how after US signed 123 deal [with] UAE [the United Arab Emirates] and we were in Abu Dhabi [the capital of the UAE].” This is a reference to a 2009 pact between the US and the UAE to share nuclear energy information and materials, with the UAE also agreeing not to pursue building a nuclear weapon. Much of the rest of the email is unintelligible because it is heavily redacted for containing information that is later considered classified, at the “confidential” level.

The email will be made public in August 2016 due to a Freedom of Information Act (FOIA) request for documents sent by Clinton after her tenure as secretary of state ended to officials still at the State Department. This is the only email in response to the FOIA request sent or received by Clinton later deemed classified.

Department spokesperson John Kirby will later comment: “I am not going to speak to the content but I would point you to that one of the FOIA exemptions here we used was 1.4B which is foreign government information. And as we previously explained, while foreign government information may be protected from public release, both the executive order on classification and the foreign affairs manual acknowledge that foreign government information can often be maintained on unclassified systems.” (NBC News, 9/1/2016) (US Department of State, 6/26/2016)

May 31, 2013: Clinton hires the Colorado-based Platte River Networks to maintain her email server.

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

Platte River Networks (PRN) will begin managing the server in early June, with the management of Clinton’s aides Bryan Pagliano and Justin Cooper being phased out as a result. But the Service Level Agreement won’t be signed until July 18, 2013.

The original server is disconnected and shipped from Clinton’s house in Chappaqua, New York, to a data center in New Jersey. (Federal Bureau of Investigation, 9/2/2016) (The Associated Press, 10/7/2015) (McClatchy Newspapers, 10/6/2015)

This takes place three months after the hacker nicknamed Guccifer made public Clinton’s exact email address. However, the process of choosing the company began in January 2013, prior to the Guccifer hack, suggesting the change was at least partially due to Clinton’s time as secretary of state coming to an end in February 2013 instead. (The Washington Post, 9/5/2015)

Platte River will soon relocate Clinton’s server to New Jersey, then replace it with a new server, while keeping the old server running.

Early June 2013—Early July 2013: Clinton’s server is relocated and then replaced by a new server, but the old server keeps running.

After Platte River Networks (PRN) is selected to manage Clinton’s private email server on May 31, 2013, the company decides to immediately relocate the server and then also replace it with a better one.

130601PlatteRiverFoundersPlatteRiverNetworks

The founders of Platte River Network: Brent Allshouse (left) and Treve Suavo (right). (Credit: Platte River Networks)

PRN assigns two employees to manage the new server (which will be the third server used by Clinton). The FBI will later redact the names of these two employees, but it is known that one of them works remotely from his home in some unnamed town and will handle the day-to-day administration of the server, and the other one works at PRN’s headquarters in Denver, Colorado, and handles all hardware installation and any required physical maintenance of the server. Media reports will later name the two employees as Paul Combetta, who works from Rhode Island, and Bill Thornton.

The employee at PRN’s headquarters (who logically would be Thorton) works with Clinton’s computer technician Bryan Pagliano to help with the transition. Around June 4, 2013, this person is granted administrator access to the server, as well as any accompanying services.

130601EquinixLogo

Equinix Logo (Credit: public domain)

On June 23, 2013, this person travels to Clinton’s house in Chappaqua, New York, shuts down the server, and transports it to a data center in Secaucus, New Jersey, run by Equinix, Inc. This older server will stay at the Equinix facility until it is given to the FBI on October 3, 2015.

The PRN headquarters employee (still likely to be Thornton) turns the old server back on in the Equinix data center so users can continue to access their email accounts. Then he spends a few days there setting up a new server. When he leaves, all the physical equipment for the new server is successfully installed except for an intrusion detection device, which Equinix installs later, once it gets shipped.

Meanwhile, the PRN employee who works remotely (Combetta) does his remote work to get the new server online. Around June 30, 2013, this employee begins to transfer all the email accounts from the old server to the new one. After several days, all email accounts hosted on the presidentclinton.com, wjcoffice.com, and clintonemail.com domains are transferred. However, PRN keeps the old server online at the Equinix data center along with the new server to ensure email continues to be delivered. But the old server no longer hosts email services for the Clintons.

According to an FBI report made public in September 2016, “The new Clinton email server hosted email for [Hillary] Clinton, President Clinton, [redacted], and their respective staffs.”

130601DellPowerEdgeR620

The Dell PowerEdge R620 (Credit: public domain)

This same FBI report will explain that the new server consists of the following equipment: “a Dell PowerEdge R620 server hosting four virtual machines, including four separate virtual machines for Microsoft Exchange email hosting, a BES for the management of BlackBerry devices, a domain controller to authenticate password requests, and an administrative server to manage the other three virtual machines, a Datto SfRlS 2000 to store onsite and remote backups of the server system, a CloudJacket device for intrusion prevention, two Dell switches, and two Fortinet Fortigate 80C firewalls.” (Federal Bureau of Investigation, 9/2/2016)

The FBI report will not make entirely clear what happens to the data on the old server. But a September 2015 Washington Post article will assert that after PRN moved all the data onto a new server, everything on the original server was deleted until it is “blank.” However, it was not wiped, which means having the old files overwritten several times with new data until they can never be recovered. (The Washington Post, 9/12/2015)

June 2013 OR Between October 2014—February 2015: The company managing Clinton’s private email server sets up a 30-day retention policy, but there are conflicting accounts of when this occurs.

The Platte River Networks logo (Credit: Platte River Networks)

The Platte River Networks logo (Credit: Platte River Networks)

According to Platte River Networks (PRN) spokesperson Andy Boian in October 2015, PRN sets up the 30-day policy as soon as it takes over management of Clinton’s private email server in June 2013. That means that any deleted emails would disappear after 30 days. This is done at the request of Clinton’s representatives from the start of their contract, and the policy never changed.

However, government investigators will later find an August 2015 email from a PRN employee, who will write that Clinton Executive Service Corp., a company controlled by Clinton’s associates, asked for the 30-day deletion policy in October or November 2014, and then again in February 2015. In the email, the employee will write, “this whole thing really is covering up some shady shit.”

McClatchy Newspapers will later note, “Those reductions [in the retention policy] would have occurred after the State Department requested that Clinton turn over her emails.”

It is not clear who is correct: Boian, the PRN spokesperson—or the unnamed PRN employee who wrote the email. (McClatchy Newspapers, 10/6/2015)

Early June 2013: State Department officials discover Clinton’s personal email address and then fail in their legal obligation to share her emails with others.

Heather Higginbottom (Credit: public domain)

Heather Higginbottom (Credit: public domain)

State Department staff reviewing material to possibly give to Congressional committees examining the September 2012 Benghazi terrorist attack discover emails sent by former Clinton aide Jake Sullivan to a personal email address belonging to Clinton.

In ensuing weeks, senior department officials discuss if the Federal Records Act (FRA) requires the department to turn over emails from such personal accounts. In fact, the act does require emails to be turned over if they are work-related. However, an internal investigation will later determine that the department does not notify the National Archives and Records Administration (NARA) of a potential loss of records at any point in time. Furthermore, none of Clinton’s emails are given to any Congressional committee in 2013, nor are they provided in response to any Freedom of Information Act (FOIA) requests that year.

According to department official Heather Higginbottom, Secretary of State John Kerry is not a part of these discussions or decisions. (US Department of State, 5/25/2016) 

Around this debate period, on August 7, 2013, department officials find 17 FOIA requests relating to Clinton in their records, with some of them specifically requesting Clinton emails. But none of the requesters are told about any of Clinton’s emails  apparently due to the result of this debate.

Clinton’s personal email address will be rediscovered in May 2014 after a document request from the new House Benghazi Committee.

June 21, 2013: President Obama nominates James Comey to be the next director of the FBI; Comey starts a ten-year term.

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

While announcing the nomination, Obama comments, “To know Jim Comey is also to know his fierce independence and his deep integrity. […] [H]e doesn’t care about politics, he only cares about getting the job done. At key moments, when it’s mattered most, he [stood] up for what he believed was right. He was prepared to give up a job he loved rather than be part of something he felt was fundamentally wrong.”

Comey had been the deputy attorney general during the Bush administration. Obama’s comment about giving up a job is reference to a 2004 incident where Comey (and others) threatened to resign unless President Bush canceled a surveillance program before its legal authorization expired. Bush gave in and canceled the program. (The White House, 6/21/2013) 

Comey is approved by the Senate later in June and starts his ten-year term as FBI director on September 4, 2013. (Federal Bureau of Investigation, 9/4/2013) Comey will later be in charge of the FBI when it investigates Clinton’s email scandal.

June 24, 2013—August 2015: Another company stores the contents of Clinton’s email server on a cloud storage system; this could help the FBI recover deleted emails.

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

Shortly after taking over management of Clinton’s private email server, Platte River Networks (PRN) buys a device called the Datto SIRIS S2000 from another company called Datto, Inc. that frequently makes copies of all the server’s contents. They use this device on a copy of Clinton’s server, which has been moved to a data storage facility in New Jersey. Then, apparently without PRN asking or paying for it, or even being aware of it, Datto stores those copies of the server’s contents on a “cloud” storage system elsewhere. (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI report will explain, “At the Clintons’ request, PRN only intended that the backup device store local copies of the backups. However, in August 2015, Datto informed PRN that, due to a technical oversight, [Clinton’s] server was also backing up the server to Datto’s secure cloud storage. After this notification, PRN instructed Datto to discontinue the secure cloud backups.”

The FBI report will also reveal that the first Datto back-up takes place on June 24, 2013. But a new server is still being set-up and data being transferred from the old server, so the June 29, 2013 back-up will later prove most useful to FBI investigators. the FBI will say the back-ups will stop on December 23, 2013, but it isn’t explained why. (Federal Bureau of Investigation, 9/2/2016)

In 2015, an unnamed source familiar with Datto’s account will say that PRN was billed for “private cloud” storage, and since PRN didn’t have a cloud storage node of its own, the data bounced to Datto’s cloud. This source says that even though nobody seemed to realize it, Datto was “managing the off-site storage throughout.”

When asked if the FBI might recover Clinton’s deleted emails from Datto’s storage, the source will say, “People don’t use Datto’s service for getting rid of data.” Apparently, the FBI will ask for and get the contents of Datto’s storage in September 2015. (McClatchy Newspapers, 10/6/2015)

Senator Ron Johnson (R), who will write a letter to Datto in late 2015 seeking more information, will say that “questions still remain as to whether Datto actually transferred the data from its off-site data center to the on-site server, what data was backed up, and whether Datto wiped the data after it was transferred.” It is also unknown if Datto employees have security clearances allowing them to view classified information. (CNN, 10/8/2015) 

A Datto official will later say that investigators may be able to recover Clinton’s deleted emails if the data was on the server at the time Datto’s service was first used in 2013. (The Washington Post, 10/7/2015)

The FBI will later confirm that Datto back-ups to the cloud will occur, but it isn’t clear if the FBI recovered any emails from this that they didn’t find through other means. It also isn’t clear if the June 29, 2013 back-up that the FBI finds useful is from the Datto SIRIS S2000, the cloud, or both. (Federal Bureau of Investigation, 9/2/2016)

Also, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, by November 2015, the FBI will find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015.

June 29, 2013: Some of Clinton’s emails are later recovered due to a back-up of computer files made on this date.

130629DattoSIRISS2000Datto

The Datto SIRIS S2000 (Credit: Datto, Inc.)

In June 2013, Platte River Networks (PRN) takes over management of Clinton’s server. Late in the month, they replace the server with a new one and then transfer the data to it. They subcontract with the company Datto, Inc. and purchase a device called the Datto SIRIS S2000 to make periodic back-ups of all the data on the new server. The first such back-up takes place on June 24, 2013.

But data is still being transferred from the old server to the new one. The June 29, 2013 back-up will later prove to be the most important one for FBI investigators, as it apparently is the first one after the data transfer is completed. From that point onwards, emails from Clinton’s four years as secretary of state are likely to only get lost from the server, not added.

The FBI will later report that all of Clinton’s emails at the start of Clinton’s tenure as secretary of state, from January 23, 2009 to March 17, 2009 were missing from the over 30,000 emails Clinton handed over. But the FBI’s Clinton investigation recovered some these emails because they were “captured through a Datto backup on June 29, 2013. However, the emails obtained are likely only a subset of the emails sent or received by Clinton during this time period.”

Clinton’s first server was replaced around March 18, 2009 by the same server that PRN then decided to replace in June 2013. But presumably some of the emails on the first server were transferred to the second server, from instance by being in email inboxes, and then were transferred again by PRN to the newest (and third) server.

One thing that isn’t clear is how many of the emails from after March 18, 2009 were recovered by the FBI. It also isn’t clear if the FBI recovered emails from a Datto device attached to the new server, or if it was from a copy of the data that Datto kept in the “cloud,” over the Internet. (Federal Bureau of Investigation, 9/2/2016)

Late June 2013—October 2013: During this time, it appears that Clinton’s private server is wide open to hacking attempts.

On May 31, 2013, maintenance of the server was taken over by a small Colorado-based company called Platte River Networks (PRN), and the server is sent to a data center in New Jersey. PRN then pays to use threat monitoring software called CloudJacket SMB made by a company named SECNAP. SECNAP claims the software can foil “even the most determined hackers.”

Around June 30, 2013, PRN transfers all the email accounts from the old server to the new one. However, the new software doesn’t begin working until October 2013, apparently leaving the server vulnerable. It is known that the server is repeatedly attacked by hackers in the months from October 2013 on, but it is unknown if any attacks occur when the software is not yet installed. (The Associated Press, 10/7/2015) 

An FBI report will later obliquely confirm this by mentioning that when the new server is set up in June 2013, all the hardware is built up at the time, except for an “intrusion detection device” which has to be added later after it gets shipped to the server location. (Federal Bureau of Investigation, 9/2/2016)

Justin Harvey (Credit: Third Certainty)

Justin Harvey (Credit: Third Certainty)

Justin Harvey, chief security officer of a cybersecurity company, will later comment that Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department. […] She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state. Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.” (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media, which would have left the server especially vulnerable in the months after.

October 2013—February 2014: Clinton’s private email server is the subject of repeated attempted cyber attacks, originating from China, South Korea, and Germany.

The attempts are foiled due to threat monitoring software installed in October 2013. However, from June to October 2013, her server is not protected by this software, and there is no way of knowing if there are successful attacks during that time.

A 2014 email from an employee of SECNAP, the company that makes the threat monitoring software, describes four attacks. But investigators will later find evidence of a fifth attack from around this time. Three are linked to China, one to South Korea, and one to Germany. It is not known if foreign governments are involved or how sophisticated the attacks are.

Clinton had ended her term as secretary of state in February 2013, but more than 60,000 of her emails remained on her server. (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media.

February 2014: A laptop containing all of Clinton’s emails from one year earlier is permanently lost in the mail.

In the spring of 2013, Clinton aide Monica Hanley made a copy of all of Clinton’s emails on a MacBook laptop to make a safe back-up copy of them. Then she apparently forgot to do anything with it for nearly a full year.

The 2013 Apple Mac Book Air Laptop (Credit: public domain)

The 2013 Apple MacBook Air Laptop (Credit: public domain)

In early 2014, Hanley finds the laptop where it has been stored at her personal residence. She attempts to transfer the archive of Clinton’s emails to Platte River Networks (PRN), the computer company which is managing Clinton’s private server by this time. She works with PRN employee Paul Combetta. After trying unsuccessfully to remotely transfer the emails to him, Hanley ships the laptop to his residence in February 2014. Combetta then transfers Clinton’s emails from the laptop onto Clinton’s private server.

This server already should contain all of Clinton’s old emails. But the server that existed when Hanley made the back-up in the spring of 2013 was replaced in June 2013 by a new server, so it is possible that some emails get transferred at the time didn’t get successfully transferred before.

Combetta transfers all of the Clinton email content to a personal Gmail email address he created. Then he downloads all the emails from the Gmail account to a mailbox on the new Clinton server. He will later tell the FBI that he used the Gmail as a middle step because he had format compatibility issues.

Hanley will later tell the FBI that she recommended that PRN wipe the laptop after the emails were transferred to the server. (“Wiping” means repeatedly overwriting the data so it can never be recovered.) However, Combetta will tell the FBI that once the transfer was done, he deleted the emails from the laptop but didn’t do any wiping. He also deleted the emails uploaded to the Gmail account.

According to the FBI’s final report, Combetta then ships the laptop to a person whose name will later be redacted, but works on Clinton’s staff in some capacity. He ships it through the mail, using United States Postal Service (USPS) or United Parcel Service (UPS). The unnamed Clinton staffer will later tell the FBI that she never received the laptop. She will say that Clinton’s staff was moving offices at the time, and it would have been easy for the package to get lost during the transition period.

According to Combetta’s September 2015 FBI interview, he “shipped the foregoing MacBook back to [redacted], but recalled nothing about the return shipment.” That would presumably mean he shipped it back to Hanley, since she shipped it to him. But in Hanley’s January 2016 interview, she will claim to have asked another woman (whose name is redacted) if they ever received laptop and were told they did not. Thus it would appear Combetta and Hanley will have different accounts of who is sent the laptop.

The laptop is apparently permanently lost. However, some of Clinton’s emails will somehow be recovered from the Gmail account in 2016, even though they were all deleted. (Federal Bureau of Investigation, 9/2/2016) (Federal Bureau of Investigation, 9/23/2016)

May 8, 2014: The House Benghazi Committee is formed, in order to investigate the US government’s response to the 2012 terrorist attacks in Benghazi, Libya.

Representative Trey Gowdy (Credit: Crooks and Liars)

Representative Trey Gowdy (Credit: Crooks and Liars)

House Speaker John Boehner (R) formally announces its formation. Representative Trey Gowdy (R) is named the head investigator. (The New York Times, 8/8/2015) The committee is dominated by Republicans and will be frequently accused of having a partisan agenda to criticize Clinton and other Democrats.

Shortly After May 8, 2014: The State Department looks for Clinton’s emails, but only find a few, all belonging to a private email account.

The newly formed House Benghazi Committee asks the State Department to find any Clinton emails about the 2012 Benghazi terrorist attack. State Department lawyers working to respond examine over 15,000 documents, but notice that there are no emails to or from any government account for Clinton. However, eight emails are found that are addressed to hdr22@clinttonemail.com—Clinton’s private email account. (Initial media reports will mention this process begins in July 2014, but a department report will later determine it begins in May 2014.)

One unnamed official involved will later comment, “This all raised the question to us: what else are we missing, and what do we need to comply (with the request.)” (The New York Times, 3/5/2015) (House Benghazi Committee, 3/19/2015) (The Washington Post, 3/27/2016) (US Department of State, 5/25/2016)

July 2014: Some State Department officials figure out that Clinton used a private email on a private server for all her secretary of state work; they informally ask her for her emails.

Secretary of State John Kerry (Credit: public domain)

Secretary of State John Kerry (Credit: public domain)

This realization comes due to a request for her emails by the House Benghazi Committee. Current Secretary of State John Kerry resolves to find the Clinton emails as soon as possible, and department officials privately reach out to Clinton’s staff starting that same month.

An email from Clinton’s former chief of staff Cheryl Mills to Kerry’s chief of staff David Wade on August 22, 2014 shows the request for Clinton’s emails begins in July. In the email, with the subject “following up,” Mills writes, “I wanted to follow up on your request last month about getting hard copies of Secretary Clinton’s emails to/from accounts ending in ‘.gov’ for her tenure at the Department. I will be able to get that to you, to the best of its availability. Given the volume, it will take some time to do but I wanted to let you know that I am working to get it to you.”

However, the Department will be forced to make a formal request for the emails in late October 2014 after none of them have been handed over. (The Washington Post, 3/27/2016) (The New York Times, 3/5/2015) (Politico, 2/16/2016)

July 23, 2014: Clinton’s lawyers are sent some of Clinton’s emails so they can begin sorting them.

Unnamed employees at Platte River Networks (PRN), the company managing Clinton’s private server, discuss in an email sending copies of Clinton’s emails from when she was secretary of state overnight to Cheryl Mills, Clinton’s former chief of staff. A company spokesperson will later confirm that the company did begin sending the emails to Mills around this time. (The Washington Post, 9/22/2015) 

A September 2016 FBI report will confirm that PRN sent some of Clinton’s emails in response to a request from Mills, but only those which were sent to or received from a .gov email address while Clinton was secretary of state. An unnamed PRN employee remotely transferred a .pst file containing the emails onto the laptops of Mills and Heather Samuelson (another Clinton lawyer) via ScreenConnect. (Federal Bureau of Investigation, 9/2/2016)

Two weeks after the FBI report is released, an email reported in the media will reveal that on this day, PRN employee Paul Combetta overrnighted DVDs of data from Clinton’s server to Clinton Executive Services Corp. (CESC), a Clinton family company.  The exact shipping charge of $46.38 is mentioned in the email. (The New York Post, 9/18/2016)

It is unclear if this is in addition to the files being transferred over the Internet as described by the FBI, or instead of it. Combetta will claim in a September 2015 FBI interview that he ultimately never sent the DVD and only sent the data over the Internet. However, this may not settle the question, because Combetta will be interviewed three times and his answers will often be inacurate and/or contradictory. (Federal Bureau of Investigation, 9/23/2016)

July 2014 is the same month the State Department first informally requests Clinton’s emails. Mills and Samuelson will be two of three Clinton associates who sort through which emails to turn over and which to delete, along with Clinton’s personal lawyer David Kendall.

In late September 2014, PRN will send the rest of Clinton’s known emails to Mills and Samuelson.

July 24, 2014: The manager of Clinton’s server asks for help in a social media forum to remove Clinton’s address from her emails.

A captured shot of Combetta's 'stonetear' GMail account with picture included. (Credit: public domain)

A captured shot of Combetta’s ‘stonetear’ GMail account with picture included. (Credit: public domain)

A Reddit user by the name of “stonetear” makes a Reddit post that will later cause controversy. Overwhelming evidence will emerge that “stonetear” is Paul Combetta, one of two Platte River Networks (PRN) employees actively managing Clinton’s private server at the time. The post reads:

“Hello all — I may be facing a very interesting situation where I need to strip out a VIP’s (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don’t want the VIP’s email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out. I am not sure if something like this is possible with PowerShell, or exporting all of the emails to MSG and doing find/replaces with a batch processing program of some sort. Does anyone have experience with something like this, and/or suggestions on how this might be accomplished?”

July 24, 2014 Reddit post contained this request for advice about “stripping out” the email address of a “VERY VIP” email account. (Credit: Reddit)

This July 24, 2014 Reddit post contained a request for advice about “stripping out” the email address of a “VERY VIP” email account. (Credit: Reddit)

A response captured in the Reddit chat warning Combetta that what he wants to do is illegal. (Credit: Reddit)

A response captured in the Reddit chat warning Combetta that what he wants to do could result in “major legal issues.” (Credit: Reddit)

The post in made in a sub-forum frequented by other people who manage servers. One poster comments: “There is no supported way to do what you’re asking. You can only delete emails after they’re stored in the database. You can’t change them. If there was a feature in Exchange that allowed this, it would result in major legal issues. There may be ways to hack a solution, but I’m not aware of any.”

Despite this warning, “stonetear” replies, “As a .pst file or exported MSG files, this could be done though, yes? The issue is that these emails involve the private email address of someone you’d recognize and we’re trying to replace it with a placeholder as to not expose it.” (Reddit, 9/19/2016)

The post occurs one day after the House Benghazi Committee reached an agreement with the State Department on the production of records relating to Clinton’s communications. It also came one day after Combetta sent some of Clinton’s emails to Clinton’s lawyers so they could begin sorting them.

After Combetta is discovered to have authored the post in September 2016, Fortune Magazine will comment, “it’s not clear if there is anything illegal about the Reddit request. But the optics sure don’t look good, and strongly suggest that Combetta turned to social media for advice about how to tamper with government records that should been preserved.” (Fortune, 9/21/2016)