2012: Clinton’s private server is vulnerable to a hacker attack described in a government warning.

Marc Maiffret (Credit: Fox News Business)

Marc Maiffret (Credit: Fox News Business)

The Homeland Security Department’s Computer Emergency Readiness Team issues a warning about remote access attacks, that would allow hackers to take control of computers. The warning notes that “An attacker with a low skill-level would be able to exploit this vulnerability.”

In 2015, the Associated Press will report that Clinton’s private email server could have been vulnerable to a hostile takeover by this very type of attack. Clinton’s server appears to have lacked encrypted protections, and could accept commands from the computers over the Internet.

Marc Maiffret, who founded two cybersecurity companies, will later comment, “That’s total amateur hour. […] Real enterprise-class security, with teams dedicated to these things, would not do this.”

Another cybersecurity expert, Justin Harvey, will comment that Clinton’s server “violates the most basic network-perimeter security tenets: Don’t expose insecure services to the Internet.” (The Associated Press, 10/13/2015)

April 2012: A photo leads to confirmation Clinton is not using a government email account, but no action is taken.

Clinton checks her Blackberry in a military C-17 plane bound for Tripoli, Libya October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

Clinton checks her Blackberry in a military C-17 plane bound for Tripoli, Libya October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

A photo of Clinton using her BlackBerry while wearing sunglasses on a military plane in 2011 becomes popular on the Internet, prompting a “Texts from Hillary” meme.

In court testimony in 2016, State Director of Executive Secretariat Staff Karin Lang will recall that Clarence Finney, who oversees the State Department’s responses to Freedom of Information Act (FOIA) searches, sees the photo in the media and wants to know if Clinton still does not have a government email account. Finney checks with the department’s information management staff and confirms she still doesn’t have one. According to Lang, Finney will not recall who told him this, or when it happened exactly. (Politico, 6/9/2016

However, the photo’s popularity starts and peaks in April 2012. The Washington Post comments about the photo at the time, “When Hillary Rodham Clinton checks her phone, she’s probably reading top secret e-mails…” But this does not lead to any attempt by Finney or others to find if she might have a private email account that could be responsive to FOIA requests. (The Washington Post, 4/5/2012)

July 14, 2012: Blumenthal sends Clinton another email that contains obviously classified information, but Clinton doesn’t flag it as such.

Mohamed Morsi, a member of the Muslim Brotherhood, is declared winner of the Egyptian presidential election on June 24, 2012. (Credit: The European Press Agency)

Mohamed Morsi, a member of the Muslim Brotherhood, is declared winner of the Egyptian presidential election on June 24, 2012. (Credit: The European Press Agency)

Clinton confidant and private citizen Sid Blumenthal marks the email “CONFIDENTIAL,” and then gives this warning: “SOURCE: Sources with access to the highest levels of the Muslim Brotherhood in Egypt, The Supreme Council of the Armed Forces, and Western Intelligence and security services. THE FOLLOWING INFORMATION COMES FROM AN EXTREMELY SENSITIVE SOURCE AND SHOULD BE HANDLED WITH CARE.” The email then discusses secret meetings between senior members of the Muslim Brotherhood and the Egyptian army which have taken place in recent days. (US Department of State, 1/7/2016

However, Clinton does not warn department security about this email that could jeopardize an intelligence asset in Egypt. Instead, she forwards the email to her aide Jake Sullivan with the comment, “More timely info.” (US Department of State, 1/7/2016)

August and December 2012: An Internet-wide hacker attack makes Clinton’s private server even more vulnerable.

An anonymous hacker using a computer in Serbia scans hundreds of millions of Internet addresses for accessible openings, called “ports.” Clinton’s private server is scanned by this hacker in August 2012 and again in December. The hacker’s millions of results are then made widely available on-line. It is unknown if anyone looking at this data figures out if the server belongs to Bill and Hillary Clinton, although the name “clintonemail.com” is a clue. (The Associated Press, 10/13/2015)

September 3, 2012: Blumenthal sends an email to Clinton that later will be almost entirely redacted.

Clinton confidant and private citizen Sid Blumenthal emails Clinton another one of his many intelligence updates, despite having no security clearance. This one will later be nearly entirely classified, including the email title. There are only two sentence fragments later made public. One is Blumenthal’s marking: “CONFIDENTIAL.” The other is: “SOURCE: Sources with access to the highest levels of the governments and institutions discussed below. This includes—” Six blank pages of fully redacted text follow. (US Department of State, 1/29/2016) Most of Blumenthal’s emails relate to Libya, and the email is sent just eight days prior to a terrorist attack on the US consulate in Benghazi, Libya.

October 13, 2012: Clinton receives an email that reveals undercover CIA officers use State Department cover in Afghanistan.

Jeremy Bash (left) Leon Panetta (right) (Credits: public domain)

Jeremy Bash (left) Leon Panetta (right) (Credits: public domain)

Jeremy Bash, who is chief of staff to Defense Secretary Leon Panetta at the time, sends an email to four other US officials, including Clinton aides Jake Sullivan and Cheryl Mills. Sullivan then forwards the email to Clinton. The email has the subject heading: “This a.m. Green on Blue.” That is an idiom referring to when police attacks soldiers. The email refers to an Afghan police officer triggering a suicide vest and killing or wounding 14 Americans or Afghans, including one dead American.

The email will later be classified at the “secret” level, suggesting some important classified information in it, but its redactions make it difficult to understand. There is no indication of a reply from Clinton. (US Department of State, 1/29/2016)

In Clinton’s July 2016 FBI interview, she will be specifically asked about this email, again suggesting something unusual about it. However, her answer will also be heavily reacted. For instance, “Clinton believed she would be speculating if she were to state what [redacted] meant when he referred to [redacted].” (Federal Bureau of Investigation, 9/2/2016)

Dario Lorenzetti (public domain)

Dario Lorenzetti (public domain)

On February 4, 2016, NBC News will reveal that the email concerns undercover CIA officer Dario Lorenzetti. He died in the suicide attack described in the email. Lorenzetti’s CIA connection was leaked to the media by anonymous officials four days after his death and was widely reported in the news media, although his CIA cover was not lifted until later.

According to NBC News, in the redacted portions of the email, it seems Bash was trying “to preserve the CIA officer’s cover. But some of the language he used, now that Lorenzetti is known to have been a CIA officer, could be read as a US government acknowledgement that CIA officers pose as State Department personnel in a specific country, Afghanistan — something widely known but not formally admitted.” This is why the email is classified at the “secret” level.

Bash ends the email by instructing a CIA spokesperson to “please lash up with [redacted].” NBC News will indicate the missing word is “presumably either the spy agency or one of its employees.” (NBC News, 2/4/2016)

This may be the phrase that the FBI asked Clinton about, and to which she replied that “she would be speculating if she were to state what [redacted] meant when he referred to [redacted].” (Federal Bureau of Investigation, 9/2/2016)

NBC News will also interview Bash about this email. Bash will claim that the email “did not reference the individual’s name, employer, nor any identifying description or information.” Additionally, once the CIA posthumously lifted Lorenzetti’s cover, “the original unclassified email could be read to confirm the general use of cover, prompting the redactions we now see. But any suggestion that this email contained confirmation about the person or his cover, or any inappropriate information, is flat wrong.” (NBC News, 2/4/2016)

Around October 28, 2012: Clinton’s computer technician is still managing her private server, but there is no known email trail.

Clinton’s private email server in Chappaqua, New York, stops working for days after New York is hit by Hurricane Sandy. Bryan Pagliano is still the lead specialist for the server and is tasked to fix it. The email system is not always reliable, and Pagliano is always the one on call to fix problems as they come up. (The Washington Post, 8/4/2015) However, no emails between Pagliano and Clinton will be included in Clinton’s over 30,000 publicly released work emails, except for one where he wishes her a happy birthday. (US Department of State, 11/30/2015)

December 6, 2012: A non-profit group files a Freedom of Information Act (FOIA) request seeking Clinton’s emails, but a Clinton aide says the emails don’t exist despite knowing that they do.

The CREW logo (Credit: CREW)

The CREW logo (Credit: CREW)

The request by Citizens for Responsibility and Ethics in Washington (CREW) ask for “records sufficient to show the number of email accounts of or associated with Secretary Hillary Rodham Clinton.” (US Department of State, 7/29/2016)

This request is sparked by reports that Lisa Jackson, administrator of the Environmental Protection Agency, had been using an email account at work under the name “Richard Windsor.”

Clinton is still secretary of state at the time, and her chief of staff Cheryl Mills soon learns of CREW’s request, due to a December 11, 2012 email sent to her  (and possibly Clinton) about it. But although Mills is very aware of Clinton’s private email address since she frequently sends emails to it, she doesn’t take any action and merely has an aide monitor the progress of CREW’s request.

In May 2013, the State Department will respond to CREW, “no records responsive to your request were located.”

Other requests for Clinton’s records will meet the same fate until the House Benghazi Committee finds out about her private email account in 2014. (The Washington Post, 3/27/2016) (The Washington Post, 1/6/2016)

January 2013—May 31, 2013: Clinton uses an agent to find new management for her private server.

Tania Neild (Credit: public domain)

Tania Neild (Credit: public domain)

Tania Neild runs a company called InfoGrate that connects very wealthy people with companies who oversee their personal technologies, such as emails, and her company is based only about twenty miles from Clinton’s New York house. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

An FBI report will later state that “due to user limitations and reliability concerns regarding the [existing] server, staff for [Hillary] Clinton and President [Bill] Clinton discussed future email server options, and a search was initiated to find a vendor to manage a Clinton email server. Additionally, [Clinton’s computer technician Bryan] Pagliano’s expressed desire to seek new employment contributed to the decision to move to a new server.”

Clinton will also be interviewed, and she will recall “that the transition to [a new company] was initiated by President Clinton’s aides seeking a higher level of service than could be provided by the [existing] server.”

Around January 2, 2013, Neild is introduced to Clinton’s chief of staff Cheryl Mills through an unnamed mutual business associate. Neild will later tell the FBI that she worked with Mills and Pagliano to produce a proposal to solicit responses from multiple companies. (Federal Bureau of Investigation, 9/2/2016)

January 2013, Platte River Networks, a small company based in Colorado, is told by Neild they are in he running for a new contract. In mid-February, they find out they are a finalist for the contract, and that they might be working for Clinton. They will be hired by Clinton to manage her private server on May 31, 2013. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

01-2013AlexMcGeorgeNewsmax

Alex McGeorge (Credit: Newsmax)

Pagliano will later tell the FBI who made the final decision to pick Platte River. But this person’s name will be redacted, and only identified as someone working for President Clinton. (Federal Bureau of Investigation, 9/2/2016)

In retrospect, the choice of Platte River will seem to be an odd one. Cybersecurity expert Alex McGeorge will later comment, “My big issue here is do you want a small firm with little/no government experience or contracting (according to what’s being reported) and no stated security expertise to be in charge of the email system for our secretary of state? That is fundamentally ridiculous.” (Business Insider, 8/17/2015)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

February 1, 2013: Clinton’s four year tenure as secretary of state ends.

Clinton exiting an airplane in her last week as secretary of state. (Credit: The New Yorker)

Clinton exiting an airplane in her last week as secretary of state. (Credit: The New Yorker)

(The Washington Post, 3/10/2015) Clinton is succeeded by Senator John Kerry (D). Kerry apparently uses a government email account for all work matters, and all his emails are automatically preserved by the State Department for posterity. (The New York Times, 3/2/2015) 

Most of her top aides leave the State Department around the same time, such as Cheryl Mills, Huma Abedin, Jake Sullivan, and Philippe Reines, while Patrick Kennedy remains. (The New York Times, 8/13/2013)

Around February 1, 2013: Clinton fails to turn over her work emails as she leaves office, despite a legal requirement to do so.

When Clinton ends her tenure as secretary of state, she is required by law to turn over all of her work-related documents to the State Department, including emails, but she fails to do so.

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

A May 2016 State Department inspector general’s report will conclude, “Secretary Clinton should have preserved any federal records she created and received on her personal account… At a minimum, [she] should have surrendered all emails dealing with department business before leaving government service and, because she did not do so, she did not comply with the department’s policies that were implemented in accordance with the Federal Records Act.”

The report will note that at least she turned over 30,000 emails in December 2014, 21 months later. However, the report will also conclude that the emails she gave then are “incomplete,” because many of her work-related emails have since been discovered through other means, such as being found in other email inboxes. For instance, although her tenure began on January 21, 2009, and she started using her email account by January 28, no emails received prior to March 17, 2009, were turned over, nor were any emails sent prior to April 12, 2009. (US Department of State, 5/25/2016)

Shortly After February 1, 2013: Clinton apparently leaves the State Department without signing a required form stating that she returned all her work-related documents.

All State Department officials are required to sign a form when they leave office stating that they returned all their work-related documents back to the government. Although Clinton becomes a private citizen after ending her term as secretary of state on February 1, 2013, there is no evidence she signs such a form. Those who sign the OF-109 form acknowledge they could be subject to “criminal penalties” for not turning over the documents.

In March 2015, Jen Psaki, a State Department spokesperson, will say, “We have reviewed Secretary Clinton’s official personnel file and administrative files and do not have any record of her signing the [form]. […] I think we’re fairly certain she did not.” Psaki also notes that Clinton’s predecessors as secretary of state also don’t seem to have signed the form.

A State Department manual declares that “a separation statement will be completed whenever an employee is terminating employment,” but Psaki says there is no penalty for not signing the form. (Politico, 3/17/2015)

Shortly After February 1, 2013: Clinton’s chief of staff Cheryl Mills leaves blank a required form stating that she has returned all of her work-related documents.

Cheryl Mills (Credit: Vimeo)

Cheryl Mills (Credit: Vimeo)

All State Department officials are required to sign the “separation statement,” known as the OF-109 form. Those who sign the OF-109 form acknowledge they could be subject to “criminal penalties” for not turning over the documents.

In 2015, the Daily Caller will sue the State Department for several OF-109 forms. They will be given a form with Mills’ name on it, but with the date and signature spaces left blank. Mills used a private Yahoo email account for at least some of her government work.

A State Department official will neither explain the discrepancy nor confirm that Mills did not sign the agreement.

Clinton apparently never turns in her form. Huma Abedin, Clinton’s deputy chief of staff, does sign her form in February 2013, but she doesn’t turn over her private, work-related emails. (The Daily Caller, 11/13/2015) (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

February 13, 2013: Clinton’s deputy chief of staff Huma Abedin signs a pledge that she has given all of her work-related documents back to the State Department, but she didn’t.

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

All State Department officials are required to sign the “separation statement” when they leave the department, known as the OF-109 form. However, Abedin has a private email address (huma@clintonemail.com) on the same private server that Clinton does, and when she leaves the department in February 2013 she does not turn over any of her emails from it, including work-related emails.

Her emails will not be handed over until a couple of years later, after various lawsuits and investigations. In signing the form, Abedin acknowledges she could be subject to “criminal penalties” for lying on the document.

The Hill will later report, “It’s unclear whether Abedin would be subject to prosecution, given the unusual nature of Clinton’s private email setup.” (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

March 14, 2013: Guccifer accesses the email account of Clinton confidant Sid Blumenthal.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large "G" for "Guccifer" added. Because it was sent on February 16, 2013, two weeks after Clinton's term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large “G” for “Guccifer” added. Because it was sent on February 16, 2013, two weeks after Clinton’s term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

Guccifer, an unemployed Romanian whose real name is Marcel-Lehel Lazar, breaks into the AmericaOnline (AOL) email account of Blumenthal. Guccifer does not have typical hacking skills but instead attempts to guess passwords and answers security questions. In recent months, he broke into the accounts of famous people, or the friends and family of famous people, including those of former secretary of state Colin Powell and former US president George W. Bush.

He takes screenshots of the text of emails of Clinton and Blumenthal discussing sensitive foreign policy issues during her time as secretary of state. He also takes a screenshot of Blumenthal’s inbox showing a list of the latest emails sent from Clinton.

In the next few days, the screenshots are made public, and for the first time, Clinton’s private email address hdr22@clintonemail.com is revealed to the world. (USA Today, 3/22/2013) (The Smoking Gun, 3/3/2015)

May 21, 2013—February 12, 2014: Clinton’s emails are not searched in response to a relevant FOIA request.

On May 21, 2013, Judicial Watch files a Freedom of Information Act (FOIA) request relating to Clinton aide Huma Abedin and the six-month time period starting in 2012 when she held three outside jobs in addition to being Clinton’s deputy chief of staff. Part of the request is for communications about this matter from Clinton and Abedin.

State Department official Jonathon Wasser is asked to search for relevant records on October 1, 2013. He searches several department databases in November 2013, but does not check for emails from Abedin’s government email account or her private account, or Clinton’s private account. As a result, the official response given to Judicial Watch on February 12, 2014, contains only eight documents, and none of them are emails. Thus, Clinton’s exclusive use of a private email account will remain a secret.

It will later be revealed that department officials at the time generally did not search for emails even when a FOIA request asked for that type of communication.

In 2015, after Clinton’s email scandal becomes public, the department will finally search for and find emails from both Clinton and Abedin responsive to the FOIA request. (Politico, 6/9/2016(Judicial Watch, 6/8/2016)

May 31, 2013: Clinton hires the Colorado-based Platte River Networks to maintain her email server.

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

Platte River Networks (PRN) will begin managing the server in early June, with the management of Clinton’s aides Bryan Pagliano and Justin Cooper being phased out as a result. But the Service Level Agreement won’t be signed until July 18, 2013.

The original server is disconnected and shipped from Clinton’s house in Chappaqua, New York, to a data center in New Jersey. (Federal Bureau of Investigation, 9/2/2016) (The Associated Press, 10/7/2015) (McClatchy Newspapers, 10/6/2015)

This takes place three months after the hacker nicknamed Guccifer made public Clinton’s exact email address. However, the process of choosing the company began in January 2013, prior to the Guccifer hack, suggesting the change was at least partially due to Clinton’s time as secretary of state coming to an end in February 2013 instead. (The Washington Post, 9/5/2015)

Platte River will soon relocate Clinton’s server to New Jersey, then replace it with a new server, while keeping the old server running.

Early June 2013—Early July 2013: Clinton’s server is relocated and then replaced by a new server, but the old server keeps running.

After Platte River Networks (PRN) is selected to manage Clinton’s private email server on May 31, 2013, the company decides to immediately relocate the server and then also replace it with a better one.

130601PlatteRiverFoundersPlatteRiverNetworks

The founders of Platte River Network: Brent Allshouse (left) and Treve Suavo (right). (Credit: Platte River Networks)

PRN assigns two employees to manage the new server (which will be the third server used by Clinton). The FBI will later redact the names of these two employees, but it is known that one of them works remotely from his home in some unnamed town and will handle the day-to-day administration of the server, and the other one works at PRN’s headquarters in Denver, Colorado, and handles all hardware installation and any required physical maintenance of the server. Media reports will later name the two employees as Paul Combetta, who works from Rhode Island, and Bill Thornton.

The employee at PRN’s headquarters (who logically would be Thorton) works with Clinton’s computer technician Bryan Pagliano to help with the transition. Around June 4, 2013, this person is granted administrator access to the server, as well as any accompanying services.

130601EquinixLogo

Equinix Logo (Credit: public domain)

On June 23, 2013, this person travels to Clinton’s house in Chappaqua, New York, shuts down the server, and transports it to a data center in Secaucus, New Jersey, run by Equinix, Inc. This older server will stay at the Equinix facility until it is given to the FBI on October 3, 2015.

The PRN headquarters employee (still likely to be Thornton) turns the old server back on in the Equinix data center so users can continue to access their email accounts. Then he spends a few days there setting up a new server. When he leaves, all the physical equipment for the new server is successfully installed except for an intrusion detection device, which Equinix installs later, once it gets shipped.

Meanwhile, the PRN employee who works remotely (Combetta) does his remote work to get the new server online. Around June 30, 2013, this employee begins to transfer all the email accounts from the old server to the new one. After several days, all email accounts hosted on the presidentclinton.com, wjcoffice.com, and clintonemail.com domains are transferred. However, PRN keeps the old server online at the Equinix data center along with the new server to ensure email continues to be delivered. But the old server no longer hosts email services for the Clintons.

According to an FBI report made public in September 2016, “The new Clinton email server hosted email for [Hillary] Clinton, President Clinton, [redacted], and their respective staffs.”

130601DellPowerEdgeR620

The Dell PowerEdge R620 (Credit: public domain)

This same FBI report will explain that the new server consists of the following equipment: “a Dell PowerEdge R620 server hosting four virtual machines, including four separate virtual machines for Microsoft Exchange email hosting, a BES for the management of BlackBerry devices, a domain controller to authenticate password requests, and an administrative server to manage the other three virtual machines, a Datto SfRlS 2000 to store onsite and remote backups of the server system, a CloudJacket device for intrusion prevention, two Dell switches, and two Fortinet Fortigate 80C firewalls.” (Federal Bureau of Investigation, 9/2/2016)

The FBI report will not make entirely clear what happens to the data on the old server. But a September 2015 Washington Post article will assert that after PRN moved all the data onto a new server, everything on the original server was deleted until it is “blank.” However, it was not wiped, which means having the old files overwritten several times with new data until they can never be recovered. (The Washington Post, 9/12/2015)

Early June 2013: State Department officials discover Clinton’s personal email address and then fail in their legal obligation to share her emails with others.

Heather Higginbottom (Credit: public domain)

Heather Higginbottom (Credit: public domain)

State Department staff reviewing material to possibly give to Congressional committees examining the September 2012 Benghazi terrorist attack discover emails sent by former Clinton aide Jake Sullivan to a personal email address belonging to Clinton.

In ensuing weeks, senior department officials discuss if the Federal Records Act (FRA) requires the department to turn over emails from such personal accounts. In fact, the act does require emails to be turned over if they are work-related. However, an internal investigation will later determine that the department does not notify the National Archives and Records Administration (NARA) of a potential loss of records at any point in time. Furthermore, none of Clinton’s emails are given to any Congressional committee in 2013, nor are they provided in response to any Freedom of Information Act (FOIA) requests that year.

According to department official Heather Higginbottom, Secretary of State John Kerry is not a part of these discussions or decisions. (US Department of State, 5/25/2016) 

Around this debate period, on August 7, 2013, department officials find 17 FOIA requests relating to Clinton in their records, with some of them specifically requesting Clinton emails. But none of the requesters are told about any of Clinton’s emails  apparently due to the result of this debate.

Clinton’s personal email address will be rediscovered in May 2014 after a document request from the new House Benghazi Committee.

June 21, 2013: President Obama nominates James Comey to be the next director of the FBI; Comey starts a ten-year term.

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

While announcing the nomination, Obama comments, “To know Jim Comey is also to know his fierce independence and his deep integrity. […] [H]e doesn’t care about politics, he only cares about getting the job done. At key moments, when it’s mattered most, he [stood] up for what he believed was right. He was prepared to give up a job he loved rather than be part of something he felt was fundamentally wrong.”

Comey had been the deputy attorney general during the Bush administration. Obama’s comment about giving up a job is reference to a 2004 incident where Comey (and others) threatened to resign unless President Bush canceled a surveillance program before its legal authorization expired. Bush gave in and canceled the program. (The White House, 6/21/2013) 

Comey is approved by the Senate later in June and starts his ten-year term as FBI director on September 4, 2013. (Federal Bureau of Investigation, 9/4/2013) Comey will later be in charge of the FBI when it investigates Clinton’s email scandal.

June 24, 2013—August 2015: Another company stores the contents of Clinton’s email server on a cloud storage system; this could help the FBI recover deleted emails.

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

Shortly after taking over management of Clinton’s private email server, Platte River Networks (PRN) buys a device called the Datto SIRIS S2000 from another company called Datto, Inc. that frequently makes copies of all the server’s contents. They use this device on a copy of Clinton’s server, which has been moved to a data storage facility in New Jersey. Then, apparently without PRN asking or paying for it, or even being aware of it, Datto stores those copies of the server’s contents on a “cloud” storage system elsewhere. (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI report will explain, “At the Clintons’ request, PRN only intended that the backup device store local copies of the backups. However, in August 2015, Datto informed PRN that, due to a technical oversight, [Clinton’s] server was also backing up the server to Datto’s secure cloud storage. After this notification, PRN instructed Datto to discontinue the secure cloud backups.”

The FBI report will also reveal that the first Datto back-up takes place on June 24, 2013. But a new server is still being set-up and data being transferred from the old server, so the June 29, 2013 back-up will later prove most useful to FBI investigators. the FBI will say the back-ups will stop on December 23, 2013, but it isn’t explained why. (Federal Bureau of Investigation, 9/2/2016)

In 2015, an unnamed source familiar with Datto’s account will say that PRN was billed for “private cloud” storage, and since PRN didn’t have a cloud storage node of its own, the data bounced to Datto’s cloud. This source says that even though nobody seemed to realize it, Datto was “managing the off-site storage throughout.”

When asked if the FBI might recover Clinton’s deleted emails from Datto’s storage, the source will say, “People don’t use Datto’s service for getting rid of data.” Apparently, the FBI will ask for and get the contents of Datto’s storage in September 2015. (McClatchy Newspapers, 10/6/2015)

Senator Ron Johnson (R), who will write a letter to Datto in late 2015 seeking more information, will say that “questions still remain as to whether Datto actually transferred the data from its off-site data center to the on-site server, what data was backed up, and whether Datto wiped the data after it was transferred.” It is also unknown if Datto employees have security clearances allowing them to view classified information. (CNN, 10/8/2015) 

A Datto official will later say that investigators may be able to recover Clinton’s deleted emails if the data was on the server at the time Datto’s service was first used in 2013. (The Washington Post, 10/7/2015)

The FBI will later confirm that Datto back-ups to the cloud will occur, but it isn’t clear if the FBI recovered any emails from this that they didn’t find through other means. It also isn’t clear if the June 29, 2013 back-up that the FBI finds useful is from the Datto SIRIS S2000, the cloud, or both. (Federal Bureau of Investigation, 9/2/2016)

Also, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, by November 2015, the FBI will find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015.

June 29, 2013: Some of Clinton’s emails are later recovered due to a back-up of computer files made on this date.

130629DattoSIRISS2000Datto

The Datto SIRIS S2000 (Credit: Datto, Inc.)

In June 2013, Platte River Networks (PRN) takes over management of Clinton’s server. Late in the month, they replace the server with a new one and then transfer the data to it. They subcontract with the company Datto, Inc. and purchase a device called the Datto SIRIS S2000 to make periodic back-ups of all the data on the new server. The first such back-up takes place on June 24, 2013.

But data is still being transferred from the old server to the new one. The June 29, 2013 back-up will later prove to be the most important one for FBI investigators, as it apparently is the first one after the data transfer is completed. From that point onwards, emails from Clinton’s four years as secretary of state are likely to only get lost from the server, not added.

The FBI will later report that all of Clinton’s emails at the start of Clinton’s tenure as secretary of state, from January 23, 2009 to March 17, 2009 were missing from the over 30,000 emails Clinton handed over. But the FBI’s Clinton investigation recovered some these emails because they were “captured through a Datto backup on June 29, 2013. However, the emails obtained are likely only a subset of the emails sent or received by Clinton during this time period.”

Clinton’s first server was replaced around March 18, 2009 by the same server that PRN then decided to replace in June 2013. But presumably some of the emails on the first server were transferred to the second server, from instance by being in email inboxes, and then were transferred again by PRN to the newest (and third) server.

One thing that isn’t clear is how many of the emails from after March 18, 2009 were recovered by the FBI. It also isn’t clear if the FBI recovered emails from a Datto device attached to the new server, or if it was from a copy of the data that Datto kept in the “cloud,” over the Internet. (Federal Bureau of Investigation, 9/2/2016)

Late June 2013—October 2013: During this time, it appears that Clinton’s private server is wide open to hacking attempts.

On May 31, 2013, maintenance of the server was taken over by a small Colorado-based company called Platte River Networks (PRN), and the server is sent to a data center in New Jersey. PRN then pays to use threat monitoring software called CloudJacket SMB made by a company named SECNAP. SECNAP claims the software can foil “even the most determined hackers.”

Around June 30, 2013, PRN transfers all the email accounts from the old server to the new one. However, the new software doesn’t begin working until October 2013, apparently leaving the server vulnerable. It is known that the server is repeatedly attacked by hackers in the months from October 2013 on, but it is unknown if any attacks occur when the software is not yet installed. (The Associated Press, 10/7/2015) 

An FBI report will later obliquely confirm this by mentioning that when the new server is set up in June 2013, all the hardware is built up at the time, except for an “intrusion detection device” which has to be added later after it gets shipped to the server location. (Federal Bureau of Investigation, 9/2/2016)

Justin Harvey (Credit: Third Certainty)

Justin Harvey (Credit: Third Certainty)

Justin Harvey, chief security officer of a cybersecurity company, will later comment that Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department. […] She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state. Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.” (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media, which would have left the server especially vulnerable in the months after.

October 2013—February 2014: Clinton’s private email server is the subject of repeated attempted cyber attacks, originating from China, South Korea, and Germany.

The attempts are foiled due to threat monitoring software installed in October 2013. However, from June to October 2013, her server is not protected by this software, and there is no way of knowing if there are successful attacks during that time.

A 2014 email from an employee of SECNAP, the company that makes the threat monitoring software, describes four attacks. But investigators will later find evidence of a fifth attack from around this time. Three are linked to China, one to South Korea, and one to Germany. It is not known if foreign governments are involved or how sophisticated the attacks are.

Clinton had ended her term as secretary of state in February 2013, but more than 60,000 of her emails remained on her server. (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media.

February 2014: A laptop containing all of Clinton’s emails from one year earlier is permanently lost in the mail.

In the spring of 2013, Clinton aide Monica Hanley made a copy of all of Clinton’s emails on a MacBook laptop to make a safe back-up copy of them. Then she apparently forgot to do anything with it for nearly a full year.

The 2013 Apple Mac Book Air Laptop (Credit: public domain)

The 2013 Apple MacBook Air Laptop (Credit: public domain)

In early 2014, Hanley finds the laptop where it has been stored at her personal residence. She attempts to transfer the archive of Clinton’s emails to Platte River Networks (PRN), the computer company which is managing Clinton’s private server by this time. She works with PRN employee Paul Combetta. After trying unsuccessfully to remotely transfer the emails to him, Hanley ships the laptop to his residence in February 2014. Combetta then transfers Clinton’s emails from the laptop onto Clinton’s private server.

This server already should contain all of Clinton’s old emails. But the server that existed when Hanley made the back-up in the spring of 2013 was replaced in June 2013 by a new server, so it is possible that some emails get transferred at the time didn’t get successfully transferred before.

Combetta transfers all of the Clinton email content to a personal Gmail email address he created. Then he downloads all the emails from the Gmail account to a mailbox on the new Clinton server. He will later tell the FBI that he used the Gmail as a middle step because he had format compatibility issues.

Hanley will later tell the FBI that she recommended that PRN wipe the laptop after the emails were transferred to the server. (“Wiping” means repeatedly overwriting the data so it can never be recovered.) However, Combetta will tell the FBI that once the transfer was done, he deleted the emails from the laptop but didn’t do any wiping. He also deleted the emails uploaded to the Gmail account.

According to the FBI’s final report, Combetta then ships the laptop to a person whose name will later be redacted, but works on Clinton’s staff in some capacity. He ships it through the mail, using United States Postal Service (USPS) or United Parcel Service (UPS). The unnamed Clinton staffer will later tell the FBI that she never received the laptop. She will say that Clinton’s staff was moving offices at the time, and it would have been easy for the package to get lost during the transition period.

According to Combetta’s September 2015 FBI interview, he “shipped the foregoing MacBook back to [redacted], but recalled nothing about the return shipment.” That would presumably mean he shipped it back to Hanley, since she shipped it to him. But in Hanley’s January 2016 interview, she will claim to have asked another woman (whose name is redacted) if they ever received laptop and were told they did not. Thus it would appear Combetta and Hanley will have different accounts of who is sent the laptop.

The laptop is apparently permanently lost. However, some of Clinton’s emails will somehow be recovered from the Gmail account in 2016, even though they were all deleted. (Federal Bureau of Investigation, 9/2/2016) (Federal Bureau of Investigation, 9/23/2016)

May 8, 2014: The House Benghazi Committee is formed, in order to investigate the US government’s response to the 2012 terrorist attacks in Benghazi, Libya.

Representative Trey Gowdy (Credit: Crooks and Liars)

Representative Trey Gowdy (Credit: Crooks and Liars)

House Speaker John Boehner (R) formally announces its formation. Representative Trey Gowdy (R) is named the head investigator. (The New York Times, 8/8/2015) The committee is dominated by Republicans and will be frequently accused of having a partisan agenda to criticize Clinton and other Democrats.

July 23, 2014: Clinton’s lawyers are sent some of Clinton’s emails so they can begin sorting them.

Unnamed employees at Platte River Networks (PRN), the company managing Clinton’s private server, discuss in an email sending copies of Clinton’s emails from when she was secretary of state overnight to Cheryl Mills, Clinton’s former chief of staff. A company spokesperson will later confirm that the company did begin sending the emails to Mills around this time. (The Washington Post, 9/22/2015) 

A September 2016 FBI report will confirm that PRN sent some of Clinton’s emails in response to a request from Mills, but only those which were sent to or received from a .gov email address while Clinton was secretary of state. An unnamed PRN employee remotely transferred a .pst file containing the emails onto the laptops of Mills and Heather Samuelson (another Clinton lawyer) via ScreenConnect. (Federal Bureau of Investigation, 9/2/2016)

Two weeks after the FBI report is released, an email reported in the media will reveal that on this day, PRN employee Paul Combetta overrnighted DVDs of data from Clinton’s server to Clinton Executive Services Corp. (CESC), a Clinton family company.  The exact shipping charge of $46.38 is mentioned in the email. (The New York Post, 9/18/2016)

It is unclear if this is in addition to the files being transferred over the Internet as described by the FBI, or instead of it. Combetta will claim in a September 2015 FBI interview that he ultimately never sent the DVD and only sent the data over the Internet. However, this may not settle the question, because Combetta will be interviewed three times and his answers will often be inacurate and/or contradictory. (Federal Bureau of Investigation, 9/23/2016)

July 2014 is the same month the State Department first informally requests Clinton’s emails. Mills and Samuelson will be two of three Clinton associates who sort through which emails to turn over and which to delete, along with Clinton’s personal lawyer David Kendall.

In late September 2014, PRN will send the rest of Clinton’s known emails to Mills and Samuelson.

July 24, 2014: The manager of Clinton’s server asks for help in a social media forum to remove Clinton’s address from her emails.

A captured shot of Combetta's 'stonetear' GMail account with picture included. (Credit: public domain)

A captured shot of Combetta’s ‘stonetear’ GMail account with picture included. (Credit: public domain)

A Reddit user by the name of “stonetear” makes a Reddit post that will later cause controversy. Overwhelming evidence will emerge that “stonetear” is Paul Combetta, one of two Platte River Networks (PRN) employees actively managing Clinton’s private server at the time. The post reads:

“Hello all — I may be facing a very interesting situation where I need to strip out a VIP’s (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don’t want the VIP’s email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out. I am not sure if something like this is possible with PowerShell, or exporting all of the emails to MSG and doing find/replaces with a batch processing program of some sort. Does anyone have experience with something like this, and/or suggestions on how this might be accomplished?”

July 24, 2014 Reddit post contained this request for advice about “stripping out” the email address of a “VERY VIP” email account. (Credit: Reddit)

This July 24, 2014 Reddit post contained a request for advice about “stripping out” the email address of a “VERY VIP” email account. (Credit: Reddit)

A response captured in the Reddit chat warning Combetta that what he wants to do is illegal. (Credit: Reddit)

A response captured in the Reddit chat warning Combetta that what he wants to do could result in “major legal issues.” (Credit: Reddit)

The post in made in a sub-forum frequented by other people who manage servers. One poster comments: “There is no supported way to do what you’re asking. You can only delete emails after they’re stored in the database. You can’t change them. If there was a feature in Exchange that allowed this, it would result in major legal issues. There may be ways to hack a solution, but I’m not aware of any.”

Despite this warning, “stonetear” replies, “As a .pst file or exported MSG files, this could be done though, yes? The issue is that these emails involve the private email address of someone you’d recognize and we’re trying to replace it with a placeholder as to not expose it.” (Reddit, 9/19/2016)

The post occurs one day after the House Benghazi Committee reached an agreement with the State Department on the production of records relating to Clinton’s communications. It also came one day after Combetta sent some of Clinton’s emails to Clinton’s lawyers so they could begin sorting them.

After Combetta is discovered to have authored the post in September 2016, Fortune Magazine will comment, “it’s not clear if there is anything illegal about the Reddit request. But the optics sure don’t look good, and strongly suggest that Combetta turned to social media for advice about how to tamper with government records that should been preserved.” (Fortune, 9/21/2016)