Early June 2013—Early July 2013: Clinton’s server is relocated and then replaced by a new server, but the old server keeps running.

After Platte River Networks (PRN) is selected to manage Clinton’s private email server on May 31, 2013, the company decides to immediately relocate the server and then also replace it with a better one.

130601PlatteRiverFoundersPlatteRiverNetworks

The founders of Platte River Network: Brent Allshouse (left) and Treve Suavo (right). (Credit: Platte River Networks)

PRN assigns two employees to manage the new server (which will be the third server used by Clinton). The FBI will later redact the names of these two employees, but it is known that one of them works remotely from his home in some unnamed town and will handle the day-to-day administration of the server, and the other one works at PRN’s headquarters in Denver, Colorado, and handles all hardware installation and any required physical maintenance of the server. Media reports will later name the two employees as Paul Combetta, who works from Rhode Island, and Bill Thornton.

The employee at PRN’s headquarters (who logically would be Thorton) works with Clinton’s computer technician Bryan Pagliano to help with the transition. Around June 4, 2013, this person is granted administrator access to the server, as well as any accompanying services.

130601EquinixLogo

Equinix Logo (Credit: public domain)

On June 23, 2013, this person travels to Clinton’s house in Chappaqua, New York, shuts down the server, and transports it to a data center in Secaucus, New Jersey, run by Equinix, Inc. This older server will stay at the Equinix facility until it is given to the FBI on October 3, 2015.

The PRN headquarters employee (still likely to be Thornton) turns the old server back on in the Equinix data center so users can continue to access their email accounts. Then he spends a few days there setting up a new server. When he leaves, all the physical equipment for the new server is successfully installed except for an intrusion detection device, which Equinix installs later, once it gets shipped.

Meanwhile, the PRN employee who works remotely (Combetta) does his remote work to get the new server online. Around June 30, 2013, this employee begins to transfer all the email accounts from the old server to the new one. After several days, all email accounts hosted on the presidentclinton.com, wjcoffice.com, and clintonemail.com domains are transferred. However, PRN keeps the old server online at the Equinix data center along with the new server to ensure email continues to be delivered. But the old server no longer hosts email services for the Clintons.

According to an FBI report made public in September 2016, “The new Clinton email server hosted email for [Hillary] Clinton, President Clinton, [redacted], and their respective staffs.”

130601DellPowerEdgeR620

The Dell PowerEdge R620 (Credit: public domain)

This same FBI report will explain that the new server consists of the following equipment: “a Dell PowerEdge R620 server hosting four virtual machines, including four separate virtual machines for Microsoft Exchange email hosting, a BES for the management of BlackBerry devices, a domain controller to authenticate password requests, and an administrative server to manage the other three virtual machines, a Datto SfRlS 2000 to store onsite and remote backups of the server system, a CloudJacket device for intrusion prevention, two Dell switches, and two Fortinet Fortigate 80C firewalls.” (Federal Bureau of Investigation, 9/2/2016)

The FBI report will not make entirely clear what happens to the data on the old server. But a September 2015 Washington Post article will assert that after PRN moved all the data onto a new server, everything on the original server was deleted until it is “blank.” However, it was not wiped, which means having the old files overwritten several times with new data until they can never be recovered. (The Washington Post, 9/12/2015)

Early June 2013: State Department officials discover Clinton’s personal email address and then fail in their legal obligation to share her emails with others.

Heather Higginbottom (Credit: public domain)

Heather Higginbottom (Credit: public domain)

State Department staff reviewing material to possibly give to Congressional committees examining the September 2012 Benghazi terrorist attack discover emails sent by former Clinton aide Jake Sullivan to a personal email address belonging to Clinton.

In ensuing weeks, senior department officials discuss if the Federal Records Act (FRA) requires the department to turn over emails from such personal accounts. In fact, the act does require emails to be turned over if they are work-related. However, an internal investigation will later determine that the department does not notify the National Archives and Records Administration (NARA) of a potential loss of records at any point in time. Furthermore, none of Clinton’s emails are given to any Congressional committee in 2013, nor are they provided in response to any Freedom of Information Act (FOIA) requests that year.

According to department official Heather Higginbottom, Secretary of State John Kerry is not a part of these discussions or decisions. (US Department of State, 5/25/2016) 

Around this debate period, on August 7, 2013, department officials find 17 FOIA requests relating to Clinton in their records, with some of them specifically requesting Clinton emails. But none of the requesters are told about any of Clinton’s emails  apparently due to the result of this debate.

Clinton’s personal email address will be rediscovered in May 2014 after a document request from the new House Benghazi Committee.

June 6, 2013: Chinese government hacker attacks on US government targets have steadily increased since 2008.

Shawn Henry (Credit: public domain)

Shawn Henry (Credit: public domain)

In the summer of 2008, the presidential campaigns of Barack Obama and John McCain had their computers successfully breached by hackers apparently working for the Chinese government. According to NBC News, “US officials say that Chinese intrusions have escalated in the years since, involving repeated attacks on US government agencies, political campaigns, corporations, law firms, and defense contractors—including the theft of national security secrets and hundreds of billions of dollars in intellectual property.”

Shawn Henry headed up the FBI’s investigation of the 2008 attacks and now is president of the computer security company CrowdStrike. He says there’s “little doubt” the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector. “There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue.” (NBC News, 6/6/2013)

June 21, 2013: President Obama nominates James Comey to be the next director of the FBI; Comey starts a ten-year term.

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

While announcing the nomination, Obama comments, “To know Jim Comey is also to know his fierce independence and his deep integrity. […] [H]e doesn’t care about politics, he only cares about getting the job done. At key moments, when it’s mattered most, he [stood] up for what he believed was right. He was prepared to give up a job he loved rather than be part of something he felt was fundamentally wrong.”

Comey had been the deputy attorney general during the Bush administration. Obama’s comment about giving up a job is reference to a 2004 incident where Comey (and others) threatened to resign unless President Bush canceled a surveillance program before its legal authorization expired. Bush gave in and canceled the program. (The White House, 6/21/2013) 

Comey is approved by the Senate later in June and starts his ten-year term as FBI director on September 4, 2013. (Federal Bureau of Investigation, 9/4/2013) Comey will later be in charge of the FBI when it investigates Clinton’s email scandal.

June 24, 2013—August 2015: Another company stores the contents of Clinton’s email server on a cloud storage system; this could help the FBI recover deleted emails.

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

Shortly after taking over management of Clinton’s private email server, Platte River Networks (PRN) buys a device called the Datto SIRIS S2000 from another company called Datto, Inc. that frequently makes copies of all the server’s contents. They use this device on a copy of Clinton’s server, which has been moved to a data storage facility in New Jersey. Then, apparently without PRN asking or paying for it, or even being aware of it, Datto stores those copies of the server’s contents on a “cloud” storage system elsewhere. (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI report will explain, “At the Clintons’ request, PRN only intended that the backup device store local copies of the backups. However, in August 2015, Datto informed PRN that, due to a technical oversight, [Clinton’s] server was also backing up the server to Datto’s secure cloud storage. After this notification, PRN instructed Datto to discontinue the secure cloud backups.”

The FBI report will also reveal that the first Datto back-up takes place on June 24, 2013. But a new server is still being set-up and data being transferred from the old server, so the June 29, 2013 back-up will later prove most useful to FBI investigators. the FBI will say the back-ups will stop on December 23, 2013, but it isn’t explained why. (Federal Bureau of Investigation, 9/2/2016)

In 2015, an unnamed source familiar with Datto’s account will say that PRN was billed for “private cloud” storage, and since PRN didn’t have a cloud storage node of its own, the data bounced to Datto’s cloud. This source says that even though nobody seemed to realize it, Datto was “managing the off-site storage throughout.”

When asked if the FBI might recover Clinton’s deleted emails from Datto’s storage, the source will say, “People don’t use Datto’s service for getting rid of data.” Apparently, the FBI will ask for and get the contents of Datto’s storage in September 2015. (McClatchy Newspapers, 10/6/2015)

Senator Ron Johnson (R), who will write a letter to Datto in late 2015 seeking more information, will say that “questions still remain as to whether Datto actually transferred the data from its off-site data center to the on-site server, what data was backed up, and whether Datto wiped the data after it was transferred.” It is also unknown if Datto employees have security clearances allowing them to view classified information. (CNN, 10/8/2015) 

A Datto official will later say that investigators may be able to recover Clinton’s deleted emails if the data was on the server at the time Datto’s service was first used in 2013. (The Washington Post, 10/7/2015)

The FBI will later confirm that Datto back-ups to the cloud will occur, but it isn’t clear if the FBI recovered any emails from this that they didn’t find through other means. It also isn’t clear if the June 29, 2013 back-up that the FBI finds useful is from the Datto SIRIS S2000, the cloud, or both. (Federal Bureau of Investigation, 9/2/2016)

Also, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, by November 2015, the FBI will find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015.

June 29, 2013: Some of Clinton’s emails are later recovered due to a back-up of computer files made on this date.

130629DattoSIRISS2000Datto

The Datto SIRIS S2000 (Credit: Datto, Inc.)

In June 2013, Platte River Networks (PRN) takes over management of Clinton’s server. Late in the month, they replace the server with a new one and then transfer the data to it. They subcontract with the company Datto, Inc. and purchase a device called the Datto SIRIS S2000 to make periodic back-ups of all the data on the new server. The first such back-up takes place on June 24, 2013.

But data is still being transferred from the old server to the new one. The June 29, 2013 back-up will later prove to be the most important one for FBI investigators, as it apparently is the first one after the data transfer is completed. From that point onwards, emails from Clinton’s four years as secretary of state are likely to only get lost from the server, not added.

The FBI will later report that all of Clinton’s emails at the start of Clinton’s tenure as secretary of state, from January 23, 2009 to March 17, 2009 were missing from the over 30,000 emails Clinton handed over. But the FBI’s Clinton investigation recovered some these emails because they were “captured through a Datto backup on June 29, 2013. However, the emails obtained are likely only a subset of the emails sent or received by Clinton during this time period.”

Clinton’s first server was replaced around March 18, 2009 by the same server that PRN then decided to replace in June 2013. But presumably some of the emails on the first server were transferred to the second server, from instance by being in email inboxes, and then were transferred again by PRN to the newest (and third) server.

One thing that isn’t clear is how many of the emails from after March 18, 2009 were recovered by the FBI. It also isn’t clear if the FBI recovered emails from a Datto device attached to the new server, or if it was from a copy of the data that Datto kept in the “cloud,” over the Internet. (Federal Bureau of Investigation, 9/2/2016)

Late June 2013—October 2013: During this time, it appears that Clinton’s private server is wide open to hacking attempts.

On May 31, 2013, maintenance of the server was taken over by a small Colorado-based company called Platte River Networks (PRN), and the server is sent to a data center in New Jersey. PRN then pays to use threat monitoring software called CloudJacket SMB made by a company named SECNAP. SECNAP claims the software can foil “even the most determined hackers.”

Around June 30, 2013, PRN transfers all the email accounts from the old server to the new one. However, the new software doesn’t begin working until October 2013, apparently leaving the server vulnerable. It is known that the server is repeatedly attacked by hackers in the months from October 2013 on, but it is unknown if any attacks occur when the software is not yet installed. (The Associated Press, 10/7/2015) 

An FBI report will later obliquely confirm this by mentioning that when the new server is set up in June 2013, all the hardware is built up at the time, except for an “intrusion detection device” which has to be added later after it gets shipped to the server location. (Federal Bureau of Investigation, 9/2/2016)

Justin Harvey (Credit: Third Certainty)

Justin Harvey (Credit: Third Certainty)

Justin Harvey, chief security officer of a cybersecurity company, will later comment that Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department. […] She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state. Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.” (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media, which would have left the server especially vulnerable in the months after.