Shortly After March 2, 2015: A surge of hacking attempts follows the revelation of Clinton’s use of a private email server in the media.

On March 2, 2015, a New York Times article publicly reveals Clinton’s use of a personal email account and private server to conduct government business. The FBI’s Clinton email investigation will later identify an increased number of login attempts to her server and its associated domain controller just after this article comes out.

According to the FBI in September 2016, “Forensic analysis revealed none of the login attempts were successful. [The] FBI investigation also identified an increase in unauthorized login attempts into the Apple iCloud account likely associated with Clinton’s email address during this time period.” (Clinton’s email address, which had been publicly revealed in March 2013, was still used as the user name for the account.) “Investigation determined all potentially suspicious Apple iCloud login attempts were unsuccessful.”

Despite all this, Clinton does not simply turn the server off. Instead, Platte River Networks (PRN) employees, who are managing the server, make some security improvements around March 7, 2015.

PRN staff also discuss the possibility of conducting penetration testing against the server to highlight vulnerabilities, so they can be fixed. However, the penetration testing ultimately doesn’t happen. (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: The company managing Clinton’s private server fails to fully test its security vulnerabilities.

Johannes Ullrich (Credit: LinkedIn)

Johannes Ullrich (Credit: LinkedIn)

Platte River Networks (PRN) is the company managing Clinton’s private server. Due to a wave of hacking attacks on the server following the public revelation of the server on March 2, 2015, PRN considers doing penetration testing. That  means hiring someone to try to hack the server in order to expose its vulnerabilities so they can be fixed.

Cybersecurity expert Johannes Ullrich will later comment, “It’s a good idea, and it’s also commonly done.”

However, the penetration testing never happens. It isn’t clear why. (The New York Post, 9/18/2016) (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: Cheryl Mills has a computer company check on the condition of Clinton’s private server after the media makes Clinton’s use of the server front-page news.

On March 2, 2015, the New York Times publishes a front-page story about Clinton’s emails practices and her use of a private email server.

The Equinix data center in Secaucus, NY. (Credit: public domain)

In the days following the publication of the article, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server.

In response to this request, an unnamed PRN employee travels to the Equinix data center in Secaucus, New Jersey, where the server is located, to conduct an onsite review of the equipment. At the same time, another unnamed PRN employee logs in to the server remotely to check on it.

This will result in some changes to the security settings of the server  around March 7, 2015. Additionally, many emails (other than Clinton’s) are deleted from the server on March 8, 2015. (Federal Bureau of Investigation, 9/2/2016)

March 3, 2015: The head of the company managing Clinton’s private server makes a curious political comment; he also wonders what Clinton emails might have to turn over.

David DeCamillis (Credit: Twitter)

David DeCamillis (Credit: Twitter)

David DeCamillis, the vice president of sales for Platte River Networks (PRN), emails other PRN employees about the news reported in the New York Times the day before revealing Clinton’s exclusive use of a private email address hosted on her private server. He writes, “I’m sure the Republicans are giving each other high fives; especially Jeb Bush.”

PRN is the company that has been managing the server since June 2013. There will later be suggestions that PRN was chosen by Clinton or her employees to manage the server at least in part due to the company’s political preference for Democrats, and this email seems to fit with such a preference.

DeCamillis also wonders what emails the company might be asked to turn over. PRN employee Paul  Combetta will send a reply detailing what work he’s done on Clinton’s server. (The New York Post, 9/18/2016)

At the time, Jeb Bush, the former Republican governor of Florida, is seen as the Republican frontrunner for the November 2016 presidential election, though he will ultimately fail to win the Republican nomination.

March 3, 2015: Republican National Committee (RNC) chair Reince Priebus suggests Clinton could have mixed diplomacy and private fundraising in her emails.

Reince Priebus (Credit: Win McNamee / Getty Images)

Reince Priebus (Credit: Win McNamee / Getty Images)

Responding to news reports that Clinton used only a private email and private server while secretary of state, Priebus attempts to tie them into previous reports scrutinizing the Clinton Foundation and its fundraising from foreign governments. “It makes you wonder: Did she use the private emails so she could conduct diplomacy and fundraising at the same time?” (Politico, 3/3/2015)

March 3, 2015: The State Department falsely asserts Clinton’s email practices were not prohibited.

Marie Harf (Credit: public domain)

Marie Harf (Credit: public domain)

State Department spokesperson Marie Harf defends Clinton’s email arrangement, saying that she “was following what had been the practice of previous secretaries.” She claims “it was not prohibited at the time, [and] is not prohibited now.” She also says, “I was a little surprised—although maybe I shouldn’t have been—by some of the breathless reporting coming out last night.” (US Department of State, 3/3/2015) 

Some of Harf’s comments are clearly untrue, as the department’s former chief legal adviser John Bellinger points out in an email to department officials later in the same day. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016) 

Not until a State Department inspector general’s report in May 2016 will it be revealed that Clinton’s email practices were clearly prohibited at the time and differed significantly from the practices of previous secretaries. (US Department of State, 5/25/2016)

March 3, 2015: The State Department’s former chief legal adviser wants the department to clarify that Clinton never had legal approval for her email practices, but the department keeps this secret.

John Bellinger (Credit: public domain)

John Bellinger (Credit: public domain)

John Bellinger, who had been the State Department’s Legal Adviser during the George W. Bush administration, emails the department’s deputy legal advisers Mary McLeod and Richard Visek of the State Department’s office of legal affairs after hearing department spokesperson Marie Harf defend Clinton’s email practices one day after the email scandal was first reported in the media.

Bellinger, who still serves as former secretary of state Condoleezza Rice’s personal legal counsel, writes, “Please make sure that [Harf] doesn’t keep saying that Secretary Rice did the same thing. As you know, that is not correct, and Secretary Rice has corrected the record.”

He adds, “I’m getting calls from people (press and former USG [US government] lawyers) asking whether State lawyers actually approved letting Secretary Clinton use a State [BlackBerry] for official business using a personal email account, and then to keep the emails.” He then repeatedly mentions “L,” which refers to the State Department’s Office of the Legal Adviser that he formerly headed. “[Harf] is implying that State approved this practice (and this suggests that L approved it, though she didn’t say so specifically). As someone who wants to defend L’s reputation, I would urge you to defend the credibility of L as good and careful administrative lawyers, and don’t let [her] give L a bad name. I can’t believe that L would have approved this, and you shouldn’t let [her] imply that you did.”

Visek responds to Bellinger in an email: “Thanks for the heads up. I’ll reach out to PA [The department’s Bureau of Public Affairs] and try to make sure they understand.” These emails will be made public in June 2016 due to a Freedom of Information Act (FOIA) request by the Daily Caller. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016) 

However, the department will not follow Bellinger’s advice and will not reveal to the public that Clinton’s email practices were never approved by the department’s lawyers. That will finally be revealed in a State Department inspector general’s report in May 2016. (US Department of State, 5/25/2016)

March 3, 2015: An unnamed State Department technology expert complains that he and others tried to warn that Clinton’s use of a private email account was a security risk.

He says, “We tried. We told people in her office that it wasn’t a good idea. They were so uninterested that I doubt the secretary was ever informed.” He was a member of the department’s cybersecurity team. He says it was well known amongst the team that Clinton’s private account was at greater risk of being hacked or monitored, but their warnings were ignored. (Al Jazeera America, 3/3/2015)

March 3, 2015 or Shortly Thereafter: The employee who will later delete all of Clinton’s emails is asked about what Clinton emails might be turned over.

On March 3, 2015, David DeCamillis, the vice president of sales for Platte River Networks (PRN), wonders what emails the company might be asked to turn over in an email to other PRN employees. This is because of a New York Times article on March 2, 2015 revealing Clinton’s exclusive use of a private email address hosted on her private server, and PRN has been managing that server since June 2013.

Paul Combetta (Credit: CSpan)

Paul Combetta (Credit: CSpan)

PRN employee Paul Combetta replies to the email, although the date of the reply hasn’t been specified. “I’ve done quite a bit already in the last few months related to this. Her [Clinton’s] team had me do a bunch of exports and email filters and cleanup to provide a .pst [personal storage file] of all of HRC’s [Hillary Rodham Clinton’s] emails to/from any .gov addresses. … I billed probably close to 10 hours in on-call tickets with CSEC related to it :).”

CSEC is a likely reference to Clinton Executive Services Corp. (CESC), a Clinton family company paying for PRN’s services. Combetta will delete and then wipe all of Clinton’s emails later in March 2015. His mention of sending Clinton’s emails likely refers to when PRN sent those emails to two of Clinton’s lawyers in late July 2014. (The New York Post, 9/18/2016)

It is not clear if this is all of Combetta’s reply. But if it is, it is notable that he doesn’t mention that he deleted and then wiped all of Clinton’s emails off the laptops of two lawyers working for Clinton by this time, and allegedly was told to change the settings on Clinton’s server so her emails would be deleted over time as well.