William Burns (Credit: Carenegie Endowment for International Peace)
Clinton’s deputy chief of staff Huma Abedin sends an email to another close Clinton staffer discuss Clinton’s concern that someone has been “hacking into her email” after she received an email with a suspicious link to a website with pornographic material.
The FBI will later report, “There is no additional information as to why Clinton was concerned about someone hacking into her email account or if the specific link referenced by Abedin was used as a vector to infect Clinton’s device…”
Several hours later, Clinton receives an email from the personal account of Under Secretary of State for Political Affairs William Burns that also has a link to a suspect website.
The next day, Clinton emails Burns: “Is this really from you? I was worried about opening it!” Department policy requires employees to report suspicious cybersecurity incidents to security officials. However, a 2016 State Department inspector general’s investigative report will find no evidence that Clinton or her staff reports this incident to anyone else within the department. It is unknown if either hacking attack is successful, since the incidents were not investigated at the time. (US Department of State, 5/25/2016) (Federal Bureau of Investigation, 9/2/2016)
The FBI will later be unable to determine if Clinton ever opened the attachment. But “Open source information indicated, if opened, the targeted user’s device may have been infected, and information would have been sent to at least three computers overseas, including one in Russia.” (Federal Bureau of Investigation, 9/2/2016)
In March 2011, a State Department security official warned Clinton and others that there was a dramatic increase in attempts “to compromise the private home email accounts of senior Department officials. […] Specifically, the actors are sending cleverly forged emails to victims’ private web-based accounts… These ‘spear phishing’ messages appear to be sent by US government officials but are designed to trick recipients into activating embedded malicious code by clicking on an attachment or link. […] We urge Department users to minimize the use of personal web email for business…” (US Department of State, 11/5/2015) Despite such warnings and incidents, Clinton continues to exclusively use a private email address for all her work and personal emails.