January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

Shortly After March 2, 2015: Cheryl Mills has a computer company check on the condition of Clinton’s private server after the media makes Clinton’s use of the server front-page news.

On March 2, 2015, the New York Times publishes a front-page story about Clinton’s emails practices and her use of a private email server.

The Equinix data center in Secaucus, NY. (Credit: public domain)

In the days following the publication of the article, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server.

In response to this request, an unnamed PRN employee travels to the Equinix data center in Secaucus, New Jersey, where the server is located, to conduct an onsite review of the equipment. At the same time, another unnamed PRN employee logs in to the server remotely to check on it.

This will result in some changes to the security settings of the server  around March 7, 2015. Additionally, many emails (other than Clinton’s) are deleted from the server on March 8, 2015. (Federal Bureau of Investigation, 9/2/2016)

Around March 7, 2015: Changes are made to the security settings of Clinton’s private server after its existence was revealed in the media.

In the days following a New York Times article revealing Clinton’s use of her private server, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server. Two unnamed PRN employees do so.

This results in some changes to the server’s security settings around March 7, 2015. According to a September 2016 FBI report, these changes “include disabling the server’s public-facing VPN page and switching from SSL protocol to TLS to increase security.”

The FBI will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant-messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way conummication. TLS is the successor to SSL and is considered more secure.” (Federal Bureau of Investigation, 9/2/2016)

March 8, 2015: Someone deletes email accounts other than Clinton’s from Clinton’s private server.

In a September 2016 report, the FBI will reveal that the “FBI forensically identified deletions from [Clinton’s] server on March 8, 2015 of .pst files not associated with Clinton’ s email account or domain, and other server data.”

A .pst or “Personal Storage Table” file is a file format used to store copies of emails and other items within Microsoft software.

This incident will only be mentioned in a footnote in an FBI report, with no mention of who made the deletions or why. It also is not clear how thorough the deletions are. Clinton’s deputy chief of staff Huma Abedin had a frequently used email account hosted on the server, but it is unknown if these deletions include her emails.

Platte River Network's new, larger office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

Platte River Network’s new, 12,000 sq. foot office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

It seems probable an employee of Platte River Networks (PRN), the computer company managing Clinton’s server, made the deletions. Shortly after a news report made Clinton’s use of the server public knowledge on March 2, 2015, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requested that PRN conduct a complete inventory of all equipment related to the server, and one unnamed PRN employee physically checked the server while another one remotely logged on to check it.

The FBI report will also mention that around March 7, 2015, PRN makes various changes to the server’s security settings. (Federal Bureau of Investigation, 9/2/2016)

March 9, 2015: An email from Cheryl Mills warns a Platte River Networks employee that Clinton’s emails should be preserved, but he will delete them all later in the month anyway.

Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff, sends an email to some employees at Platte River Networks (PRN), the company that is managing Clinton’s private server. On March 3, 2015, the House Benghazi Committee sent a letter to Clinton’s lawyers, asking that they preserve all of Clinton’s emails. This is because of a New York Times report the day before that indicated Clinton probably had many emails from when she was secretary of state that the State Department did not. Mills’ email to PRN references this preservation request.

150303PlatteRiverNewOfficePRFB

In March 2015, PRN is preparing to move from a small downtown loft in Denver, to a more spacious 12,000 sq. foot office space. (Credit: Platte River Networks / Facebook)

PRN employee Paul Combetta is one of the recipients of this email from Mills. In a February 18, 2016 FBI interview, he will claim that he didn’t recall seeing the preservation request mentioned in the email. But he will be interviewed by the FBI again, on May 3, 2016. At that time, he will indicate that he deleted and then wiped all of Clinton’s emails from her server in late March 2015, despite the fact that, according to an FBI report, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.”

It is not clear why he will do this. He will also state during his second interview, “he did not receive guidance from other PRN personnel, PRN’s legal counsel, or others regarding the meaning of the preservation request.” (Federal Bureau of Investigation, 9/2/2016)

March 25, 2015: A conference call precedes the permanent deletion of Clinton’s “personal” emails.

Platte River Networks (PRN), the computer company managing Clinton’s server, holds a conference call with some members of former President Bill Clinton’s staff. This is according to a later FBI report, but the FBI has not revealed who exactly takes part in the conference call or what is discussed.

The four “President Clinton” aides who had access to the private server were from left to right, Justin Cooper, Doug Band, Jon Davidson, and Oscar Flores. (Credit for all photos: public domain)

PRN employee Paul Combetta will later say that in the days just after this call, between March 25 and 31, 2015, he suddenly remembers that he did not make changes to the email retention policy to Clinton’s email account, as one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills requested him to do back in December 2014. He will then proceed to do so, resulting in the permanent deletion of all of Clinton’s emails that had been deemed personal.

PRN only has two employees involved in managing Clinton’s server, so it seems highly likely Combetta takes part in the conference call. (Federal Bureau of Investigation, 9/2/2016)

Between March 25 and 31, 2015: A Platte River Networks employee allegedly deletes all of Clinton’s emails and then wipes them to prevent their recovery, despite apparently having no clear order to do so.

Platte River Networks (PRN) is managing Clinton’s private server, and two PRN employees are occasionally working on it. Around December 2014, PRN employee Paul Combetta was told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills to delete all copies of Clinton’s emails off Mills’ computer and the computer of another lawyer working for Clinton, Heather Samuelson. He did so. But he says he was also told by Mills to change the email retention policy on Clinton’s clintonemail.com email account so that Clinton’s unwanted “personal” emails would be deleted after 60 days, and he forgot to do that.

Combetta will be interviewed by the FBI on February 18, 2016. At that time, he will say that after a conference call between PRN and the staff of former President Bill Clinton on March 25, 2015, roughly between March 25 and 31, 2015, he will realize he forgot to make the change, but then will tell the FBI that he didn’t do anything about it.

However, Combetta will be interviewed by the FBI again on May 3, 2016, and his answers will change. This time, he will say he had what told the FBI was “an ‘oh shit’ moment.” Then, sometime between March 25 and 31, 2015, he deleted the Clinton archive mailbox from Clinton’s server. Furthermore, he used BleachBit to delete the exported .pst files he had created on the server system containing Clinton’s emails.

150326PlatteMontage

There are six employees leading PRN in 2015. From left to right they are Brent Allshouse, David DeCamillis, Treve Suavo, Sam Hickler, Craig Papke, and Dave Robinson (not pictured). (Credit: Linked In and Platte River Networks)

An FBI report will explain, “BleachBit is open source software that allows users to ‘shred’ files,” as well as other functions. “BleachBit’s ‘shred files’ function claims to securely erase files by overwriting data to make the data unrecoverable.”

Additionally, the FBI investigation will later find “evidence of these deletions and determined the Datto backups of the [Clinton’s] server were also manually deleted during this timeframe.” However, the FBI will not mention if they figured out who deleted the Datto back-ups, whether it is Combetta or someone else.

150326BleachBitSystemCleaner1.8

BleachBit System Cleaner 1.8 (Credit: BleachBit)

Note that Combetta was only asked by Mills to change the deletion policy on Clinton’s account, which would have deleted only her “personal” emails 60 days later. He actually immediately deleted all of her emails, including her work-related ones, and then used a program to make their later recovery impossible. It is not clear if anyone told him to do this, and if so who, or if he did it on his own.

Furthermore, Combetta took these actions even though Mills sent him (and others at PRN) an email on March 9, 2015, which mentioned how the House Benghazi Committee had requested to Clinton’s lawyers that all of Clinton’s emails should be preserved. In his first FBI interview, he will deny being aware of this. But in his second FBI interview, according to the FBI, at the time he made the deletions, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.” (Federal Bureau of Investigation, 9/2/2016)

March 31, 2015: A Platte River Networks employee talks to two of Clinton’s lawyers shortly after deleting and wiping all of Clinton’s emails from her server.

Platte River Networks (PRN) is a computer company managing Clinton’s private server. PRN employee Paul Combetta will later admit to the FBI that he deleted all of Clinton’s emails from her server and then used the computer program BleachBit to permanently eliminate the emails. This is despite the fact that he claims he had only been told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills back in December 2014 to change the email retention policy on Clinton’s account.

On March 25, 2015, there was a conference call between PRN employees and members of former President Bill Clinton’s personal staff. On March 31, 2015, there is another conference call. Combetta will later say he made the deletions at some point between the two calls.

Details about the second call are murky because the FBI only discovered it took place due to discovering a PRN work ticket about it. The ticket mentions PRN employees talking to Clinton’s personal lawyer David Kendall as well as her lawyer Mills. But when Combetta was asked about it, according to the FBI, “PRN’s attorney advised [him] not to comment on the conversation with Kendall, based upon the assertion of the attorney-client privilege.”

In 2016, Mills will be interviewed by the FBI. She will state that she was unaware that Combetta made such deletions and modifications in March 2015. This presumably would mean they were not discussed in the second conference call, or any time after that. Clinton will also be interviewed in 2016, and she will also claim she was unaware of the March 2015 email deletions. (Federal Bureau of Investigation, 9/2/2016)