January 21, 2009—February 1, 2013: Hundreds of Clinton’s emails are printed out by a Bill Clinton staffer; he may have a relevant security clearance.

Clinton presents a letter of congratulations and signed photo to Chief Culinary Specialist Oscar Flores during his retirement ceremony aboard the USS Makin Island on April 1, 2010. (Credit: Chief Mass Communication Specialist John Lill / US Navy)

Clinton presents a letter of congratulations and signed photo to Chief Culinary Specialist Oscar Flores during his retirement ceremony aboard the USS Makin Island on April 1, 2010. (Credit: Chief Mass Communication Specialist John Lill / US Navy)

A September 2016 FBI report will mention that the FBI determined “hundreds of emails” were sent by Clinton’s deputy chief of staff Huma Abedin and other State Department staffers to a member of Bill Clinton’s staff so he could print them out for Clinton. His name will be redacted, but he is almost certainly Oscar Flores, because the report will mention that he is a member of the US Navy Reserves, which Flores is at the time.

Some of these emails will later be determined to contain information classified at the “confidential” level, including six email chains forwarded by Abedin and one email chain forwarded by Clinton.

But the FBI will determine that Flores received a security clearance at the “secret” level on October 25, 2007 from the Defense Department. Furthermore, although Flores retires from the US Navy Reserves in September 2010, there is no indication his security clearance is deactivated at that time. (Federal Bureau of Investigation, 9/2/2016)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

March 25, 2015: A conference call precedes the permanent deletion of Clinton’s “personal” emails.

Platte River Networks (PRN), the computer company managing Clinton’s server, holds a conference call with some members of former President Bill Clinton’s staff. This is according to a later FBI report, but the FBI has not revealed who exactly takes part in the conference call or what is discussed.

The four “President Clinton” aides who had access to the private server were from left to right, Justin Cooper, Doug Band, Jon Davidson, and Oscar Flores. (Credit for all photos: public domain)

PRN employee Paul Combetta will later say that in the days just after this call, between March 25 and 31, 2015, he suddenly remembers that he did not make changes to the email retention policy to Clinton’s email account, as one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills requested him to do back in December 2014. He will then proceed to do so, resulting in the permanent deletion of all of Clinton’s emails that had been deemed personal.

PRN only has two employees involved in managing Clinton’s server, so it seems highly likely Combetta takes part in the conference call. (Federal Bureau of Investigation, 9/2/2016)

September 13, 2016: “Less than 20 people” had access to Clinton’s private server.

Cooper shakes hands with Representative Chaffetz after the hearing. (Credit: public domain)

Cooper shakes hands with Representative Chaffetz after the hearing. (Credit: CSpan)

Justin Cooper worked with Bryan Pagliano to manage Clinton’s private server while she was secretary of state. When Cooper testifies before a Congressional committee on this day, he is asked by Representative Jason Chaffetz (R), “[H]ow many people had access to the server?”

He replies, “There were two people who had some administrative rights, myself and Mr. Pagliano. I can’t off the top of my head tell you exactly how many users there were over the lifetime of the server, but it was less than 20 people.”

He also mentions, “The only remote access login to the server was for myself and Mr. Pagliano.”

At other points in his testimony, he says that most of the users were members of former President Bill Clinton’s staff and/or Clinton Foundation employees. Cooper doesn’t have a security clearance and its probable that most of the others with access to the server don’t have security clearances either. (US Congress, 9/13/2016)

In July 2016, FBI Director James Comey claimed that Clinton gave between three and nine people without a security clearance access to the server, but he may be defining “access” in a different manner than Cooper.