Bryan Pagliano, who later will manage Clinton’s private email server, is hired to be the IT [Information Technology] director for Clinton’s 2008 presidential campaign. According to his later resume, his job is to “Hire and manage a team of systems administrators, engineers, and administrative staff.” From 1999 to 2006, he worked as “Senior Systems Engineer” and “Systems Team Lead” for a company giving computer assistance to non-profits in the Washington, DC, area. (US Department of State, 4/29/2016) Pagliano provides technical support for BlackBerry communications during Clinton’s campaign. (US Department of State, 5/25/2016)
At some unknown point after Clinton ends her presidential campaign on June 7, 2008, Bryan Pagliano is tasked as the lead specialist to take care of the new private email server in Bill and Hillary Clinton’s Chappaqua, New York, house. He will keep the job until mid-2013. Pagliano worked as the IT (information technology) director for Hillary Clinton’s 2008 presidential campaign.
He is paid by Clinton’s Senate leadership PAC (political action committee) through April 2009, then starts working for the State Department a month later. (The Washington Post, 8/4/2015)
Justin Cooper is an aide to former President Bill Clinton, and he is the administrator for the private server located in the Chappaqua, New York, house where Bill and his wife Hillary live. Cooper will later be interviewed by the FBI, and he will say that the decision is made to replace the server because the current server (being run on an Apple OS X computer) is antiquated and people using it are having email troubles.
At the recommendation of Hillary Clinton’s longtime aide Huma Abedin, Cooper contacts Bryan Pagliano, who worked on Clinton’s 2008 presidential campaign as an information technology specialist, to build a new server system and to assist Cooper with administrating it. Pagliano was getting rid of the computer equipment from Clinton’s presidential campaign, so it is decided to use some of this equipment for the new server at the Chappaqua house.
According to a later FBI interview, Hillary Clinton “told the FBI that at some point she became aware there was a server in the basement of her Chappaqua residence. However, she was unaware of the transition from the Apple server managed by Cooper to another server built by Pagliano and therefore, was not involved in the transition decision.”
Between the fall of 2008 and January 2009, Pagliano gets computer equipment from Clinton’s former presidential campaign headquarters, and also works with Cooper to buy additional necessary equipment.
Clinton becomes secretary of state on January 20, 2009, and begins using a clintonemail.com email address around that time, which is hosted on the old Apple server. The new server won’t be operational until March 2009. (Federal Bureau of Investigation, 9/2/2016)
Her server was installed in her house in Chappaqua, New York, and it continues to reside there. Her IT [Information Technology] expert Bryan Pagliano has been in charge of running it since 2008 as well, and continues to do so.
Yet the Washington Post will later report, “Four computer-security specialists interviewed by the Post said that such a system could be made reasonably secure but that it would need constant monitoring by people trained to look for irregularities in the server’s logs.”
One of the specialists will comment, “For data of this sensitivity… we would need at a minimum a small team to do monitoring and hardening.” (The Washington Post, 3/27/2016)
When Clinton’s first server is upgraded with a new server in March 2009, a Seagate external hard drive is attached to the server to store back-up copies of all of its data.
Bryan Pagliano, who manages the server at the time, will later tell the FBI that daily changes are backed up onto the hard drive every day, and a complete back-up is made once a week. As space on the hard drive runs out, backups are deleted on a “first in, first out” basis.
This continues until June 2011. That month, Pagliano travels from Washington, DC, where he works in the State Department, and goes to where the server is, in Chappaqua, New York. Pagliano replaces the Seagate external hard drive with a Cisco Network Attached Storage (NAS) device, also to store backups of the server.
It is unclear what becomes of either back-up device or the data they contained. The FBI’s September 2016 final report on the Clinton email investigation will only mention: “The FBI was unable to forensically determine how frequently the NAS captured backups of the Pagliano Server.” But the report will also complain about the “FBI’s inability to recover all server equipment,” and there will be no mention of any data recovered from either back-up device. (Federal Bureau of Investigation, 9/2/2016)
Also in September 2016, Justin Cooper, who helped Pagliano manage the server, will be asked about these hard drives at a Congressional hearing. He will say he only heard about them from reading the FBI final report. (He claims he handled customer service while Pagliano handled the technical aspects.)
He will also be asked if FBI agents ever came to the Clinton’s Chappaqua house to seize any equipment. Cooper worked as an aide to Bill Clinton in the house, but he will say he is unaware of the FBI ever coming to the house. (US Congress, 9/13/2016)
Justin Cooper, an aide to former President Bill Clinton, has been working with Bryan Pagliano, who worked as a computer technician on Hillary Clinton’s 2008 presidential campaign, to build a new private server located in the Clintons’ Chappaqua, New York, house. Some time in March 2009, Pagliano and Cooper met at the Chappaqua house to physically install the server and related equipment in a server rack in the basement.
Once the new server is up and running, Pagliano migrates the email data from the old server to the new one. Pagliano will later be interviewed by the FBI, and he will claim that after the migration, no email content should have remained on the old server. He will tell the FBI that he only transferred clintonemail.com email accounts for Clinton aide Huma Abedin and others (whose names will later be redacted), and he was unaware of and did not transfer an email account for Hillary Clinton.
However, Clinton emails using a clintonemail.com domain address start getting sent in January 2009, showing she must had had an account on the old server since that time. Cooper will also later be interviewed by the FBI, and he will say he believed Clinton had a clintonemail.com email account on the old server and Abedin did not. The FBI will be unable to obtain the old server to analyze it, so the dispute has not been fully resolved.
This new server will be used for the rest of Clinton’s term as secretary of state, then will be replaced in 2013. Later in March 2009, the old server is repurposed to serve as a personal computer for household staff at Clinton’s Chappaqua house. (Federal Bureau of Investigation, 9/2/2016)
The Washington Post will later report, “The server was nothing remarkable, the kind of system often used by small businesses, according to people familiar with its configuration at the end of her tenure. It consisted of two off-the-shelf server computers. Both were equipped with antivirus software. They were linked by cable to a local Internet service provider. A firewall was used as protection against hackers.” (The Washington Post, 3/27/2016)
According to the FBI, the new server initially consists of the following equipment: “a Dell PowerEdge 2900 server miming Microsoft Exchange for email hosting and management, a Dell PowerEdge 1950 server miming BlackBerry Enterprise Server (BES) for the management of BlackBerry devices, a Seagate external hard drive to store backups of the Dell PowerEdge 2900 server, a Dell switch, a Cisco firewall, and a power supply.” (Federal Bureau of Investigation, 9/2/2016)
In 2015, Hillary Clinton will say of her server, “It was sitting there in the basement. It was not any trouble at all.” (The Wall Street Journal, 9/27/2015)
In March 2009, Clinton’s private email server is replaced by a larger one built by her computer technician Pagliano. Cooper had been the only person with administrative access for the previous server, but now both him and Pagliano have administrative accounts on the new one.
Pagliano handles all software upgrades and general maintenance. He works at the State Department in Washington, DC, and there is only evidence of him going to Chappaqua, New York, to directy work on the server three times: in March 2009, to install the server; in June 2011, to upgrade the equipment; and in January 2012, to fix a hardware issue.
By contrast, in a later FBI interview, Cooper will describe his role as “the customer service face.” He can add users or reset passwords on the email server. He also works at the Chappaqua house as an aide to former President Bill Clinton, so it is much easier for him to physically interact with the server there.
Cooper and Pagliano both handle the selection and purchase of server-related items.
In a later FBI interview, Hillary Clinton will state “she had no knowledge of the hardware, software, or security protocols used to construct and operate the servers. When she experienced technical issues with her email account she contacted Cooper for assistance in resolving those issues.”
The roles of Cooper and Pagliano will be phased out in mid-2013, with the Platte River Networks company winning a contact to manage Clinton’s server on May 31, 2013.
When Clinton’s computer technician Bryan Pagliano is interviewed by the FBI in December 2015, he will recall a conversation with a person whose name is redacted that takes place at the beginning of Clinton’s tenure as secretary of state. According to the FBI, this person “advised he would not be surprised if classified information was being transmitted to Clinton’s personal server.”
Pagliano joins the State Department in May 2009, and he also is the main person to manage problems with the server. But there is no mention of him taking any action about this warning or passing it on to anyone else. The unnamed person also gives Pagliano advice on how to improve the server security that goes unheeded as well. (Federal Bureau of Investigation, 9/2/2016)
When Bryan Pagliano, the manager of Clinton’s private server while she Clinton’s is secretary of state, will be interviewed by the FBI in December 2015, he will recall a conversation that takes place around the beginning of Clinton’s tenure. This person, whose name is later redacted, recommends that email transiting from a state.gov account to Clinton’s private server should be sent through a Transport Layer Security (TLS) “tunnel.” Most of Clinton’s email traffic is with State Department officials using state.gov accounts.
A September 2016 FBI report will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way communication. TLS is the successor to SSL and is considered more secure.”
Pagliano is the main person to manage problems with the server, but he will tell the FBI that the transition to TLS never occurred. It is not clear why. The FBI will be unable to forensically determine if TLS was ever implemented on the server.
The same unnamed person who gives Pagliano this advice also tells him at the same time that he would not be surprised if classified information was being transmitted to Clinton’s personal server. (Federal Bureau of Investigation, 9/2/2016)
This is according to a 2015 independent analysis by Venafi Inc., a cybersecurity firm that specializes in the encryption process. Not until this day does the server receive a “digital certificate” that encrypts and protects communication over the Internet through encryption.
The Washington Post will later report, “It is unknown whether the system had some other way to encrypt the email traffic at the time. Without encryption—a process that scrambles communication for anyone without the correct key—email, attachments and passwords are transmitted in plain text.”
A Venafi official will later comment, “That means that anyone could have accessed it. Anyone.” (The Washington Post, 3/27/2016)
Clinton began sending emails using the server by January 28, 2009, but will later claim she didn’t start using it until March 18, 2009—a two-month gap similar to the two-month gap the server apparently wasn’t properly protected. Apparently, she has not given investigators any of her emails from before March 18. (The New York Times, 9/25/2015)
A 2016 op-ed in the Washington Post will suggest that security concerns during Clinton’s February 2009 trip to Asia could have prompted the use of encryption on her server. (The Washington Post, 4/4/2016)
An FBI report released in September 2016 will confirm that encyption only began in March 2009. It states that “in March 2009, [Bill Clinton aide Justin] Cooper registered a Secure Sockets Layer (SSL) encryption certificate at [Bryan] Pagliano’s direction for added security when users accessed their email from various computers and devices.” (Federal Bureau of Investigation, 9/2/2016)
The Washington Post will later report, “Officials in the IT division have told investigators they could not recall previously hiring a political appointee.” Pagliano had worked as the IT director for Clinton’s PAC [political action committee] and also for her presidential campaign, and was paid by the PAC until April 2009. He also provided computer services to the Clinton family. (The Washington Post, 3/27/2016)
Patrick Kennedy, the department’s under secretary for management, oversees the hiring of Pagliano. Pagliano’s new bosses Susan Swart, head of the department’s Bureau of Information Resource Management, and her deputy, Charlie Wisecarver exchange emails expressing confusion and surprise that Kennedy has given them a political employee to work in the IT division. (Reuters, 3/24/2016) His initial salary is $133,000 a year. As a Schedule C political hire, Pagliano is vetted by the State Department’s Office of White House Liaison, where Heather Samuelson holds a top position. Samuelson worked on Clinton’s 2008 presidential campaign, as did Pagliano, and in 2014 she will be one of three Clinton aides who decide which of Clinton’s 60,000 emails will be deleted. (The Daily Caller, 3/3/2016)
According to a later account by Clinton’s legal counsel, Clinton’s computer technician Bryan Pagliano performs “technology services for the Clinton family for which he [is] compensated” by check or wire transfer in varying amounts at various times between 2009 and 2013. Most importantly, he manages her private email server as an outside job, including doing so during his hours for the State Department. However, exactly how much he gets paid is unknown. Other details such as who he directly reports to, who directly pays him, and how many hours a week he works on the task also remain unknown. It appears that Justin Cooper, an assistant to Bill Clinton who does not work in government, sometimes helps manage the server as well. But Cooper’s role is even more unclear. (US Department of State, 5/25/2016)
In May 2009, begins working for the State Department while continuing to be paid by Clinton for managing her private server. However, he does not list his outside income in the required personal financial disclosures he files each year. This continues until his full time department job ends in February 2013, the same month Clinton’s tenure as secretary of state ends. In early 2015, a State Department official will say that the department has “found no evidence that he ever informed the department that he had outside income.” (The Washington Post, 9/5/2015) To lie on such a financial disclosure form is a felony punishable by up to five years in prison. (US Legal Code, 2/24/2012)
During the time Bryan Pagliano works as a political employee in the State Department’s IT [information technology] division starting in May 2009, he continues to secretly manage Clinton’s private email server in her house. The Washington Post will later report, “Three of Pagliano’s supervisors… told investigators they had no idea that Clinton used the basement server or that Pagliano was moonlighting on it.” (The Washington Post, 3/27/2016) However, Pagliano’s two direct supervisors (who apparently are Susan Swart and Charlie Wisecarver) will later tell department investigators that while they were aware Pagliano provided computer assistance to Clinton’s 2008 presidential campaign, they didn’t know he was supporting her server during working hours. They will question how he could do so given that he was supposed to be working full-time for the department. (US Department of State, 5/25/2016) An unnamed colleague in Pagliano’s division will later similarly say that Pagliano’s immediate supervisors didn’t know Clinton’s private server even existed until it was revealed in news reports in 2015. In March 2016, the Reuters will report that both Clinton and the State Department continue to decline “to say who, if anyone, in the government was aware of the email arrangement.” (Reuters, 3/24/2016)
Clinton’s deputy chief of staff Huma Abedin sends an email to Justin Cooper, an aide to Bill Clinton. She forwards a message from Clinton’s chief of staff Cheryl Mills to Clinton that had bounced, and asks Cooper, “HRC [Clinton] email coming back—is server okay?”
He replies, “UR [You are] funny. We are on the same server.” His reply goes to Mills as well as Abedin, indicating that both of them are aware of the existence of Clinton’s private server.
Cooper’s email domain will be redacted when this email is released in 2016, but his comment indicates his email is on the clintonemail.com domain, the same as Clinton’s. (Abedin has an email account on that domain too, but she sends this email from her State Department state.gov account.) (US Department of State, 6/20/2016)
Cooper is not a government employee and apparently has no security clearance, but other reports indicate he helps Bryan Pagliano manage Clinton’s server.
In an email to State Department IT [Information Technology] staffer Bryan Pagliano, Mills writes, “Somewhere [between] my house and the plane to NYC yesterday my personal BB got misplaced; no one is answering it though I have called.” Mills uses both a personal and a government-issued BlackBerry, and it is her personal BlackBerry that gets lost. However, details in released emails show that Mills sometimes sent and received work-related emails from her personal BlackBerry, including emails that were retroactively classified. It is unclear if Mills ever finds her BlackBerry after losing it. (The Daily Caller, 1/26/2016) (US Department of State, 1/15/2016)
A New York Observer article will later comment that Mills “was using her personal BlackBerry for work, including the transmission of classified email. That alone is a crime. Then, in a move worthy of a dark comedy, [she] proceeded to lose that BlackBerry. This would be a career-ender, at best, for any normal US government employee. [But she] suffered no penalties of any kind for this astonishing security lapse.” (The New York Observer, 1/28/2016)
An email from Bryan Pagliano to Cheryl Mills, Clinton’s chief of staff, on this day that will later be made public shows that Pagliano sometimes uses the email address email@example.com for work matters. Pagliano is a State Department employee at the time, but he also is managing Clinton’s private email server. In the email, he tells Mills, “Sent a reply from my [redacted] address, but delivery tends to be delayed going to state.gov addresses.” This shows he uses a government email address for work as well. (US Department of State, 1/15/2016)
The hillaryclinton.com domain was used for people working for Clinton’s 2008 presidential campaign, as Pagliano did. Apparently that domain was kept operational long after the campaign ended.
According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.
Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)
However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.
Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)
It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.
The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)
Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”
The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)
Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”
Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”
After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)
After Bryan Pagliano sets up Clinton’s new private server in January 2009, he sets up Internet Protocol (IP) filtering on the firewall, once a firewall is established in late March 2009. Pagliano will later tell the FBI that he tried to review the firewall log files once a month.
At some point, Justin Cooper, a Bill Clinton aide who is helping Pagliano manage the server, puts Pagliano in contact with a US Secret Service agent. The timing of this is not clear. However, in a September 2016 Congresssional hearing, Cooper will say it happened after Clinton’s server started to get frequent “brute force” hacking attacks, and that begins around the middle of 2010.
This agent recommends that Pagliano should also perform outbound filtering of email traffic. According to a September 2016 FBI report, “Pagliano further considered, but ultimately did not implement, a Virtual Private Network (VPN) or two-factor authentication to better secure administrative access to the server system by him and Cooper.”
The FBI report will explain: “‘VPN’ is a private network that runs on top of a larger network to provide access to shared network resources, which may or may not include the physical hard drives of individual computers… VPN offers an additional layer of security by encrypting the data traveling to the private network before sending it over the Internet. Data is then decrypted when it reaches the private network. … ‘Two-factor authentication’ is a method of confirming a user’s claimed identity by utilizing a combination of two different components…” (Federal Bureau of Investigation, 9/2/2016) (US Congress, 9/13/2016)
Clinton’s computer technician Bryan Pagliano is working with staff from the State Department’s Information Resources Management (IRM) office to resolve issues affecting the ability of emails sent from Clinton’s private server to be received at department .gov email addresses. Pagliano shows some staffers the computer logs from the server. The issue is eventually resolved. On December 21, 2010, IRM staff send an email to Clinton’s top aides describing the issue and summarizing what was done to resolve it. This appears to be one of the few times Clinton’s server is discussed with other department employees. (US Department of State, 5/25/2016)
According to later released emails, Bryan Pagliano receives an IT [information technology] security briefing in late 2010 or early 2011. It has to do with cybersecurity risks facing the State Department. A letter by Charles Grassley (R) which summarizes the emails says this briefing is “in connection with his work on the Secretary’s non-government server.” Pagliano continues to run Clinton’s private email server after he is hired by the State Department in May 2009, and at least initially, his bosses and co-workers don’t know about his second job with Clinton’s server. It’s not clear who else learns about it and when. (Reuters, 3/24/2016) (US Department of State, 5/25/2016)
Justin Cooper writes in an email to Clinton’s deputy chief of staff Huma Abedin, “Fyi [For your information] clintonemail.com is down due to an outage with our ISP. Our actual systems are up. If it looks to be long term ie past tomorrow I will reroute the mail. [You] or Oscar can tell HRC [Clinton].” (US Department of State, 6/20/2016)
This indicates that Cooper is helping Bryan Pagliano to manage Clinton’s private server (at the clintonemail.com domain) and has some technical ability if he can reroute the email. However, he is not a government employee and apparently has no security clearance. Instead, he is an aide to Bill Clinton and likely spends a lot of time at the Chappaqua, New York house where both Bill and the server are.
There is an email chain this day started by Clinton, with all emails in it between Clinton, Justin Cooper, Bryan Pagliano, and Oscar Flores. Cooper (a Bill Clinton aide) and Pagliano (a State Department official) are jointly managing Clinton’s private server, with Cooper doing more of the customer service and Pagliano more of the technical aspects. Flores helps manage Clinton’s home in Chappaqua, New York, where the server is located.
Clinton begins the email chain with the subject heading “Help!” She writes: “Once again, I’m having BB [BlackBerry] trouble. I am not receiving emails although people are getting ones I send but I get their replies on my IP [iPad]. I’ve taken out the battery and done what I know to do but with no luck yet any ideas?”
Cooper sends two replies trying to solve the problem, with Clinton giving a short reply to one of them.
Then Pagliano writes, “Let me take a look at the server to see if it offers any insight. iPhone is not much different from iPad, however in both cases the security landscape is different from the BlackBerry. -Bryan”
Then Clinton replies, “Thanks again. I’m back in business.” (US Department of State, 10/12/2016)
None of these five emails will be included in the 30,000 work-related emails Clinton gives the State Department in December 2014, even though the inclusion of Pagliano, a department official, in the chain makes them work-related. (One email that will be included is simply Pagliano wishing Clinton a happy birthday in 2012.) Instead, one of the emails in the chain will be later recovered by the FBI from Clinton’s deleted emails (with the text of the other four emails included in the reply).
These emails will be released to Judicial Watch on October 12, 2016, in response to a Freedom of Information Act (FOIA) lawsuit, and Judicial Watch will make them public on October 19, 2016. (US Department of State, 10/12/2016)
Ironically, in the same time frame, on October 13, 2016, Clinton’s written responses to a court deposition will be made public. In one answer, she will write: “Secretary Clinton states that she does not recall having communications with Bryan Pagliano concerning or relating to the management, preservation, deletion, or destruction of any emails in her clintonemail.com email account.” (Judicial Watch, 10/13/2016)
All of the emails between Clinton and Pagliano many never be found, since the FBI could only recover about half of Clinton’s deleted emails, and the file containing all of Pagliano’s emails from his time working at the State Department was mysteriously lost.
On October 26, 2012, Bryan Pagliano sends Clinton an email with the subject line: “Happy Birthday!” His message is, “Happy Birthday Madam Secretary. To many more! Bryan.”
However, rather than directly replying, on November 14, 2012, Clinton forwards the email to her aide Robert Russo with the comment, “Pls [please] respond.”
She forwards dozens of other birthday emails to Russo on the same day, as she apparently has been too busy to reply to each one herself. Curiously, Clinton’s forward of Pagliano’s email (and not his original email) appears to be the only email to or from Pagliano or mentioning his name in the over 30,000 Clinton emails that will later be publicly released, even though he’s a State Department employee and is managing Clinton’s private server during her four years as secretary of state. (US Department of State, 11/30/2015)
In December 2015, it will be reported that a State Department file containing Pagliano’s emails from Clinton’s time as secretary of state is missing. (Politico, 12/11/2015)
Also in December 2015, Senator Chuck Grassley (R), the chair of the Senate Judiciary Committee, will say that his request to the State Department for emails between Pagliano and Clinton is his “highest-priority request.” (Business Insider, 3/3/2016)
Clinton’s private email server in Chappaqua, New York, stops working for days after New York is hit by Hurricane Sandy. Bryan Pagliano is still the lead specialist for the server and is tasked to fix it. The email system is not always reliable, and Pagliano is always the one on call to fix problems as they come up. (The Washington Post, 8/4/2015) However, no emails between Pagliano and Clinton will be included in Clinton’s over 30,000 publicly released work emails, except for one where he wishes her a happy birthday. (US Department of State, 11/30/2015)
Starting around October 28, 2012, Hurricane Sandy disrupts power in the New York City area for a few days, including the Chappaqua, New York, area where Clinton’s private email server is located. On October 30, an email exchange between Clinton’s deputy chief of staff Huma Abedin and another Clinton aide discusses that Clinton’s private server is down. Abedin’s main email account is hosted on the server.
Clinton’s computer technician Bryan Pagliano meets with staff from the department’s Information Resources Management (IRM) to find out if the department could provide support for Clinton’s server. Staffers tell Pagliano they can’t help because it is a private server.
This appears to be a very rare instance in which the existence of the server is mentioned to other department employees. (US Department of State, 5/25/2016)
Tania Neild runs a company called InfoGrate that connects very wealthy people with companies who oversee their personal technologies, such as emails, and her company is based only about twenty miles from Clinton’s New York house. (Politico, 11/10/2015) (The Washington Post, 9/5/2015)
An FBI report will later state that “due to user limitations and reliability concerns regarding the [existing] server, staff for [Hillary] Clinton and President [Bill] Clinton discussed future email server options, and a search was initiated to find a vendor to manage a Clinton email server. Additionally, [Clinton’s computer technician Bryan] Pagliano’s expressed desire to seek new employment contributed to the decision to move to a new server.”
Clinton will also be interviewed, and she will recall “that the transition to [a new company] was initiated by President Clinton’s aides seeking a higher level of service than could be provided by the [existing] server.”
Around January 2, 2013, Neild is introduced to Clinton’s chief of staff Cheryl Mills through an unnamed mutual business associate. Neild will later tell the FBI that she worked with Mills and Pagliano to produce a proposal to solicit responses from multiple companies. (Federal Bureau of Investigation, 9/2/2016)
January 2013, Platte River Networks, a small company based in Colorado, is told by Neild they are in he running for a new contract. In mid-February, they find out they are a finalist for the contract, and that they might be working for Clinton. They will be hired by Clinton to manage her private server on May 31, 2013. (Politico, 11/10/2015) (The Washington Post, 9/5/2015)
Pagliano will later tell the FBI who made the final decision to pick Platte River. But this person’s name will be redacted, and only identified as someone working for President Clinton. (Federal Bureau of Investigation, 9/2/2016)
In retrospect, the choice of Platte River will seem to be an odd one. Cybersecurity expert Alex McGeorge will later comment, “My big issue here is do you want a small firm with little/no government experience or contracting (according to what’s being reported) and no stated security expertise to be in charge of the email system for our secretary of state? That is fundamentally ridiculous.” (Business Insider, 8/17/2015)
This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.
The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)
Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”
Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.
But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)
When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)
And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)
Like many other Clinton aides, Pagliano leaves the department the same month Clinton ends her term as secretary of state. Pagliano was secretly being paid for managing Clinton’s private server since May 2009. He remains a State Department contractor doing work on “mobile and remote computing functions.” (The Washington Post, 9/5/2015)
Pagliano also starts working for Gartner, a global IT [information technology] company, though it’s unclear how much he works for Gartner and how much for the State Department.
He will lose his State Department contractor status some time after September 2015, when he pleads the Fifth Amendment before a Congressional committee. (The Daily Caller, 3/3/2016)
At the end of Clinton’s tenure of secretary of state in February 2013, her private server is still being managed by Bryan Pagliano and Justin Cooper, with Pagliano doing most of the technical work and Cooper doing most of the customer service work. The management of the server will be taken over by the Platte River Networks (PRN) computer company in June 2013. It seems possible that the server is not as actively managed in the months in between.
In September 2016, Cooper will be questioned by a Congressional committee. Representative Jason Chaffetz (R) will ask him, “[Y]ou stepped back from the day-to-day activities with the Clintons about the time of the transition, is that correct? As she left office?”
He will reply, ‘Yes.”
When asked about his knowledge of what happened to server security after the hacker known as Guccifer broke into the email account of a Clinton confidant and publicly exposed Clinton’s email address on the server in March 2013, Cooper will reply, “At that point in time I was transitioning out of any role or responsibility with the server as various teams were selecting Platte River Networks to take over the email services and I don’t know that I had any sort of direct response.”
Additionally, when Cooper will be asked about his contact with PRN, he will say, “My interaction was handing over user names and passwords and that was the totality of the interaction I’ve had. I’ve never had interaction with them.” (US Congress, 9/13/2016)
It is not known if Pagliano similarly cuts down his involvement with managing the server during this time, since he has refused to publicly comment about his experiences. The FBI has mentioned nothing about the management of Pagliano or Cooper during this time period. (Federal Bureau of Investigation, 9/2/2016)
On March 14, 2013, the Romanian hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal and made Clinton’s private email address public. Cheryl Mills was Clinton’s chief of staff until January 2013, when both she and Clinton left the State Department. But Mills continues to assist Clinton, and in August 2016 she will mention in written answers to a Freedom of Information Act (FOIA) lawsuit that she was concerned at this time how the Guccifer hack could impact the running of Clinton’s private email server.
She says she discussed the issue with Bryan Pagliano, Clinton’s computer technician “in or around March 2013, when the email account of Sidney Blumenthal was compromised by a hacker known as Guccifer. As I recall, these discussions involved whether this event might affect Secretary Clinton’s email.”
Clinton changed her email address several days after the Guccifer hack was discovered. However, the server continued to operate and her new email address was also hosted on the same server. It is still unknown whether Pagliano or anyone else took any other security steps in response to the hack. (Politico, 8/10/2016)
After Platte River Networks (PRN) is selected to manage Clinton’s private email server on May 31, 2013, the company decides to immediately relocate the server and then also replace it with a better one.
PRN assigns two employees to manage the new server (which will be the third server used by Clinton). The FBI will later redact the names of these two employees, but it is known that one of them works remotely from his home in some unnamed town and will handle the day-to-day administration of the server, and the other one works at PRN’s headquarters in Denver, Colorado, and handles all hardware installation and any required physical maintenance of the server. Media reports will later name the two employees as Paul Combetta, who works from Rhode Island, and Bill Thornton.
The employee at PRN’s headquarters (who logically would be Thorton) works with Clinton’s computer technician Bryan Pagliano to help with the transition. Around June 4, 2013, this person is granted administrator access to the server, as well as any accompanying services.
On June 23, 2013, this person travels to Clinton’s house in Chappaqua, New York, shuts down the server, and transports it to a data center in Secaucus, New Jersey, run by Equinix, Inc. This older server will stay at the Equinix facility until it is given to the FBI on October 3, 2015.
The PRN headquarters employee (still likely to be Thornton) turns the old server back on in the Equinix data center so users can continue to access their email accounts. Then he spends a few days there setting up a new server. When he leaves, all the physical equipment for the new server is successfully installed except for an intrusion detection device, which Equinix installs later, once it gets shipped.
Meanwhile, the PRN employee who works remotely (Combetta) does his remote work to get the new server online. Around June 30, 2013, this employee begins to transfer all the email accounts from the old server to the new one. After several days, all email accounts hosted on the presidentclinton.com, wjcoffice.com, and clintonemail.com domains are transferred. However, PRN keeps the old server online at the Equinix data center along with the new server to ensure email continues to be delivered. But the old server no longer hosts email services for the Clintons.
According to an FBI report made public in September 2016, “The new Clinton email server hosted email for [Hillary] Clinton, President Clinton, [redacted], and their respective staffs.”
This same FBI report will explain that the new server consists of the following equipment: “a Dell PowerEdge R620 server hosting four virtual machines, including four separate virtual machines for Microsoft Exchange email hosting, a BES for the management of BlackBerry devices, a domain controller to authenticate password requests, and an administrative server to manage the other three virtual machines, a Datto SfRlS 2000 to store onsite and remote backups of the server system, a CloudJacket device for intrusion prevention, two Dell switches, and two Fortinet Fortigate 80C firewalls.” (Federal Bureau of Investigation, 9/2/2016)
The FBI report will not make entirely clear what happens to the data on the old server. But a September 2015 Washington Post article will assert that after PRN moved all the data onto a new server, everything on the original server was deleted until it is “blank.” However, it was not wiped, which means having the old files overwritten several times with new data until they can never be recovered. (The Washington Post, 9/12/2015)
Longtime Clinton advisor Neera Tanden emails Clinton campaign chair John Podesta. The subject heading is “Re: This Bryan Pagliano situation.” Most of their email exchange appears to be about other matters, but Tanden makes the comment, “Bryan was the one who retrieved all our emails for Maura to read. Maybe that is why he’s avoiding testifying.” (WikiLeaks, 11/3/2016)
This email comes one day after it is first reported that Pagliano is going to plead the Fifth before a Congressional committee that wants to question him about his role managing Clinton’s private email server when she was secretary of state. (The New York Times, 9/5/2015)
It is not clear who “Maura” is. However, the only Maura in Clinton’s inner circle at the time is Maura Pally. She was deputy counsel on Clinton’s 2008 presidential campaign. In 2013, she began working for the Clinton Foundation. She was the interim CEO of the foundation from January until April 2015, and she has been vice president of programs at the foundation since then. (Politico, 5/30/2013) (Politico, 4/27/2015)
The FBI’s summary of Pagliano’s December 2015 interview will make no mention of anything like this. (Federal Bureau of Investigation, 9/23/2016)
Perhaps that is because the email will not be publicly known until it is released by WikiLeaks in November 2016.
On September 2, 2015, it was reported that Clinton’s computer technician Bryan Pagliano would take the Fifth and refuse questions from a House committee. On September 5, 2015, Clinton says in response, “I would very much urge anybody who is asked to cooperate to do so.” (The New York Times, 9/5/2015)
But in November 2015, it will be reported that two computer companies involved with Clinton’s private server, Platte River Networks and Datto, Inc., are refusing to cooperate with Congressional investigators. Furthermore, the Clinton campaign will fail to comment on whether Clinton’s lawyers have encouraged these two companies to cooperate. (Politico, 11/13/2015)
Clinton’s former private server manager Bryan Pagliano invokes his Fifth Amendment rights and refuses to speak in a private meeting before the House Benghazi Committee. (The Wall Street Journal, 9/30/2015) His unwillingness to cooperate was first reported on September 2, 2015. (The New York Times, 9/2/2015)
Pagliano begins secretly cooperating with the FBI investigation of Clinton’s emails in the fall of 2015, though it’s not clear if it is before or after this meeting. He describes how he set up the private server in Clinton’s house and gives the FBI the server’s security logs. (The New York Times, 3/3/2016)
The State Department has told Senate investigators that it cannot find the emails of Bryan Pagliano, the Clinton aide who managed her private server. Department officials found a “.pst file” which contains back-up copies of Pagliano’s emails from the time period after Clinton was secretary of state, but his .pst file for Clinton’s time as secretary of state is missing. But it is also revealed that the FBI has taken possession of Pagliano’s government computer, and it is hoped that some of all of the emails will be found there. Senate investigators want the email to help determine if Pagliano should be offered immunity in return for testimony. (Politico, 12/11/2015)
However, it will later emerge that Pagliano was given immunity by the FBI some months earlier. (The New York Times, 3/3/2016)
When Bryan Pagliano, who managed Clinton’s private server, is interviewed by the FBI on this day, he will mentioned that he recalled finding “a virus” on her server at some point. But according to the FBI, he “could provide no additional details, other than it was nothing of great concern. FBI examination of the [server] and available server backups did not reveal any indications of malware.” (Federal Bureau of Investigation, 9/2/2016)
Clinton’s former computer technician Bryan Pagliano makes a “derivative use” immunity deal with the Justice Department by this time, though it’s not clear exactly when this happens. Then he gives testimony to the FBI and the Justice Department as part of the FBI’s Clinton investigation. Apparently he speaks to investigators at least twice, though it is not known when the second interview takes place. “Derivative use” immunity wouldn’t prevent investigators from prosecuting Pagliano, but limits them from using any evidence derived from his testimony against him.
According to Politico, recently discovered emails show that three of Clinton’s former staffers used accounts from a domain linked to Clinton’s 2008 presidential campaign. Clinton’s chief of staff, Cheryl Mills, used the account firstname.lastname@example.org in an April 5, 2009 email. Clinton’s deputy chief of staff, Huma Abedin, used the account email@example.com in a February 22, 2012 email. And Clinton’s computer technician, Bryan Pagliano, used the account firstname.lastname@example.org in a March 21, 2010 email. These accounts apparently are in addition to other work and personal emails used by all three people.
These discoveries lead the conservative government watchdog group Cause of Action to write a letter to Judiciary chair Charles Grassley (R) and Oversight chair Jason Chaffetz (R), asking them to look into whether Mills, Abedin, and Pagliano have turned over all their work emails from the domain, and whether other Clinton aides also had hillaryclinton.com accounts that were used for work. The group also wants to know why the domain was kept active long after Clinton’s 2008 presidential campaign was over, and who was paying for it. Furthermore, the group questions if the use of such email accounts could violate the Hatch Act, which bars campaign activities from crossing into official government duties. (Politico, 2/16/2016) (US Department of State, 7/31/2015) (US Department of State, 5/13/2015) (US Department of State, 1/15/2016)
US District Court Judge Emmet Sullivan rules that Clinton aides Huma Abedin, Bryan Pagliano, Cheryl Mills, Patrick Kennedy, and others would likely be questioned about Clinton’s use of her private email server. There is no immediate plan to question Clinton herself, but that could change. Sullivan’s ruling is in response to Judicial Watch, which has been seeking to determine if Clinton’s server thwarted federal open records laws. Sullivan comments that months of news about the email scandal has created “at least a reasonable suspicion” that public access to government records has been undermined.
Sullivan was appointed by President Bill Clinton in 1994. The judge gives Judicial Watch and government lawyers until April 12, 2016 to create a plan to proceed. The Washington Post notes this creates “the prospect that key Clinton aides would face questions just as she tries to secure the Democratic nomination and pivot to a hotly contested November general election.” (The Washington Post, 2/23/2016)
It is reported that Bryan Pagliano, a former Clinton staffer who helped set up her private email server, has accepted an immunity deal from the FBI and the Justice Department.
In September 2015, Pagliano invoked his Fifth Amendment rights and refused to speak to the House Benghazi Committee. He managed the server from 2008 until mid-2013. He actually started secretly cooperating with investigators in late 2015. The Clinton campaign claims they are “pleased” Pagliano is finally cooperating with prosecutors. (The Washington Post, 3/2/2016)
The next day, Congressional Republicans say they want to interview Pagliano, since the deal means his Fifth Amendment pledge is no longer applicable. They also want to see the exact terms of the deal. (The Associated Press, 3/3/2016)
The logs were given to the FBI by Bryan Pagliano, a Clinton aide who is cooperating with the FBI and who managed Clinton’s server during the time she was secretary of state. However, sophisticated hacking attempts sometimes leave no evidence in the security logs. (The New York Times, 3/3/2016)
Additionally, cybersecurity expert Morgan Wright will later suggest the server may not have had an adequate detection system. “If you have a bank and you have one video camera when you need 20, then you missed it. If they weren’t capturing all the activity, their security logs may say they didn’t see anything.” (Fox News, 5/7/2016)
In May 2016, it will emerge that there were hacking attempts on the server during the time Pagliano was managing it, for instance in January 2011. It’s not clear why these attacks didn’t appear on the server logs or why previous media reports of the logs were incorrect. (US Department of State, 5/25/2016)
Also, it appears there were hacking attempts on the server after June 2013, when Pagliano was no longer involved, but when all of Clinton’s emails were still on the server. (The Associated Press, 10/7/2015)
CNN’s legal analyst Danny Cevallos suggests the news that the FBI has granted immunity to Clinton’s computer technician Bryan Pagliano could mean a grand jury has been convened in the FBI’s Clinton investigation. “The smart bet is yes. After all, the fact that there are immunity agreements logically means there’s a grand jury investigation in some district. The grand jury is typically the genesis of the government’s subpoena power. The next, bigger question, is whether anyone will be indicted. The mere fact that the [Department of Justice] wants to talk to Pagliano does not mean anyone will be indicted. But if [they are] investigating criminal activity, they tend to find criminal activity.”
Cevallos points out that the federal conviction rate is well above 90%. He also suggests that Pagliano may not be out of legal danger, depending on what kind of immunity he was given. (CNN, 3/5/2016)
Other legal observers have conflicting opinions on the significance of the deal. Criminal defense lawyer Jacob Frenkel says it “raises exponentially the stakes in the investigation. […] This is a significant piece in providing clarity to an otherwise complicated jigsaw puzzle, [but] we do not know exactly where Mr. Pagliano’s finger or fingers will point.” Also, there has been no official sign that a grand jury has been convened. (The Washington Post, 3/3/2016)
When asked if she believes the deal Bryan Pagliano is good news for her, she replied, “Yeah, I do. Absolutely.”
However, the Washington Post calls the deal “a development that some legal analysts interpreted as an ominous sign for [her].”
Some Democratic politicians have privately expressed concern that it suggests someone is going to get indicted. However, Clinton insists “there is no basis for that,” and she maintains the investigation is a mere “security review.” (The Washington Post, 3/6/2016)
The Republican National Committee (RNC) files two Freedom of Information Act (FOIA) lawsuits seeking more emails from Clinton and her top aides.
The first lawsuit seeks all emails the State Department has that are to and from Clinton, as well as Clinton’s top aides Cheryl Mills, Jake Sullivan, Patrick Kennedy, and Bryan Pagliano. (Huma Abedin isn’t included because she’s covered in another FOIA lawsuit.) The lawsuit is also seeking all of Clinton’s text messages as well as BlackBerry Messenger communications.
The second lawsuit seeks emails between senior State Department officials and Clinton’s 2016 Democratic presidential campaign and its allied entities. The RNC asked the State Department for the emails in October 2015 but hadn’t gotten any yet. RNC chair Reince Priebus says, “The Obama administration has failed to comply with records requests in a timely manner as required by law.” (The Hill, 3/9/2016)
Although Clinton says she has already turned over all her work-related emails, some more will be found by the State Department due to another limited FOIA lawsuit later in March, suggesting more could be uncovered by the department. (The Hill, 3/24/2016) (ABC News, 3/9/2016)
Bryan Pagliano struck an immunity deal with the Justice Department in late 2015. According to an unnamed intelligence source, “Pagliano is a devastating witness and, as the webmaster, knows exactly who had access to [Clinton’s] computer and devices at specific times. His importance to this case cannot be over-emphasized.”
This source says Pagliano’s testimony is being used with other evidence to prove there are gaps in the over 30,000 work-related emails Clinton turned over to investigators. “Don’t forget all those photos with [Clinton] using various devices and it is easy to track the whereabouts of her phone. It still boils down to a paper case. Did you email at this time from your home or elsewhere using this device? And here is a picture of you and your aides holding the devices.”
The investigation is also said to be pursuing other leads, such as emails retroactively classified “top secret” that were sent by Clinton. (Fox News, 3/11/2016)
The Senate Judiciary and Homeland Security committees want Clinton’s former computer technician Bryan Pagliano to testify before their committees, especially since it has been reported that he has made an immunity deal with the Justice Department. However, Pagliano’s lawyer sends the committee chairs a letter on this day saying that Pagliano will “respectfully decline” their invitation.
Pagliano pleaded his Fifth Amendment rights when he was asked to speak before the committees in late 2015. The letter says that he still has “not waived his rights under the Fifth Amendment as a matter of fact or law,” regardless of the immunity deal. (The Associated Press, 4/22/2016)
State Department lawyers strike a deal with Judicial Watch over how depositions from three Clinton aides will work. Cheryl Mills, Huma Abedin, and Bryan Pagliano will be deposed, and their depositions can be videotaped and made public.
However, questions to them will be limited to how Clinton’s private server was created and operated, as well as how the State Department processed Freedom of Information Act (FOIA) requests that potentially involved emails from Clinton and/or Abedin. Furthermore, Judicial Watch agrees not to depose Diplomatic Security official Donald Reid. The deposition of three more State Department officials, Patrick Kennedy, Lewis Lukens, and Stephen Mull, remain unresolved. (Politico, 4/16/2016)
US District Court Judge Emmet Sullivan says the depositions are necessary in order to determine if the department conducted an adequate search regarding Judicial Watch’s 2013 Freedom of Information Act (FOIA) request regarding the employment of Clinton aide Huma Abedin, since she had three outside jobs at one point.
Deposition questions are to be limited to the set-up and management of Clinton’s private server, since the department failed to reveal Clinton’s emails on the server in response to the FOIA request. The former aides due to be deposed in the next two months are:
- Huma Abedin
- Cheryl Mills
- Bryan Pagliano
- Patrick Kennedy
- Stephen Mull
- Lewis Lukens
- plus, someone to be decided by the State Department.
- Page 1 of 2