On May 31, 2013, maintenance of the server was taken over by a small Colorado-based company called Platte River Networks (PRN), and the server is sent to a data center in New Jersey. PRN then pays to use threat monitoring software called CloudJacket SMB made by a company named SECNAP. SECNAP claims the software can foil “even the most determined hackers.”
Around June 30, 2013, PRN transfers all the email accounts from the old server to the new one. However, the new software doesn’t begin working until October 2013, apparently leaving the server vulnerable. It is known that the server is repeatedly attacked by hackers in the months from October 2013 on, but it is unknown if any attacks occur when the software is not yet installed. (The Associated Press, 10/7/2015)
An FBI report will later obliquely confirm this by mentioning that when the new server is set up in June 2013, all the hardware is built up at the time, except for an “intrusion detection device” which has to be added later after it gets shipped to the server location. (Federal Bureau of Investigation, 9/2/2016)
Justin Harvey, chief security officer of a cybersecurity company, will later comment that Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department. […] She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state. Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.” (The Associated Press, 10/7/2015)
In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media, which would have left the server especially vulnerable in the months after.