May 3, 2000: Secretary of State Madeline Albright chastises all State Department employees for being careless about security.

000503MadeleineAlbrightPolitico

Secretary of State Madeline Albright (Credit: Politico)

Albright gives a speech in front of 800 State Department officials in Washington, DC, that is also broadcast to other department officials in other states and countries. She says, ”I don’t care how skilled you are as a diplomat, how brilliant you may be at meetings, or how creative you are as an administrator, if you are not professional about security, you are a failure.” Her speech comes after some recently reported security breaches in her department, including the disappearance of a laptop containing classified information. She adds, “You may have seen reports indicating that I am furious about these incidents. Well, I am, and I hope you are, too.”

According to the New York Times, US diplomats privately acknowledge that they are sometimes cavalier about security. One unnamed longtime department official says, ”Nobody cares about security within the department.” (The New York Times, 5/4/2000)

January 19–20, 2001: John Deutch pleads guilty to mishandling government secrets, then Bill Clinton pardons him.

CIA Director John Deutch (Credit: public domain

CIA Director John Deutch (Credit: public domain

Deutch was CIA director from May 1995 to December 1996. Shortly after he retired from the job, it was discovered that he stored and processed hundreds of highly classified government files on unprotected home computers that he and his family also used to connect to the Internet. An investigation began which dragged on for years. He was stripped of his CIA security clearance in 1999.

On January 19, 2001, Deutch agrees to plead guilty to a misdemeanor for mishandling government secrets as part of a plea bargain with the Justice Department. However, just one day later, President Bill Clinton officially pardons him. This is Clinton’s last day as president. (The Associated Press, 1/24/2001)

2006 or Earlier: Justin Cooper provides computer help to Clinton and her aides well before Clinton becomes secretary of state.

In September 2015, Clinton’s future deputy chief of staff Huma Abedin will be interviewed under oath by the House Benghazi Committee. She will reveal that when she had an email or other computer problem while working on Clinton’s 2008 presidential campaign, or even earlier working as an aide when Clinton was a senator, Abedin would turn to Justin Cooper for help. “I usually called Justin. He was our go-to guy. He always was, you know, ‘I’m having a problem, can you help me fix it,’ and he always did…” She would also call on Cooper whenever Clinton was having an email problem.

Cooper will also be the person who suggests she get a clintonemail.com email account on Clinton’s private server shortly before Clinton becomes secretary of state, and then sets it up for her. This suggests his involvement managing Clinton’s private server starts early. Cooper is a longtime aide to Bill Clinton, but he apparently never has a government job or security clearance. (House Benghazi Committee, 10/21/2015)

Around June 2008: Clinton’s first private email server is set up in her house.

080601ApplePowerMcIntoshG4

The Apple Power Macintosh G4 Server (Credit: public domain)

According to the FBI, around 2007, Justin Cooper purchased an Apple OS X server. Cooper is a personal aide to former President Bill Clinton at the time. On February 1, 2008, the domain names clintonemail.com, wjcoffice.com, and presidentclinton.com were registered, but apparently the server that uses them won’t be operational until a few months later. The server is physically located in a house in Chappaqua, New York, where Bill and Hillary Clinton live.

The server consists of an Apple Power Macintosh G4 or G5 tower and an HP printer. According to Cooper, around June 2008, an Apple employee installs the server in the basement of the Chappaqua house. Cooper is the only person with administrative access to the server. However, the Clinton family and their house staff have physical access to it.

Hillary Clinton uses her att.blackberry.net email account as her primary email address until around mid-to-late January 2009 when she will switch to a newly created hdr22@clintonemail.com account hosted on this server. (Federal Bureau of Investigation, 9/2/2016)

August 2008: State Department rules prohibit the way some sensitive information will later be used on Clinton’s private server.

According to the State Department’s Foreign Affairs Manual (FAM), department employees are allowed to send most Sensitive But Unclassified (SBU) information unencrypted over the Internet only when necessary.

In August 2008, the FAM is amended to further toughen the rules on sending SBU information on non-department-owned systems at non-departmental facilities – such as Clinton’s later use of a private email server. Employees have to:

  • ensure that SBU information is encrypted
  • destroy SBU information on their personally owned and managed computers and removable media when the files are no longer required
  • implement encryption certified by the National Institute of Science and Technology (NIST)

The FBI will later determine that SBU information was frequently and knowingly sent to and from Clinton’s private server, but none of these steps were taken. (Federal Bureau of Investigation, 9/2/2016)

Mid-August 2008: The Chinese government apparently hacks into the 2008 presidential campaigns of Barack Obama and John McCain.

Admiral Dennis Blair (Credit: Sasakawa Peace Foundation USA)

Admiral Dennis Blair (Credit: Sasakawa Peace Foundation USA)

Hacking teams traced back to China are caught breaking into the computers of the Obama and McCain campaigns, resulting in high-level warnings to Chinese officials to stop. The computers, laptops, and mobile devices of top campaign aides and advisers who receive high-level briefings are particularly targeted. “Spear phishing” is used to get targets to open an attachment containing a virus that would allow data to be stolen from their computer.

Obama campaign manager David Plouffe will later say he got a call in the middle of August 2008 alerting him to the attack and that the FBI was investigating. However, the virus is extremely sophisticated, and it takes months for it to be completely removed from the networks of the two campaigns.

In a May 2009 speech, President Obama will make a general mention of the attacks: “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans.” However, the involvement of China’s government won’t be publicly revealed until June 2013.

Dennis Blair, director of national intelligence from 2009 to 2010, will comment that year, “Based on everything I know, this was a case of political cyberespionage by the Chinese government against the two American political parties. They were looking for positions on China, surprises that might be rolled out by campaigns against China.” (NBC News, 6/6/2013)

Shortly Before January 13, 2009: Huma Abedin allegedly wants Clinton’s email account on a private server and not on a server that is managed by someone else, so that is what is arranged.

In a September 2016 Congressional hearing, Justin Cooper will reveal some information about how Clinton’s use of a private email account on her private server begins. He will state: “Secretary Clinton was transitioning from her presidential campaign and Senate role and had been using primarily a BlackBerry for email correspondence. There were limitations to her ability to use that BlackBerry as well as desire to change her email address because a number of people have received her email address over the course of those activities. So we created with a discussion, I believe, with [Clinton aide] Huma Abedin at the time [about] what domains might be of interest. We obtained a domain and we added it to the original server used by President Clinton’s office for [Hillary Clinton] to use with her BlackBerry at the time…”

Note that Cooper registers three domain names on January 13, 2009, so this discussion must have occurred before then.

Representative Mark Meadows (Credit: public domain)

Representative Mark Meadows (Credit: public domain)

Representative Mark Meadows (R) will ask Cooper in the hearing: “So, your testimony here today is that Huma Abedin said that she would prefer to have Ms. Clinton’s email on a private server versus a server that was actually managed by someone else? That’s your testimony?”

Cooper will reply, “My testimony is that that was communicated to me.”

He will also clarify that when it came to talking to Abedin, “I don’t recall conversations with her about the setting up of the server.” But he also will say, “At some point I had a conversation with her about the setting up of an email account for Secretary Clinton on the server.” (US Congress, 9/13/2016)

However, in Abedin’s April 2016 FBI interview, she will say nothing like this. In fact, she will deny even knowing the server existed until it was mentioned in the media, despite her having an email account hosted on the server for the entire duration of Clinton’s tenure as secretary of state and at least three email exchanges that show her discussing the server during that time. (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Most State Department officials claim they don’t know Clinton has a private email address or uses a private server.

A sample email of the "H" as it appears in an email sent by Clinton. (Credit: public domain)

A sample address with the “H” as it appears in an email sent by Clinton. (Credit: public domain)

A September 2016 FBI report will indicate that “some Clinton aides and senior-level State [Department] employees were aware Clinton used a personal email address for State business during her tenure [as secretary of state]. Clinton told the FBI it was common knowledge at State that she had a private email address because it was displayed to anyone with whom she exchanged emails. However, some State employees interviewed by the FBI explained that emails from Clinton only contained the letter ‘H’ in the sender field and did not display her email address.”

The report also notes, “The majority of the State employees interviewed by the FBI who were in email contact with Clinton indicated they had no knowledge of the private server in her Chappaqua residence.”

Even Clinton’s closest aides like her chief of staff Cheryl Mills and deputy chief of staff Huma Abedin will claim they didn’t know, though there is evidence that suggests otherwise (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Hundreds of Clinton’s emails are printed out by a Bill Clinton staffer; he may have a relevant security clearance.

Clinton presents a letter of congratulations and signed photo to Chief Culinary Specialist Oscar Flores during his retirement ceremony aboard the USS Makin Island on April 1, 2010. (Credit: Chief Mass Communication Specialist John Lill / US Navy)

Clinton presents a letter of congratulations and signed photo to Chief Culinary Specialist Oscar Flores during his retirement ceremony aboard the USS Makin Island on April 1, 2010. (Credit: Chief Mass Communication Specialist John Lill / US Navy)

A September 2016 FBI report will mention that the FBI determined “hundreds of emails” were sent by Clinton’s deputy chief of staff Huma Abedin and other State Department staffers to a member of Bill Clinton’s staff so he could print them out for Clinton. His name will be redacted, but he is almost certainly Oscar Flores, because the report will mention that he is a member of the US Navy Reserves, which Flores is at the time.

Some of these emails will later be determined to contain information classified at the “confidential” level, including six email chains forwarded by Abedin and one email chain forwarded by Clinton.

But the FBI will determine that Flores received a security clearance at the “secret” level on October 25, 2007 from the Defense Department. Furthermore, although Flores retires from the US Navy Reserves in September 2010, there is no indication his security clearance is deactivated at that time. (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Hundreds of classified emails are sent or received by Clinton while she is outside the US, including some to or from President Obama.

Clinton boards the State Department jet with her BlackBerry, destination unknown. (Credit: Andrew Harnik / The Associated Press)

Clinton boards the State Department jet while using her BlackBerry, date and location are unknown. (Credit: Andrew Harnik / The Associated Press)

This is according to a September 2016 FBI report. The report indicates that Clinton and her immediate staff were repeatedly “notified of foreign travel risks and were warned that digital threats began immediately upon landing in a foreign country, since connection of a mobile device to a local network provides opportunities for foreign adversaries to intercept voice and email transmissions.”

Additionally, the State Department has a Mobile Communications Team responsible for establishing secure mobile voice and data communications for Clinton and her team wherever they travel. But even so, Clinton and her staff frequently use their private and unsecure mobile devices and private email accounts while overseas.

The number of Clinton emails sent or received outside the US will be redacted in the FBI report. Although it will mention that “hundreds” were classified at the “confidential” level, additional details are redacted. Nearly all mentions of “top secret” emails are redacted in the report, so it’s impossible to know if any of those are sent while Clinton is overseas.

The report will mention that some emails between Clinton and President Obama are sent while Clinton is overseas. However, the exact number will be redacted. None of these overseas emails between them will be deemed to contain classified information. According to the report, “Clinton told the FBI that she received no particular guidance as to how she should use President Obama’s email address…”

The details of the FBI’s report on Clinton’s July 2016 FBI interview will indicate that Clinton emailed Obama on July 1, 2012 from Russia. However, it is not clear if she sent the email from on the ground or on a plane. (Federal Bureau of Investigation, 9/2/2016)

March 2009: Clinton’s personal email server is replaced; she will use the new one for the rest of her term as secretary of state.

Justin Cooper, an aide to former President Bill Clinton, has been working with Bryan Pagliano, who worked as a computer technician on Hillary Clinton’s 2008 presidential campaign, to build a new private server located in the Clintons’ Chappaqua, New York, house. Some time in March 2009, Pagliano and Cooper met at the Chappaqua house to physically install the server and related equipment in a server rack in the basement.

Once the new server is up and running, Pagliano migrates the email data from the old server to the new one. Pagliano will later be interviewed by the FBI, and he will claim that after the migration, no email content should have remained on the old server. He will tell the FBI that he only transferred clintonemail.com email accounts for Clinton aide Huma Abedin and others (whose names will later be redacted), and he was unaware of and did not transfer an email account for Hillary Clinton.

However, Clinton emails using a clintonemail.com domain address start getting sent in January 2009, showing she must had had an account on the old server since that time. Cooper will also later be interviewed by the FBI, and he will say he believed Clinton had a clintonemail.com email account on the old server and Abedin did not. The FBI will be unable to obtain the old server to analyze it, so the dispute has not been fully resolved.

130601DellPowerEdge2900public

The Dell Power Edge 2900 (Credit: public domain)

This new server will be used for the rest of Clinton’s term as secretary of state, then will be replaced in 2013. Later in March 2009, the old server is repurposed to serve as a personal computer for household staff at Clinton’s Chappaqua house. (Federal Bureau of Investigation, 9/2/2016)

The Washington Post will later report, “The server was nothing remarkable, the kind of system often used by small businesses, according to people familiar with its configuration at the end of her tenure. It consisted of two off-the-shelf server computers. Both were equipped with antivirus software. They were linked by cable to a local Internet service provider. A firewall was used as protection against hackers.” (The Washington Post, 3/27/2016)

According to the FBI, the new server initially consists of the following equipment: “a Dell PowerEdge 2900 server miming Microsoft Exchange for email hosting and management, a Dell PowerEdge 1950 server miming BlackBerry Enterprise Server (BES) for the management of BlackBerry devices, a Seagate external hard drive to store backups of the Dell PowerEdge 2900 server, a Dell switch, a Cisco firewall, and a power supply.” (Federal Bureau of Investigation, 9/2/2016)

In 2015, Hillary Clinton will say of her server, “It was sitting there in the basement. It was not any trouble at all.” (The Wall Street Journal, 9/27/2015)

Around Spring 2009: Pagliano is warned that classified information could be sent to Clinton’s private server, but there is no sign he takes action or passes this warning on.

When Clinton’s computer technician Bryan Pagliano is interviewed by the FBI in December 2015, he will recall a conversation with a person whose name is redacted that takes place at the beginning of Clinton’s tenure as secretary of state. According to the FBI, this person “advised he would not be surprised if classified information was being transmitted to Clinton’s personal server.”

Pagliano joins the State Department in May 2009, and he also is the main person to manage problems with the server. But there is no mention of him taking any action about this warning or passing it on to anyone else. The unnamed person also gives Pagliano advice on how to improve the server security that goes unheeded as well. (Federal Bureau of Investigation, 9/2/2016)

Around Spring 2009: Clinton’s computer technician is advised to make a key improvement to the security of Clinton’s private server, but the improvement is never made.

When Bryan Pagliano, the manager of Clinton’s private server while she Clinton’s is secretary of state, will be interviewed by the FBI in December 2015, he will recall a conversation that takes place around the beginning of Clinton’s tenure. This person, whose name is later redacted, recommends that email transiting from a state.gov account to Clinton’s private server should be sent through a Transport Layer Security (TLS) “tunnel.” Most of Clinton’s email traffic is with State Department officials using state.gov accounts.

A diagram of the Transport Layer Security (TLS) (Credit: public domain)

A diagram described as Networking 101: Transport Layer Security (TLS) (Credit: public domain)

A September 2016 FBI report will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way communication. TLS is the successor to SSL and is considered more secure.”

Pagliano is the main person to manage problems with the server, but he will tell the FBI that the transition to TLS never occurred. It is not clear why. The FBI will be unable to forensically determine if TLS was ever implemented on the server.

The same unnamed person who gives Pagliano this advice also tells him at the same time that he would not be surprised if classified information was being transmitted to Clinton’s personal server.  (Federal Bureau of Investigation, 9/2/2016)

2010: Clinton appears in a cybersecurity video for State Department personnel.

It will remain publicly unknown until the video is leaked to Fox News in October 2016.

A photo capture of Clinton as she appears in the 2010 cybersecurity video. (Credit: Fox News)

A photo capture of Clinton as she appears in the 2010 cybersecurity video. (Credit: Fox News)

In the video, Clinton says that employees have a “special duty” to recognize the importance of cybersecurity. “The real key to cybersecurity rests with you. Complying with department computing policies and being alert to potential threats will help protect all of us.”

According to a later account by Fox News, “Clinton goes on in the video to underscore the important work the State Department Bureau of Diplomatic Security and IT department were doing to guard against cyber-attacks. She warns hackers try to ‘exploit’ vulnerabilities and penetrate department systems. She then urges staffers to log onto the internal cybersecurity awareness website or subscribe to their ‘cybersecurity awareness newsletter.’”

Representative Jason Chaffetz (R), chair of the House Oversight and Government Reform Committee, will later find the video ironic, given Clinton’s own security issues with her private email server. He will say, “Hillary Clinton needs only to look into the mirror to find the biggest cybersecurity risk.”

Clinton spokesperson Brian Fallon will say, “This is not new. It has been widely reported that during Clinton’s tenure the State Department issued these kinds of warnings about possible cybersecurity to employees. These warnings were more than appropriate given that it was subsequently confirmed that State’s email was hacked.” (Fox News, 10/22/2016)

Around Mid-2010 and After: After contacting a Secret Service agent about frequent hacking attacks on Clinton’s server, the managers of the server apparently never contact anyone else from other government departments for help.

Justin Cooper (Credit: Alex Wong / Getty Images)

Justin Cooper (Credit: Alex Wong / Getty Images)

According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.

Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)

However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.

Representative Jody Hice (Credit: Twitter)

Representative Jody Hice (Credit: Twitter)

Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)

It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.

The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)

Around Mid-2010 to January 2013: “Brute force” hacking attempts on Clinton’s private server begin and steadily increase, but it is unknown if any are successful.

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly Roll Call)

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly)

Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”

The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)

Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”

Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”

After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)

Around Mid-2010: A Secret Service agent advises Pagliano to take a step to improve the security of Clinton’s private server, but the step is not taken.

After Bryan Pagliano sets up Clinton’s new private server in January 2009, he sets up Internet Protocol (IP) filtering on the firewall, once a firewall is established in late March 2009. Pagliano will later tell the FBI that he tried to review the firewall log files once a month.

The US Secret Service Badge (Credit: public domain)

The US Secret Service Badge (Credit: public domain)

At some point, Justin Cooper, a Bill Clinton aide who is helping Pagliano manage the server, puts Pagliano in contact with a US Secret Service agent. The timing of this is not clear. However, in a September 2016 Congresssional hearing, Cooper will say it happened after Clinton’s server started to get frequent “brute force” hacking attacks, and that begins around the middle of 2010.

This agent recommends that Pagliano should also perform outbound filtering of email traffic. According to a September 2016 FBI report, “Pagliano further considered, but ultimately did not implement, a Virtual Private Network (VPN) or two-factor authentication to better secure administrative access to the server system by him and Cooper.”

The FBI report will explain: “‘VPN’ is a private network that runs on top of a larger network to provide access to shared network resources, which may or may not include the physical hard drives of individual computers… VPN offers an additional layer of security by encrypting the data traveling to the private network before sending it over the Internet. Data is then decrypted when it reaches the private network. … ‘Two-factor authentication’ is a method of confirming a user’s claimed identity by utilizing a combination of two different components…” (Federal Bureau of Investigation, 9/2/2016) (US Congress, 9/13/2016)

November 28, 2010: WikiLeaks releases over 250,000 State Department cables, but Clinton does not change her unsecure communication methods.

Mark Penn (Credit: PR News)

Mark Penn (Credit: PR News)

WikiLeaks, working with several major media outlets, begins publicly releasing over 250,000 diplomatic cables between the State Department and US embassies around the world. The cables date from 1966 to February 2010. None of the cables are classified at a level higher than “confidential,” the lowest classification level.

Clinton responds with the public comment, “This disclosure is not just an attack on America’s foreign policy interests, it is an attack on the international community: the alliances and partnerships, the conversations and negotiations that safeguard global security and advance economic prosperity. […] It puts people’s lives in danger, threatens our national security, and undermines our efforts to work with other countries to solve shared problems.” (USA Today, 11/29/2010) (The New York Times, 11/28/2010) 

Mark Penn, Clinton’s chief strategist for her 2008 presidential campaign, sends Clinton an email in which he recommends, “I think you need to order a full scale review and upgrading of the cyber security of the State Department immediately.” (US Department of State, 9/30/2015) 

However, despite this being the largest breach of State Department classified information in history, Clinton doesn’t change her personal communication methods, and continues to use an unsecured BlackBerry and an unsecured private email server. It is unknown if the State Department changes its cybersecurity as a whole, and if so, how.

Late 2010 or Early 2011: Clinton’s computer technician is given a briefing; this shows some know Clinton has a private server.

Bryan Pagliano giving a speech in March 2011. (Credit: public domain)

Bryan Pagliano giving a speech in March 2011. (Credit: public domain)

According to later released emails, Bryan Pagliano receives an IT [information technology] security briefing in late 2010 or early 2011. It has to do with cybersecurity risks facing the State Department. A letter by Charles Grassley (R) which summarizes the emails says this briefing is “in connection with his work on the Secretary’s non-government server.” Pagliano continues to run Clinton’s private email server after he is hired by the State Department in May 2009, and at least initially, his bosses and co-workers don’t know about his second job with Clinton’s server. It’s not clear who else learns about it and when. (Reuters, 3/24/2016) (US Department of State, 5/25/2016)

2011: Clinton misses a cybersecurity presentation meant just for her.

Julia Frifield (Credit: The Department of State Archives)

Julia Frifield (Credit: The Department of State Archives)

State Department diplomatic security staff give a cybersecurity PowerPoint presentation meant for Clinton. However, she doesn’t attend it. According to a 2016 letter by Julia Frifield, the department’s assistant secretary for legislative affairs, “although the PowerPoint indicates the briefing was for former Secretary Clinton, we understand from the testimony of the briefers that she was not in attendance.” The PowerPoint presentation has not yet been declassified so it can be publicly released. (US Senate Judiciary Committee, 3/3/2016)

April and May 2011: Clinton and her top aides are warned again to minimize the use of personal emails for business due to hacker attacks.

In March 2011, State Department security officials warned Clinton and other senior officials that there was a “dramatic increase” in hacker attacks specifically targeting senior US officials. It concluded, “We urge department users to minimize the use of personal web email for business.”

This is followed by a cybersecurity briefing in April 2011 and then another one in May. Clinton’s immediate staff and other top officials attend the briefings, but it is not clear if Clinton herself does. However, after Clinton ends her term in 2013, a copy of a classified presentation used during one of the briefings will be found in her papers. It contains warnings similar to the March 2011 warning. (US Department of State, 5/25/2016)

June 2011—August 2012: A US ambassador is warned not to use private email for daily work matters, but Clinton’s identical behavior does not result in any warnings.

Scott Gration (Credit: New Republic)

Scott Gration (Credit: New Republic)

In June 2011, shortly after Scott Gration becomes the new US ambassador to Kenya, the State Department’s Bureau of Diplomatic Security (DS) learns that he has sent out a revised policy allowing himself and other personnel in his embassy to use private email addresses for the daily communication of official government business.

Gration’s new policy happens to take place the same month the department sends out a cable warning all embassies to “avoid conducting official department business from your personal email accounts” due to a surge in hacking attacks of the personal emails of government employees. DS warns Gration they will be sending an experienced computer security officer to Kenya to reestablish proper communications procedures. DS officials also email him that this visit will be “especially timely in the wake of recent headlines concerning a significant hacking effort directed against the private, web-based email accounts of dozens of senior [government] officials…”

However, Gration continues to use his private email for work matters. Then, on July 20, 2011, a DS cable quotes from the department’s Foreign Affairs Manual (FAM): “it is the department’s general policy that normal day-to-day operations be conducted on an authorized [system].” The cable then warns, “Given the threats that have emerged since 2005, especially in regard to phishing and spoofing of certain web-based email accounts, we cannot allow the proliferation of this practice beyond maintaining contact during emergencies,” and there is nothing in his situation that would warrant an exception.

But Gration ignores these warnings and continues to use his personal email account.

The department then initiates disciplinary proceedings against him for this and several other infractions, but he resigns in August 2012, just weeks before any disciplinary measures are due to be imposed.

However, even though Clinton uses only a private email account for all her emailed work matters, she is not warned or disciplined like Gration. Furthermore, Clinton doesn’t change her email habits after the measures taken against Gration’s email habits are reported internally and in the press.  (US Department of State, 5/25/2016) (US Department of State, 3/5/2015) (The New Republic, 6/20/2012)

June 2, 2011: Chinese hackers are targeting Gmail accounts of senior US officials, but top Clinton aides keep using Gmail account for work.

The Google Gmail logo (Credit: Google)

The Google Gmail logo (Credit: Google)

Google Inc. publicly announces that hackers based in China are targeting the email accounts of senior US officials and hundreds of other prominent people. The attacks are on users of Google’s Gmail email service. If successful, the hackers are able to read the emails of their targets. (The Wall Street Journal, 6/2/2011) 

Clinton’s chief of staff Cheryl Mills conducts government work through her Gmail account. Philippe Reines, Clinton’s senior advisor and press secretary, has a government account and a Gmail account, and uses both for work. However, there’s no evidence Mills or Reines stops using Gmail for work after this news report. (Judicial Watch, 9/14/2015) (Politico, 10/5/2015) 

Furthermore, two days later, Mills indicates in an email that there was an attempt to hack her email: “As someone who attempted to be hacked (yes I was one)…” (CBS News, 9/30/2015

Later in the month, the State Department will issue a warning to all employees not to use private emails for work, but apparently Mills and Reines still won’t stop using their Gmail accounts for work. (The Washington Post, 3/27/2016)

July 26, 2011: Clinton jokes about Chinese hackers but doesn’t take steps to combat the hacking.

Clinton types on her phone during a visit to Brasilia, Brazil, in April, 2012. (Credit: CNN)

Clinton types on her phone during a visit to Brasilia, Brazil, in April, 2012. (Credit: CNN)

In June 2011, Google Inc. publicly warned that hackers based in China were targeting the Gmail email accounts of senior US officials. (The Wall Street Journal, 6/2/2011) On this day, Clinton shows awareness of the problem through a joke.

Another State Department official sends Clinton an email, and some confusion results about the official’s two email accounts.

Clinton writes, “I just checked and I do have your state but not your Gmail – so how did that happen. Must be the Chinese!” (US Department of State, 9/3/2015)  

After that official says “You’ve always emailed me on my State email,” Clinton jokes again, “Weird since my address book only has your Gmail. Maybe the Chinese hacked it and focused on you!”  (US Department of State, 10/30/2015)

But despite this awareness,But despite this awareness, and a State Department warning not to use any private email addresses due to the problem that was sent out in Clinton’s name, Clinton apparently fails to make any changes to her own private email use and security set-up. (The Washington Post, 3/27/2016)

2012: Clinton’s private server is vulnerable to a hacker attack described in a government warning.

Marc Maiffret (Credit: Fox News Business)

Marc Maiffret (Credit: Fox News Business)

The Homeland Security Department’s Computer Emergency Readiness Team issues a warning about remote access attacks, that would allow hackers to take control of computers. The warning notes that “An attacker with a low skill-level would be able to exploit this vulnerability.”

In 2015, the Associated Press will report that Clinton’s private email server could have been vulnerable to a hostile takeover by this very type of attack. Clinton’s server appears to have lacked encrypted protections, and could accept commands from the computers over the Internet.

Marc Maiffret, who founded two cybersecurity companies, will later comment, “That’s total amateur hour. […] Real enterprise-class security, with teams dedicated to these things, would not do this.”

Another cybersecurity expert, Justin Harvey, will comment that Clinton’s server “violates the most basic network-perimeter security tenets: Don’t expose insecure services to the Internet.” (The Associated Press, 10/13/2015)

2012: Clinton’s private server is still run on software newly prohibited by the State Department.

At some point in 2012, The State Department bans the use of remote-access software for its technology officials to maintain unclassified servers, unless a waiver is given. It also bans all instances of remotely connecting to classified servers. However, according to records from December 2012, Clinton’s private email server continues to use remote-access software, and no evidence of a waiver allowing this has yet emerged.

Computer security expert Mikko Hypponen will say in 2015 that the use of remote-access software on her server was “clearly serious” and could have allowed hackers to run malicious software on it. (The Associated Press, 10/13/2015)

March 30, 2012—March 31, 2012: Clinton’s BlackBerry emails could be intercepted by Saudi Arabia while she visits that country.

Assistant Secretary for Near Eastern Affairs Jeffrey Feltman, Ambassador to the Clinton meets with King Abdullah bin Abdulaziz Al Saud of Saudi Arabia on March 30, 2012. (Credit: US Embassy Riyadh)

Clinton meets with King Abdullah bin Abdulaziz Al Saud of Saudi Arabia on March 30, 2012. (Credit: US Embassy Riyadh)

Clinton travels to Riyadh, Saudi Arabia, from March 30 to 31, 2012. (US Department of State, 3/30/2012)

This is notable because a September 2016 FBI report will reveal that Clinton regularly used her unsecure BlackBerry while outside the US, including sending and/or receiving “hundreds” of emails containing classified information. (Federal Bureau of Investigation, 9/2/2016)

Furthermore, in August 2010, it was reported that Research in Motion (RIM), the company that makes BlackBerrys, agreed to locate three computer servers within Saudi Arabia, “putting them under the jurisdiction of local security forces,” according to an article at the time by the Register.

Headquarters of Research In Motion (RIM) located in Waterloo, Ontario (Credit: public domain)

Headquarters of Research In Motion (RIM) located in Waterloo, Ontario (Credit: public domain)

The effective result is that the Saudi government was able to intercept emails that have to briefly pass through the servers. RIM did not want to agree to this, but the Saudi government briefly suspended BlackBerry service until RIM gave in. Even emails sent through Saudi Arabia using personal encryption keys could be easily intercepted due to this agreement. (The Register, 8/9/2010)

Clinton is sent emails virtually every day, and her days in Saudi Arabia are no exceptions. One email classified at the “confidential” level is sent to Clinton on March 31, 2012, though it’s not clear if she is in Saudi Arabia at the time or not. The email concerns politics in Sudan and South Sudan. (US Department of State, 1/29/2016)

 

August and December 2012: An Internet-wide hacker attack makes Clinton’s private server even more vulnerable.

An anonymous hacker using a computer in Serbia scans hundreds of millions of Internet addresses for accessible openings, called “ports.” Clinton’s private server is scanned by this hacker in August 2012 and again in December. The hacker’s millions of results are then made widely available on-line. It is unknown if anyone looking at this data figures out if the server belongs to Bill and Hillary Clinton, although the name “clintonemail.com” is a clue. (The Associated Press, 10/13/2015)

January 2013—May 31, 2013: Clinton uses an agent to find new management for her private server.

Tania Neild (Credit: public domain)

Tania Neild (Credit: public domain)

Tania Neild runs a company called InfoGrate that connects very wealthy people with companies who oversee their personal technologies, such as emails, and her company is based only about twenty miles from Clinton’s New York house. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

An FBI report will later state that “due to user limitations and reliability concerns regarding the [existing] server, staff for [Hillary] Clinton and President [Bill] Clinton discussed future email server options, and a search was initiated to find a vendor to manage a Clinton email server. Additionally, [Clinton’s computer technician Bryan] Pagliano’s expressed desire to seek new employment contributed to the decision to move to a new server.”

Clinton will also be interviewed, and she will recall “that the transition to [a new company] was initiated by President Clinton’s aides seeking a higher level of service than could be provided by the [existing] server.”

Around January 2, 2013, Neild is introduced to Clinton’s chief of staff Cheryl Mills through an unnamed mutual business associate. Neild will later tell the FBI that she worked with Mills and Pagliano to produce a proposal to solicit responses from multiple companies. (Federal Bureau of Investigation, 9/2/2016)

January 2013, Platte River Networks, a small company based in Colorado, is told by Neild they are in he running for a new contract. In mid-February, they find out they are a finalist for the contract, and that they might be working for Clinton. They will be hired by Clinton to manage her private server on May 31, 2013. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

01-2013AlexMcGeorgeNewsmax

Alex McGeorge (Credit: Newsmax)

Pagliano will later tell the FBI who made the final decision to pick Platte River. But this person’s name will be redacted, and only identified as someone working for President Clinton. (Federal Bureau of Investigation, 9/2/2016)

In retrospect, the choice of Platte River will seem to be an odd one. Cybersecurity expert Alex McGeorge will later comment, “My big issue here is do you want a small firm with little/no government experience or contracting (according to what’s being reported) and no stated security expertise to be in charge of the email system for our secretary of state? That is fundamentally ridiculous.” (Business Insider, 8/17/2015)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

February 2013—June 2013: At least one manager of Clinton’s server does very little during a transition phase, despite the Guccifer hack threat.

At the end of Clinton’s tenure of secretary of state in February 2013, her private server is still being managed by Bryan Pagliano and Justin Cooper, with Pagliano doing most of the technical work and Cooper doing most of the customer service work. The management of the server will be taken over by the Platte River Networks (PRN) computer company in June 2013. It seems possible that the server is not as actively managed in the months in between.

Justin Cooper testifies to the House Oversight and Government Affairs Committee. (Credit: Alex Wong / Getty Images)

Justin Cooper testifies to the House Oversight and Government Affairs Committee on September 13, 2016. (Credit: Alex Wong / Getty Images)

In September 2016, Cooper will be questioned by a Congressional committee. Representative Jason Chaffetz (R) will ask him, “[Y]ou stepped back from the day-to-day activities with the Clintons about the time of the transition, is that correct? As she left office?”

He will reply, ‘Yes.”

When asked about his knowledge of what happened to server security after the hacker known as Guccifer broke into the email account of a Clinton confidant and publicly exposed Clinton’s email address on the server in March 2013, Cooper will reply, “At that point in time I was transitioning out of any role or responsibility with the server as various teams were selecting Platte River Networks to take over the email services and I don’t know that I had any sort of direct response.”

Additionally, when Cooper will be asked about his contact with PRN, he will say, “My interaction was handing over user names and passwords and that was the totality of the interaction I’ve had. I’ve never had interaction with them.” (US Congress, 9/13/2016)

It is not known if Pagliano similarly cuts down his involvement with managing the server during this time, since he has refused to publicly comment about his experiences. The FBI has mentioned nothing about the management of Pagliano or Cooper during this time period. (Federal Bureau of Investigation, 9/2/2016)

March 15, 2013—March 21, 2013: Clinton’s private server is repeatedly scanned from Russia shortly after Guccifer’s hack revealed her server domain.

On March 14, 2013, the Romanian hacker known as Guccifer broke into the email account of Clinton confidant Sid Blumenthal and learned Clinton’s private email address and thus her clintonemail.com server domain.

A September 2016 FBI report will reveal that “An examination of log files [of Clinton’s server] from March 2013 indicated that IP addresses from Russia and Ukraine attempted to scan the server on March 15, 2013, the day after the Blumenthal compromise, and on March 19 and March 21, 2013. However, none of these attempts were successful, and it could not be determined whether this activity was attributable to [Guccifer].” (Federal Bureau of Investigation, 9/2/2016)

Shortly after March 15, 2013: Cheryl Mills expresses concerns to Bryan Pagliano about the security of Clinton’s private email server after the Guccifer hack.

On March 14, 2013, the Romanian hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal and made Clinton’s private email address public. Cheryl Mills was Clinton’s chief of staff until January 2013, when both she and Clinton left the State Department. But Mills continues to assist Clinton, and in August 2016 she will mention in written answers to a Freedom of Information Act (FOIA) lawsuit that she was concerned at this time how the Guccifer hack could impact the running of Clinton’s private email server.

She says she discussed the issue with Bryan Pagliano, Clinton’s computer technician “in or around March 2013, when the email account of Sidney Blumenthal was compromised by a hacker known as Guccifer. As I recall, these discussions involved whether this event might affect Secretary Clinton’s email.”

Clinton changed her email address several days after the Guccifer hack was discovered. However, the server continued to operate and her new email address was also hosted on the same server. It is still unknown whether Pagliano or anyone else took any other security steps in response to the hack. (Politico, 8/10/2016)

March 20, 2013: Gawker publishes an article that reveals Clinton’s use of a private email address and notes it “could be a major security breach.”

The article notes that the hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal. “[W]hy was Clinton apparently receiving emails at a non-governmental email account? The address Blumenthal was writing to was hosted at the domain ‘clintonemail.com’, which is privately registered via Network Solutions. It is most certainly not a governmental account. […] And there seems to be little reason to use a different account other than an attempt to shield her communications with Blumenthal from the prying eyes of FOIA [Freedom of Information Act] requesters.

Neither the State Department nor the White House would immediately comment on whether the White House knew that Blumenthal was digitally whispering in Clinton’s ear, or if the emails were preserved as the law requires. And if, as it appears, Blumenthal’s emails contained information that was classified, or ought to have been treated as such, it could be a major security breach for Clinton to have allowed it to be sent to her on an open account, rather than through networks the government has specifically established for the transmission of classified material.” (Gawker, 3/20/2013)

May 3, 2013: In a public speech, Under Secretary of State for Political Affairs Wendy Sherman says Clinton conducts diplomacy on her unsecure BlackBerry.

Wendy Sherman giving a speech on May 3, 2013. (Credit: public domain)

Wendy Sherman giving a speech on May 3, 2013. (Credit: public domain)

Sherman says that technology “has changed the way diplomacy is done. […] Things appear on your BlackBerrys that would never be on an unclassified system, but you’re out traveling, you’re trying to negotiate something, you want to communicate with people – it’s the fastest way to do it.” She recalls the 2011 United Nations General Assembly, during which Clinton and European diplomat Catherine Ashton negotiated. “They sat there as they were having the meeting with their BlackBerrys transferring language back and forth between them and between their aides to multitask in quite a new fashion.”

The Hill will later note that Sherman’s comments “suggest that diplomats across the [State Department] routinely declined to use special protections for classified information to prioritize convenience.” (The Hill, 1/26/2016) 

Former NSA counterintelligence officer John Schindler will later make the general observation, “The State Department has a longstanding reputation for being less than serious about security, and its communications have often wound up in foreign hands. It’s something of a tradition at [State Department headquarters], to the chagrin of the Intelligence Community…” (The New York Observer, 1/28/2016)