When Bryan Pagliano, who managed Clinton’s private server, is interviewed by the FBI on this day, he will mentioned that he recalled finding “a virus” on her server at some point. But according to the FBI, he “could provide no additional details, other than it was nothing of great concern. FBI examination of the [server] and available server backups did not reveal any indications of malware.” (Federal Bureau of Investigation, 9/2/2016)
Little is known about hacking attempts on Clinton’s email accounts around this time, or how many accounts she has. But a June 2016 Forbes article about hacking attempts on Clinton’s campaign staffers mentions in passing: “Earlier this year, Clinton’s personal email accounts, found to have been used without the right permissions for official business, were also allegedly targeted by hackers in separate attacks.” (Forbes, 6/16/2016)
He says in an interview, “Given the fact that the Pentagon acknowledges that they get attacked about 100,000 times a day, I think the odds are pretty high.” Russia, China, and Iran are suggested as countries that would have targeted her server. Gates was defense secretary from 2006 to 2011, under Presidents Bush and Obama. In 2015, Gates praised Clinton, saying, “She was a good secretary of state.” (The Hill, 1/21/2016)
Writing in the Wall Street Journal, Mukasey argues that “intelligence community investigators believe it is nearly certain that Mrs. Clinton’s server was hacked, possibly by the Chinese or the Russians… [F]rom her direction that classification rules be disregarded, to the presence on her personal email server of information at the highest level of classification, to her repeated falsehoods of a sort that juries are told every day may be treated as evidence of guilty knowledge—it is nearly impossible to draw any conclusion other than that she knew enough to support a conviction at the least for mishandling classified information.” (The Wall Street Journal, 1/21/2016)
John Schindler, a former National Security Agency (NSA) analyst and counterintelligence officer, writes, “Why Ms. Clinton and her staff refused to use State Department email for official business is an open and important question. Suspicion inevitably falls on widespread allegations of pay-for-play, a corrupt scheme whereby foreign entities gave cash to the Clinton Global Initiative in exchange for Ms. Clinton’s favors at Foggy Bottom [State Department headquarters]. […] Regardless of whether Ms. Clinton was engaged in political corruption, she unquestionably cast aside security as secretary of state.” The Clinton Global Initiative is one of the Clinton Foundation’s major projects. (The New York Observer, 1/28/2016)
Bradley Moss, a lawyer who specializes in national security and protection of classified information, speculates about who will be targeted by the FBI’s investigation into Clinton’s emails and server.
He suggests Clinton is less in danger that her aides, since most of the retroactively classified emails were written by her aides. “It’d be a lot harder to make a criminal charge for having received [classified] information. If I’m in Clinton’s campaign, I’m more worried if am Cheryl Mills, Huma Abedin, or Jake Sullivan than if I’m Hillary Clinton. […] The sloppiness and the complete fundamental failure to comply with any aspect of operational and informational security is what puts them at risk. You just can’t do that that many times and not expect to find yourself in trouble.” (The Hill, 1/28/2016)
This is according to an unnamed former high-ranking Russian intelligence officer. This officer says, “Of course the SVR got it all.” (The SVR, Sluzhba Vneshney Razvedki, is the successor intelligence agency to the KGB.) He adds, “I don’t know if we’re as good as we were in my time, but even half-drunk, the SVR could get those emails. They probably couldn’t believe how easy Hillary made it for them.” (The New York Observer, 1/28/2016)
Mukasey is asked if classified markings on Clinton’s “top secret” emails would have been removed before being emailed to Clinton. He replies, “Well, the documents originated someplace. They didn’t drop in from Mars. The person who originated them necessarily put classified markings on them… Now how did the markings get off? […] [There] is very particular language relating to the fact that there are three communication systems within the government. Non-secure, SIPR [Secret Internet Protocol Router Network or SIPRNet] or secure, and the highest, which is JWICS [Joint Worldwide Intelligence Communications System]. The information from SIPR and from JWICS cannot move on the low end system, and if you put anything on there that’s got those markings on it, it essentially sets off an alarm that alerts people involved with security.”
He concludes, “[I]f she has signals intelligence or information from a human source that is obviously confidential and secret and relates to intelligence activities of the United States abroad, she’d have to have been a low grade moron in order to not know that it’s classified.” (CNN, 1/30/2016)
Platte River Networks (PRN) is the computer company managing Clinton’s private server from June 2013 until at least October 2015, and PRN employee Paul Combetta played a pivotal role in the deletion of Clinton’s emails from her server.
On February 18, 2016, Combetta is interviewed by the FBI for the first time. He says that between March 25 and 31, 2015, he realized he failed to change the email retention policy on Clinton’s email account on her server, as Clinton’s lawyer (and former chief of staff) Cheryl Mills told him to do in December 2014. This would result in the deletion of some of her emails after 60 days. However, he claims that despite this realization, he still didn’t take any action. Additionally, on March 9, 2015, Mills sent him and other PRN employees an email which mentioned that the House Benghazi Committee had made a formal request to preserve Clinton’s emails. Combetta tells the FBI that he didn’t recall seeing the preservation request referenced in the email.
On May 3, 2016, Combetta has a follow-up FBI interview, and his answers on key issues completely contradict what he said before. This time, he says that when he realized between March 25 and 31, 2015 that he forgot to change the email retention policy on Clinton’s email account, he had an “oh shit!” moment. Then, instead of finally changing the policy settings, he entirely deleted Clinton’s email mailbox from the server, and used the BleachBit computer program to effectively wipe the data to make sure it could never be recovered. He also deleted a Datto back-up of the data. And he did all this without consulting anyone in PRN or working for Clinton. Furthermore, he admits that he was aware of the mention in the March 9, 2015 email from Mills mentioning the Congressional request to preserve Clinton’s emails.
A September 2016 FBI report will simply note these contradictions. There will be no explanation why Combetta was not indicted for lying to the FBI, obstruction of justice, and other possible charges. There also will be no explanation why his answers changed so much in his second FBI interview, such as him possibly being presented with new evidence that contradicted what he’d said before. (Federal Bureau of Investigation, 9/2/2016)
The logs were given to the FBI by Bryan Pagliano, a Clinton aide who is cooperating with the FBI and who managed Clinton’s server during the time she was secretary of state. However, sophisticated hacking attempts sometimes leave no evidence in the security logs. (The New York Times, 3/3/2016)
Additionally, cybersecurity expert Morgan Wright will later suggest the server may not have had an adequate detection system. “If you have a bank and you have one video camera when you need 20, then you missed it. If they weren’t capturing all the activity, their security logs may say they didn’t see anything.” (Fox News, 5/7/2016)
In May 2016, it will emerge that there were hacking attempts on the server during the time Pagliano was managing it, for instance in January 2011. It’s not clear why these attacks didn’t appear on the server logs or why previous media reports of the logs were incorrect. (US Department of State, 5/25/2016)
Also, it appears there were hacking attempts on the server after June 2013, when Pagliano was no longer involved, but when all of Clinton’s emails were still on the server. (The Associated Press, 10/7/2015)
On June 14, 2016, McClatchy Newspapers will report that a hacking attack on the DNC [Democratic National Committee] is discovered “in late April 2016, after staffers noticed unusual activity on the DNC’s computer network.” (McClatchy Newspapers, 6/14/2016)
On June 21, 2016, Bloomberg News will report, “The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.” (Bloomberg News, 6/21/2016)
In late July 2016, it will be reported that the FBI warned the Clinton campaign in March 2016 that it was the target of hacking attempts, but the campaign refused to help the FBI stop them.
The Hill notes there are many lingering questions about Clinton’s email scandal, including a lack of information about the security of Clinton’s server. “Clinton’s camp has refused to outline precisely which digital protections she used to safeguard the information on her private server.” Other questions include what laws might have been broken, who other than Clinton might be in trouble, and if Clinton’s over 31,000 deleted emails were ever recovered. (The Hill, 3/4/2016)
State Department legislative liaison Julia Frifield sends a letter to the Senate indicating an apparent change in what information the State Department considers properly classified. The vast majority of redactions in Clinton’s emails are for foreign government information, to which Frifield refers as “FGI.”
Frifield writes, “Although the unauthorized release of FGI is presumed to cause harm to the national security—thereby qualifying as Confidential [level] classified information, department officials of necessity routinely receive such information through unclassified channels. For example, diplomats engage in meetings with counterparts in open settings, have phone calls with foreign contacts over unsecure lines, and email with and about foreign counterparts via unclassified systems. Diplomats could not conduct diplomacy if doing so violated the law.” As a result, not all such information should automatically be considered classified.
However, regulations in effect when Clinton was secretary of state called for FGI to be marked “confidential” unless it was designated “C/MOD” (for “confidential/modified handling”). But none of Clinton’s emails appear to have been given that designation. (Politico, 5/12/2016)
The Romanian hacker nicknamed Guccifer, whose real name is Marcel-Lehel Lazar, has been recently interviewed by Fox News. He claims for the first time that after breaking into the email account of Clinton confidant Sid Blumenthal in March 2013, he traced Clinton’s emails back to her private email server.
He tells Fox News, “For me, it was easy […] easy for me, for everybody.” He says he accessed her server “like twice.” He adds, “For example, when Sidney Blumenthal got an email, I checked the email pattern from Hillary Clinton, from Colin Powell, from anyone else to find out the originating IP [Internet Protocol address]. […] When they send a letter, the email header is the originating IP usually…then I scanned with an IP scanner.”
He said he then used some Internet programs to determine if the server was active and which ports were open. However, the server’s contents did “not interest” him at the time. “I was not paying attention. For me, it was not like the Hillary Clinton server, it was like an email server she and others were using with political voting stuff.”
If he breached the server, it appears he didn’t fully understand what he was seeing, and he has not claimed to have uncovered more of Clinton’s emails. He is interviewed from a US prison and has no documents to back up his claim. However, Fox News reports, “While [his] claims cannot be independently verified, three computer security specialists, including two former senior intelligence officials, said the process described is plausible and the Clinton server, now in FBI custody, may have an electronic record that would confirm or disprove Guccifer’s claims.”
Cybersecurity expert Morgan Wright comments, “The Blumenthal account gave him a road map to get to the Clinton server. […] You get a foothold in one system. You get intelligence from that system, and then you start to move.”
Guccifer claims he wants to cooperate with the US government, adding that he has hidden two gigabytes of data that is “too hot” and is “a matter of national security.”
The Clinton campaign responds, “There is absolutely no basis to believe the claims made by this criminal from his prison cell. In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton’s server are inaccurate.” (Fox News, 5/4/2016)
Politico reports, “An internal FBI review of Clinton’s email records did not indicate traces of hacking” according to “a source familiar with the situation.” (Politico, 5/4/2016)
An FBI report in September 2016 will assert that Guccifer admitted in his FBI interview that he lied about his claim to have accessed Clinton’s server.
Hours after Fox News reports on recently interviewing Romanian hacker Guccifer, NBC News reports on their recent interview with Guccifer. Like the Fox News interview, the main story is that Guccifer claims to have gained access to Clinton’s private email server. He tells NBC News, “It was like an open orchid on the Internet. […] There were hundreds of folders.” He also calls her server “completely unsecured.”
An unnamed source with knowledge of the FBI’s Clinton investigation claims “that with Guccifer in US custody, investigators fully intend to question him about her server.”
While Fox News recently interviewed him in a US prison, NBC News interviewed him from a prison in Bucharest, Romania, where he was until he was extradited to the US in late March 2016. (NBC News, 5/4/2016)
LawNewz notes the timing, and asks, “Why would a major news network sit on such an explosive allegation—especially when the claim directly relates to a presidential candidate and the biggest story the 2016 presidential election cycle?” NBC News has not commented. (LawNewz, 5/4/2016)
An FBI report in September 2016 will assert that Guccifer admitted in his FBI interview that he lied about his claim to have accessed Clinton’s server.
In March 2015, shortly after Clinton’s exclusive use of a private email and server was first publicly revealed, Vice News filed a Freedom of Information Act (FOIA) request with the State Department for all “communications, presentations, and procedures created by the State Department to secure Hillary Clinton’s email from electronic threats.” In 2015, the Department began releasing some relevant emails, but no other relevant documents have been released.
After two delays, on this day, Vice News is told by the Department that the “estimated completion date” for the FOIA request has been “extended to December 2016.”
Vice News reporter Jason Koebler comments, “The FOIA process is a notorious mess, but it is patently ridiculous that records pertaining to the security practices of someone who stands a very good chance of running the country—and thus being in possession of highly sensitive documents at all times—won’t be made available to the public a year and a half after they were requested.” (Vice News, 5/5/2016)
CNN reports, “The investigation is still ongoing, but so far investigators haven’t found evidence to prove that Clinton willfully violated the law the US officials say.” However, nothing has been said about crimes that did not involve willful violation of the law, such as gross negligence, or unsecure possession of classified material.
Unnamed officials also claim that “The probe remains focused on the security of the server and the handling of classified information and hasn’t expanded to other matters.”
Furthermore, “FBI officials overseeing the probe now expect to complete their work in the next few weeks and then turn over the findings to the Justice Department, which will make a final decision on whether to bring charges against anyone.” (CNN, 5/5/2016)
Clapper publicly comments, “We’ve already had some indications” of hacking on the computer networks of the two frontrunners in the presidential race. He warns, “We’ll probably have more.” He suggests the hackers could be working for foreign governments.
V. Miller Newton, who advises federal agencies on data security, says foreign spying on campaign sites is inevitable. “These campaigns are not working on encrypted platforms. It’s a matter of when, and how serious of an impact it is going to have on this election.” (The Associated Press, 5/18/2016)
It will later emerge that a hacking attack on the DNC [Democratic National Committee] was already discovered, in late April 2016, after staffers noticed unusual activity on the DNC’s computer network. (McClatchy Newspapers, 6/14/2016)
The State Department’s Office of Inspector General releases a report with the title “Evaluation of Email Records Management and Cybersecurity Requirements.” The 83-page report is the main headline at the New York Times, the Washington Post, and elsewhere, because it sheds new light on Clinton’s email scandal. The Post calls it “a highly critical analysis of Hillary Clinton’s email practices while running the department, concluding that Clinton failed to seek legal approval for her use of a private server and that agency staff members would not have given their blessing if it had been sought because of ‘security risks.’”
The report did not cover the classified content of some of Clinton’s emails due to the on-going FBI investigation and instead focuses mainly on record management issues for Clinton as well as the four previous secretaries of state. The office’s inquiry was initiated by a request from Secretary of State John Kerry in 2015, and was led by Inspector General Steve Linick, who was appointed by President Obama in 2013. The report reveals:
- There were “long-standing systemic weaknesses” in the State Department’s recordkeeping. Department officials were “slow to recognize and to manage effectively the legal requirements and cybersecurity risks” of widespread email use. This problem went “well beyond the tenure of any one secretary of state,” but most of the report focuses on Clinton’s tenure.
- Former secretary Colin Powell is singled out for violating department policy by using a personal email account while in office, as Clinton did. But the report notes that in the four years between the end of Powell’s tenure and the start of Clinton’s, the department’s warnings about the “obligation” to mainly use government email accounts for work matters had become more detailed and frequent.
- Dozens of department employees sometimes used personal email accounts for work matters. But only three were discovered who used such accounts exclusively: Clinton, Powell, and Scott Gration, who was US ambassador to Kenya in 2011 and 2012. Gration faced an internal rebuke for doing so and was forced to resign. Clinton was the only one to use a private server as well.
- Clinton “had an obligation to discuss using her personal email account to conduct official business” with security and records management officials, but investigators “found no evidence” that she had requested or received approval from anyone to conduct work matters mainly by personal emails. Furthermore, department officials “did not—and would not—approve her exclusive reliance on a personal email account to conduct Department business.”
- Similarly, Clinton had not sought permission to use a private email server, and would not have received it if she had.
- Clinton was required to demonstrate to security and records management officials that both her server and her mobile devices “met minimum information security requirements,” but she never did so.
- Clinton should have handed over copies of her work emails immediately upon stepping down in February 2013. Failure to do so violated department policies and the Federal Records Act. Instead, she provided only some work emails, and those only in December 2014, nearly two years later, after the Republican-led House Benghazi Committee began asking for some of her emails.
Clinton has claimed she effectively left copies of her emails with the State Department because she mainly emailed other department officials. However, the report says that was an inappropriate form of preservation. Additionally, four of her closest aides, whom she exchanged emails with most often, also made “extensive” use of personal email accounts, so none of those emails would have been preserved in State Department records just by being received by those aides.
- There was “some awareness” of Clinton’s email account among senior department officials. But there also appear to have been efforts to keep her use of a private server a secret. For instance, in 2010, when two department computer technicians raised concerns that her server might not properly preserve records, a higher official told them her setup had been reviewed by lawyers and warned them “never to speak of the Secretary’s personal email system again.” Furthermore, no evidence of such a legal review has been found.
- Clinton has claimed she exclusively used a private email account for “convenience.” However, this claim is belied by Clinton’s response to an email from Huma Abedin, Clinton’s deputy chief of staff, in November 2010. When Abedin prodded Clinton about “putting you on State email or releasing your email address to the department […] ,” Clinton replied that she would consider a |separate address or device, “but I don’t want any risk of the personal being accessible.”
- Clinton turned over 30,000 work-related emails in December 2014, while deleting another 31,000 emails she said were personal in nature. However, the report claims her email handover was “incomplete,” and there are gaps and missing emails. For instance, the above-mentioned November 2010 email was not handed over by Clinton but was found through other means.
- Several incidents were uncovered in which Clinton or some of her aides worried that Clinton’s private server had been hacked. For instance, a January 2011 email to a Clinton aide said Clinton’s server was shut down because “someone was trying to hack us.” It is unknown if the server actually was broken into at that time. However, Clinton and her aides failed to alert department computer security personnel to the hacking attempts, as required by department policy.
- Clinton, as well as nine of her former top aides, refused to be interviewed for the report. By contrast, the four previous secretaries of state, as well as current Secretary of State John Kerry, were interviewed.
The Romanian hacker nicknamed Guccifer pleads guilty in a US court to charges of identity theft and unauthorized access to protected computers. At a plea hearing before US District Court Judge James Cacheris in Alexandria, VA, he admits that he broke into email and social media accounts of about 100 US citizens between 2012 and 2014.
Guccifer is best known for breaking into the email account of Clinton confidant Sid Blumenthal in March 2013 and thus publicly revealing Clinton’s private email address. He could face up to seven years in prison in the US, on top of the seven years he is already serving in Romania.
He is due to be sentenced on September 1, 2016. However, it is alleged that his guilty plea is part of a deal to cooperate with the US government, possibly including the FBI’s Clinton investigation. It has been reported that he will cooperate with the government in other investigations and be “reasonably available for debriefing and pre-trial conferences as the US may require.” He also has agreed to turn over any documents or other materials “that may be relevant to investigations or inquires.” (LawNewz, 5/25/2016)
Hours after a report is released by the State Department’s inspector general that is highly critical of Clinton’s email practices, the Clinton campaign releases a statement that largely dismisses the report’s critique. The New York Times analyzes and disputes every claim made in the 203-word Clinton rebuttal:
- “The inspector general documents just how consistent her email practices were with those of other secretaries and senior officials at the State Department who also used personal email.” The Times points out that only former Secretary of State Colin Powell exclusively used a personal email account for work matters, and nobody else used a private email server.
- “The report shows that problems with the State Department’s electronic record-keeping systems were longstanding and that there was no precedent of someone in her position having a State Department email account until after the arrival of her successor.” The Times notes the department did have long-standing recordkeeping issues. However, the rules became more stringent by the time Clinton became secretary of state. Most of Clinton’s predecessors simply didn’t use email at all.
- “Contrary to the false theories advanced for some time now, the report notes that her use of personal email was known to officials within the department during her tenure…” The Times notes that many in the State Department did know of Clinton’s private email address, due to exchanging emails with her. “It is equally clear, however, that senior department officials were sensitive about people raising red flags about it. When two junior staff members expressed concerns to their boss in the Information Records Management office, he ‘instructed the staff never to speak of the secretary’s personal email system again.’”
- “There is no evidence of any successful breach of the secretary’s server.” While it is true the report contains no proof the server was breached, the server was shut down twice due to hacker attacks. Prior to the report, Clinton claimed there was no evidence it was even attacked.
- “We agree that steps ought to be taken to ensure the government can better maintain official records, and if she were still at the State Department, Secretary Clinton would embrace and implement any recommendations, including those in this report, to help do that.” The Times notes, “many of these regulations [pointed out in the report] existed, in one form or another, when she was in office.”
- “As this report makes clear, Hillary Clinton’s use of personal email was not unique, and she took steps that went much further than others to appropriately preserve and release her records.” The Times counters, “Mrs. Clinton’s use of a private email and server stored in her home was, in fact, unique. She left the State Department without turning over any emails, and only did so after she was contacted by the department’s lawyers, who were under pressure to produce documents from the House Select Committee on Benghazi.” Furthermore, the emails she turned over now appear to be incomplete.
- The Times concludes by noting that the Clinton campaign statement “does not repeat an assertion Mrs. Clinton has made before: that her arrangement, while unwise, was permitted. Last September, she told the Associated Press: ‘What I did was allowed. It was allowed by the State Department. The State Department has confirmed that.’” (The New York Times, 5/25/2016)
A new State Department inspector general report determines that department rules required Clinton to get official approval to conduct official business using a personal email account on her private server, but she did not do so.
In the words of the report, Steven C. Taylor, current head of Information Resources Management (IRM) and Gregory Starr, current head of Diplomatic Security (DS), jointly claim that Clinton “had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs. However, according to these officials, DS and IRM did not—and would not—approve her exclusive reliance on a personal email account to conduct department business, because of the restrictions in the FAM [Foreign Affairs Manual] and the security risks in doing so.” (US Department of State, 5/25/2016)
Guccifer, whose real name Marcel-Lehel Lazar, is interviewed by the FBI as part of the FBI’s Clinton email investigation. He appears to have spoken to the FBI previously, but these may have been about other matters, since he hacked dozens of US citizens.
Around the end of April 2016, Guccifer had high-profile interviews with Fox News and NBC News. It was already known that he broke into the email account of Clinton confidant Sid Blumenthal in March 2013 and learned Clinton’s private email address. In both media interviews, Guccifer claimed that he then gained access to Clinton’s private server. But the FBI will later say that Guccifer admitted in his FBI interview that he lied about this.
Additionally, “FBI forensic analysis of the Clinton server during the timeframe [Guccifer] claimed to have compromised the server did not identify evidence that [he] hacked the server.” (Federal Bureau of Investigation, 9/2/2016)
Yahoo News reports that “Senate investigators and a conservative group [Judicial Watch] are zeroing in on newly revealed evidence about the activities of a now retired State Department computer specialist in orchestrating what they charge was a ‘cover-up’ of the former secretary of state’s email practices.” That person is John Bentel, who was director of the department’s Information Resource Management (IRM) office until December 2012.
According to a newly released State Department inspector general’s report, in late 2010, two IRM staffers separately raised issues with Bentel that some of Clinton’s private emails might need to be preserved to comply with the law and regulations. But according to the report, Bentel told one of the staffers that Clinton’s email practices had been “reviewed and approved by Department legal staff”—which was not true—and “that the matter was not to be discussed any further.” Bentel told the other staffer that the mission of the IRM “is to support the Secretary and instructed the staff never to speak of the Secretary’s personal email system again.”
In response to this report, Senator Chuck Grassley (R) says, “If what these two witnesses said is true, it is an outrage, and it raises a lot of serious questions. Good and honest employees just trying to do their job were told to shut up and sit down. Concerns about the secretary’s email system being out of compliance with federal record-keeping laws were swept under the rug.”
Additionally, in June 2015, Bentel told the House Benghazi Committee that he had “no memory or knowledge” of Clinton’s private email server while she was secretary of state.
But in August 2011, Clinton’s deputy chief of staff, Huma Abedin, emailed the idea of giving Clinton a new email address because “her personal email server is down.” Bentel suggested giving Clinton a government email account, but warned, “you should be aware that any email would go through the department’s infrastructure and [be] subject to FOIA [Freedom of Information Act] searches.”
Grassley says he intends to learn more about Bentel’s role in a possible cover-up. And Judicial Watch plans to question former Clinton aides like Abedin and Cheryl Mills about Bentel’s role when they are deposed under oath in the coming weeks.
Law professor Douglas Cox say that Bentel’s role was “the most shocking part of the [inspector general’s] report. It shows there was dissent within the State Department precisely by the people responsible for insuring compliance with record-keeping and cyber-security issues—and they were told something that appears not to be true.” (Yahoo News, 5/27/2016) (The New York Times, 5/26/2016)
The newspaper’s editorial board reacts to the State Department inspector general’s report criticizing Clinton’s email practices. “Clinton’s bad decision had turned into something far worse: a threat to national security, one that she repeatedly ignored despite multiple warnings.”
The editorial cites four warnings Clinton faced in a six-month period in 2011 that all pointed to the security danger of using a private email account. But despite these warnings, and others, “Clinton and several of her top aides continued to use personal email for sensitive State Department business thousands of times.”
It concludes, “It’s already clear that, in using the private email server, Clinton broke the rules. Now it remains to be seen whether she also broke the law.” (USA Today, 5/30/2016)
Howard Krongard, who was the State Department’s inspector general from 2005 to 2008, says he “would have been stunned had I been asked to send an email to [Clinton] at a personal server, private address. I would have declined to do so on security grounds and if she had sent one to me, I probably would have started an investigation.”
Krongard also suggests that Clinton benefited from the lack of a permanent inspector general for the entire duration of her tenure as secretary of state. “They are the people who enforce the rules, and there was no one enforcing the rules during that time.” (Fox News, 5/31/2016)
A June 21, 2016 Bloomberg News article claims the warnings came before the hack on the DNC [Democratic National Committee] was made public on June 14, 2016. However, it’s unclear when the warnings happened exactly. This is according to one unnamed “person familiar with the government investigation into the attacks.”
But the Trump campaign won’t respond to questions about the warnings, and Sanders spokesperson Michael Briggs says he isn’t aware of the warnings.
Bloomberg News will comment, “Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.” (Bloomberg New, 6/21/2016)
It has been reported that the Clinton campaign and related organizations have been attacked by hackers, but there have been no confirmed attacks on the Trump or Sanders campaigns. (Bloomberg News, 6/17/2016)
The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.
One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.
The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016)
Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016)
Clinton was targeted by spear phishing at least three times, twice in May 2011, and once in July 2011. It is unknown if any of those attacks succeeded. (US Department of State, 10/30/2015) (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)
In an interview, Clinton is asked about a news report from earlier in the day that hackers allegedly linked to the Russian government breached the computer network of the DNC [Democratic National Committee]. She is asked the general question, “What can you tell us about that incident? How worrisome is it?”
She replies, “I only learned about it when it was made public. And it is troubling, just as all cyber-attacks against our businesses and our institutions, our government are. The Russians—and according to the reporting—who did this hacking were most likely in the employment of the Russian government.”
She also comments without being prompted, “So far as we know, my campaign has not been hacked into and we’re obviously looking hard at that.” (The Hill, 6/14/2016)
But two days later, Forbes reports that a security company hired by the Clinton campaign has determined many of her campaign staffers have been targeted by hackers in recent months, and there are indications some of their email accounts could have been breached. (Forbes, 6/16/2016)
One day after the Washington Post reported that alleged Russian hackers broke into the DNC’s [Democratic National Committee] computer network, a man using the nickname “Guccifer 2.0” creates a new website on the Internet showing that person got the DNC files. Guccifer 2.0 likely has no connection to Guccifer, who is now in a US prison, but seems inspired to take the name due to Guccifer’s earlier hacking notoriety.
He posts a 200-page opposition research file on Republican presumptive presidential nominee Donald Trump dating from December 2015, as well as other computer files from the DNC. The files include a sample of donor information, contradicting the DNC’s claim from the day before that no financial information had been stolen.
Guccifer 2.0 also claims to have given “thousands of files and mails” to WikiLeaks. This comes several days after WikiLeaks head Julian Assange promised to post more of Clinton’s emails soon. The security firm CrowdStrike was hired to investigate the DNC hack, and they claimed to be confident that it was a sophisticated operation done by two hacking groups with ties to the Russian government.
However, Guccifer 2.0 claims to be working independently, and says of CrowdStrike, “I’m very pleased the company appreciated my skills so highly. But in fact, it was easy, very easy.”
NBC News reports that “several Democratic sources familiar with the party’s opposition research efforts said they believed opposition research book to be authentic. It also includes links to data stored on internal DNC servers, which would not accessible to people outside the committee.” (NBC News, 6/15/2016)
SecureWorks is a cybersecurity company that apparently has been hired to investigate recent leaks targeting US government officials, departments, and related entities. Focusing on the hacking group known as Fancy Bear (or APT 28), they conclude with “moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.” They also conclude that the group targeted Clinton’s presidential campaign and the DNC [Democratic National Committee].
However, SecureWorks have not observed Fancy Bear “[target] the US Republican party or the other US presidential candidates whose campaigns were active between mid-March and mid-May : Donald Trump, Bernie Sanders, Ted Cruz, Marco Rubio, and John Kasich.” But they point out the other campaigns could have been targeted by other means not noticed by them. (SecureWorks, 6/16/2016)
On June 15, 2016, someone going by the name “Guccifer 2.0” claimed to be the “lone hacker” behind the breach of the DNC [Democratic National Committee] computer network reported in the media the day before.
However, various clues support the assertion by security experts hired by the DNC that the hacking effort is connected to the Russian government or at least originates from Russia:
- The metadata of one file sent by Guccifer 2.0 to Gawker contains metadata indicating the last person to change the file used the nickname for Felix Dzerzhinsky (Феликс Эдмундович), a long-dead Russian statesman best known for founding the Soviet secret police.
- The nickname is written in the Cyrillic alphabet, which means Guccifer 2.0’s computer was configured to use the Russian language and was connected to a Russian-language keyboard.
- Another file contains some broken web links. The error message is also written in Russian, using the Cyrillic alphabet.
- A blog post written by Guccifer 2.0 uses “)))” to indicate a smiley face. This is common in Eastern Europe and Russia but very uncommon elsewhere, due to differences with the Russian-language keyboard. (Ars Technica, 6/16/2016)
- Other metadata indicates the person who saved the files used a cracked version of Office 2007, which is popular in Russia.
- Vice News reports that Guccifer 2.0 had no online history prior to June 15, and “multiple security sources said they’d never heard of nor seen anyone by that alias” before that date. (Vice News, 6/16/2016)
- Dave Aitel, CEO of Immunity Security, comments, “You don’t have the FBI or DHS [Department of Homeland Security] coming out and saying: ‘Hey we don’t think it’s Russia.’ If it is Russia, a nation state, it’s a pretty big deal. Otherwise the FBI would say: ‘We’re conducting an investigation.’ But they’re not saying that.”
Ars Technica comments, “Of course, it’s still possible that the Russian fingerprints were left intentionally by someone who has no connection to Russia, or by a Russian-speaking person with no connection to the Russian government, or any number of other scenarios.” (Ars Technica, 6/16/2016)
Time Magazine notes that although CrowdStrike, the cybersecurity firm hired by the DNC [Democratic National Committee] to stop the hacking of their computer network, claims the Russian government is behind the attacks, other security experts are skeptical. Someone calling themselves “Guccifer 2.0” has posted some files that appear to come from the DNC hack, and that person claims to be a “lone hacker.”
CrowdStrike asserts this is just an effort to sow confusion about Russian involvement, but some experts doubt that as well.
Nathaniel Gleicher, the former director for cybersecurity policy on the NSC [National Security Council], says, “Attribution is incredibly difficult—I wouldn’t say impossible, but it’s very difficult.”
Reg Harnish, the CEO of the cybersecurity company GreyCastle Security, says the final answer may still be unknown, with political intrigues complicating the picture. “I’ve been personally involved in hundreds of these investigations, and you just don’t end up in the same place where you began. […] I think there’s a lot of misinformation out there right now.”
Scott Borg, the head of the US Cyber Consequences Unit, echoed the skepticism. “Our best guess is that the second (and apparently less skillful) of the two intruders was not Russian intelligence. We are also uncertain about the first group.”
So far, the FBI has not made any comment. (Time, 6/17/2016)
Two days after emerging to post some DNC [Democratic National Committee] documents on the Internet, the hacker known by the nickname Guccifer 2.0 publishes some more.
This person comments on their new website, “It appears there are a lot of financial reports, donors lists, and their detailed personal information, including e-mail addresses and private cell phone numbers…I got tons of files and docs.” This person also promises to post more soon.
Business Insider notes: “The Washington Post’s initial report stated that the hacker’s avoidance of donor information indicates that the breach was likely the work of ‘traditional espionage,’ but the new information posted by Guccifer 2.0, if legitimate, seems to discredit that line of thinking.”
The DNC has not confirmed that the documents are genuine, but has not denied it either. It is unknown who Guccifer 2.0 is, but security experts hired by the DNC assert the Russian government is behind the leaks. (Business Insider, 6/18/2016)
The companies are Fidelis Cybersecurity and Mandiant. They base their analysis on five malware samples used in the hacking attack. Fidelis executive Michael Buratowski says, “Based on our comparative analysis, we agree with CrowdStrike and believe that the Cozy Bear and Fancy Bear…groups were involved in successful intrusions at the DNC [Democratic National Committee] . […] The malware samples matched the description, form and function that was described in the CrowdStrike blog post. In addition, they were similar and at times identical to malware that other [research firms] have associated to these actor sets.”
However, the Washington Post reports, “It is also possible, researchers said, that someone else besides the Russians were inside the DNC’s network and had access to the same documents.” (The Washington Post, 6/20/2016)
A law firm reviewing the DNC attack, Baker & McKenzie, has begun working with three cybersecurity companies to review CrowdStrike’s findings. Fidelis Cybersecurity is one of them, along with FireEye and Palo Alto Networks, Inc. (Bloomberg News, 6/21/2016) (Fidelis Cybersecurity, 6/20/2016)
Bloomberg News reports this is according to three unnamed “people familiar with the matter.” Clinton Foundation officials say they haven’t been notified of the attack and refuse to say more. The breach was discovered as recently as one week earlier.
The attack appears to be part of a larger sweep of attacks that has targeted at least 4,000 email accounts of people connected to US politics since about October 2015. Many of the targets appear to be linked to Clinton.
Bloomberg News comments, “The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal emails filled with gossip about world leaders and Hollywood stars were made public.”
Someone going by the nickname “Guccifer 2.0” has been releasing documents from a hack on the DNC [Democratic National Committee] but it is unknown if this person is linked to the foundation attack. (Bloomberg News, 6/21/2016)
This is the third release by Guccifer 2.0 of files from the DNC [Democratic National Committee] in a week. Guccifer 2.0 claims on his website, “It’s a big folder of docs devoted to Hillary Clinton that I found on the DNC server.” The files are compilations of news reports and other publicly available documents on existing or likely Democratic candidates from around April 2015, and the vast majority of the files contain information from that time or earlier. Nearly all the files are about Clinton, noting stories that could hurt her and often countering them with pro-Clinton talking points.
The DNC has neither confirmed nor denied that Guccifer 2.0 files come from the DNC breach, but Mother Jones notes that the “new trove of documents [were] apparently pilfered from the [DNC].” (Mother Jones, 6/21/2016)
Bloomberg News reports, “If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.”
In the same article, Clinton spokesperson Glen Caplin refuses to comment on details about recent hacking attacks or confirm if any of Clinton’s campaign staff got successfully hacked. However, Caplin does say, “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”
The DNC [Democratic National Committee] similarly won’t comment on details or confirm reports of successful attacks. However, the DNC issues a written statement that it believes recent leaks by Guccifer 2.0 are “part of a disinformation campaign by the Russians.”
The Russian government has denied any involvement. (Bloomberg News, 6/21/2016)
Starting June 15, 2015, someone using the nickname “Guccifer 2.0” created a website and started posting files that appear to come from a recent hack of the DNC [Democratic National Committee] computer network. He claims to be a “lone hacker” while some have suggested that he is a front for the Russian government.
For the first time, he is interviewed, by Vice News, through Twitter, so his appearance and location remain unknown. He says he is from Romania, just like the original hacker nicknamed Guccifer, who is now in a US prison. However, Vice News asks him to answer a question in Romanian and he declines to do so. He does make a few comments in Romanian, but they have numerous errors. He says he deliberately left Russian metadata in the leaked documents as his personal “watermark.” Yet he claims, “I don’t like Russians and their foreign policy. I hate being attributed to Russia.”
He says he first breached the DNC network in the summer of 2015. “Then I installed my Trojans on several PCs. I had to go from one PC to another every week so CrowdStrike couldn’t catch me for a long time. I know that they have cool intrusion detection system. But my heuristic algorithms are better.” He claims he finally got kicked out of the network on June 12, 2016, when the DNC “rebooted their system.”
He says he has had other successful hacking attacks, but he refuses to name the targets because “my safety depends on it.” He says he doesn’t care about Donald Trump but targeted the DNC to emulate the work of the original Guccifer. (Vice News, 6/21/2016)
None of those government agencies have made any public statements about the hacking attacks or who might be behind them, and the White House has been silent as well. But Bloomberg News reports that because so many of the attacks have targeted people or institutions close to Clinton, the FBI has been careful to keep its hacking investigation separate from its ongoing Clinton email investigation. Totally different personnel are being used in the two investigations. (Bloomberg News, 6/21/2016)
The State Department releases more of Clinton’s work-related emails, despite Clinton’s claims that she turned over all her work-related emails in December 2014. Judicial Watch asked for the emails which were mentioned in the May 2016 State Department inspector general’s report on Clinton’s email practices.
The emails show that in December 2010, State Department employees struggled to fix a problem that was causing emails from Clinton’s private server to be rejected as spam by the department’s computer network. The spam filtering problem persisted since at least early November, as can be seen in a November 13, 2010 email chain between Clinton and her deputy chief of staff Huma Abedin complaining about them.
As a result, on December 21, 2010, the ScanMail anti-spam security feature for the entire network was disabled, leaving the network more vulnerable. Apparently, the software intended to block “spear phishing” emails that could install malware to infect the network was also disabled around the same time.
On January 9, 2011, Clinton’s server was apparently attacked by hackers at least twice, causing the server to be temporarily shut down. (The Associated Press, 6/22/2016) (US Department of State, 6/20/2016)
Spear phishing was a reoccurring problem for Clinton and the department in 2011. In March 2011, the department warned of “a dramatic increase since January 2011 in attempts by”—[redacted]—“to compromise the private home email accounts of senior Department officials” using the spear phishing method. (US Department of State, 11/5/2015)
In June 2011, the department issued another warning for all employees not to use personal email accounts for work, due to more spear phishing attacks. (The Washington Post, 3/27/2016)
Between May and July 2011, Clinton got three emails that appear to have been spear phishing attacks. Despite this, Clinton continued to exclusively use a private email address for all her work and personal emails. (US Department of State, 10/30/2015) (US Department of State, 5/25/2016)
From around June 2013 until August 2015, Clinton’s private server containing her emails from her time as secretary of state was managed by Platte River Networks. But another company, Datto Inc., was making monthly back-up copies of all the server’s data in the Internet cloud. Datto has 600 employees and is valued at $1 billion, but two people tell the Daily Mail that the company is extremely incompetent.
Marc Tamarin, president of Virtual IT Consulting, was a Datto business partner from 2009 until early 2016. He says he frequently worked with Datto’s technical support, but “Those guys were really morons. They weren’t qualified to handle our back-up and that was the biggest concern for us. … If they’re inept at the basic principles of technology, how are they going to handle something advanced like security? Most companies like mine trust their vendor that they are doing due diligence. I’ve never heard anything this bad before in my life, the dataincompetence was shocking.”
An unnamed former employee, who spent three years at the company, has even more complaints. “If you’re talking about high-level data security, at the political, presidential level, the security level of data [at Datto] … was nowhere near something that could have been protected from a good hacker that knows how to spread out their points at which to infiltrate. It’s not something that Datto was focused on. It was more about getting the data off-site quickly and cost-effectively than securing the data and keeping it from being hacked. There’s no doubt in my mind that someone could easily hack them – even today.”
He calls Datto’s security “a joke.” He claims a potential hacker could walk in off the street and sit down at an unused computer and access all the company’s data. There were no security guards, the receptionists didn’t ask questions of strangers, there was no key card access or other security features, passwords were not regularly changed, and so on. People who said they had lost their security pass would be let in without questions. Unused computers were frequently left on and logged in to the network.
He says, “For years, any Datto employee, even low-level ones, could go in any customer’s device, see their backups, restore files, and delete files.” Oftentimes, Datto customers would find themselves logged into the data of another customer without even wanting to. Datto’s internal servers were hacked in 2010. However, complaints were swept under the rug and security was not improved. (The Daily Mail, 6/30/2016)
In July 2016, the FBI uncovers evidence that two state election databases may have been recently hacked, in Arizona and Illinois. Officials shut down the voter registration systems in both states in late July 2016, with the Illinois system staying shut down for ten days.
On August 15, 2016, Homeland Security Secretary Jeh Johnson heads a conference call with state election officials and offers his department’s help to make state voting systems more secure. In the call, he emphasizes that he is not aware of “specific or credible cybersecurity threats” to the November 2016 presidential election.
Three days later, the FBI Cyber Division issues a warning, titled “Targeting Activity Against State Board of Election Systems.” It reveals that the FBI is investigating hacking attempts on the Arizona and Illinois state election websites. The warning suggests the hackers could be foreigners and asks other states to look for signs that they have been targeted too. Out of the eight known IP addresses used in the attacks, one IP address was used in both attacks, strongly suggesting the attacks were linked.
An unnamed “person who works with state election officials calls the FBI’s warning “completely unprecedented. … There’s never been an alert like that before that we know of.” In the Arizona case, malicious software was introduced into its voter registration system, but apparently there was no successful stealing of data. However, in the Illinois case, the hackers downloaded personal data on up to 200,000 state voters.
It is not known who was behind the attacks. One theory is that the Russian government is responsible. A former lead agent in the FBI’s Cyber Division said the way the hack was done and the level of the FBI’s alert “more than likely means nation-state attackers.” Tom Kellermann, head of the cybersecurity company Strategic Cyber Ventures, believes Russian President Vladimir Putin is ultimately behind the attacks, and thinks it is connected to the hacking of the Democratic National Committee (DNC) and other recently targeted US political targets. Kellermann says of Putin, “I think he’s just unleashed the hounds.”
But another leading theory is that common criminals are trying to steal personal data on state voters for financial gain. Milan Patel, former chief technology officer of the FBI’s Cyber Division, says, “It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe.” But he adds, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.” Some cybersecurity experts note that hackers often target government databases for personal information they can sell.
So far, the motive and identity of the hackers remains uncertain. Rich Barger, chief intelligence officer for ThreatConnect, says that one of the IP addresses listed in the FBI alert previously surfaced in Russian criminal underground hacker forums. However, sometimes these groups work alone, and other times they work for or cooperate with the Russian government. Barger also claims the method of attack on one of the state election systems appears to resemble methods used in other suspected Russian state-sponsored cyberattacks. But cybersecurity consultant Matt Tait says that “no robust evidence as of yet” connects the hacks to the Russian government or any other government.
US officials are considering the possibility that some entity may be attempting to hack into voting systems to influence the tabulation of results in the November 2016 election. A particular worry is that all of six states and parts of four others use only electronic voting with no paper verification. Hackers could conceivably use intrusions into voter registration databases to delete names from voter registration lists. However, this is still considered only a remote possibility. But the FBI is warning states to improve their cybersecurity to reduce the chances this could happen.
News of these attacks and FBI alerts will be made public by Yahoo News on August 29, 2016. (Yahoo News, 8/29/2016) (Politico, 8/29/2016)
FBI Director James Comey gives a public speech in front of a group of reporters. The timing is surprising, since this brings an end to the FBI’s investigation of Clinton’s email practices, and just a Sunday and the Fourth of July holiday separate this from the FBI’s interview of Clinton on July 2, 2016. Comey spends most of his speech criticizing Clinton, but ends it by saying he will not recommend that the Justice Department pursue any indictment of Clinton or her aides.
Comey’s fifteen-minute speech includes the following information, in order, with key phrases bolded to assist in understanding.
Comey begins by describing the FBI investigation:
- The investigation started with a referral from Intelligence Community Inspector General Charles McCullough, and “focused on whether classified information was transmitted” on Clinton’s personal email server during her time as secretary of state. It specifically “looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.” The FBI “also investigated to determine whether there is evidence of computer intrusion in connection with the personal email server by any foreign power, or other hostile actors.”
- The FBI found that Clinton “used several different servers and administrators of those servers during her four years at the State Department, and used numerous mobile devices to view and send email on that personal domain. As new servers and equipment were employed, older servers were taken out of service, stored, and decommissioned in various ways…”
- The FBI analyzed the over 30,000 work emails that Clinton did turn over to the State Department in December 2014, working with other US government departments to determine which emails contained truly classified information at the time they were sent, and which ones were justifiably classified later.
From the group of 30,068 emails Clinton returned to the State Department, “110 emails in 52 email chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was ‘top secret’ at the time they were sent; 36 chains contained ‘secret’ information at the time; and eight contained ‘confidential’ information, which is the lowest level of classification. Separate from those, about 2,000 additional emails were ‘up-classified’ to make them ‘confidential’; the information in those had not been classified at the time the emails were sent.”
- It had previously been reported that the FBI had recovered most or all of the 31,830 emails that Clinton had deleted, allegedly because they contained personal information only. However, Comey reveals that was not the case, and thousands of emails were not recovered. He gives an example of how when one of Clinton’s servers was decommissioned in 2013, the email was removed and broken up into millions of fragments.
- The FBI “discovered several thousand work-related emails” that were not included in the 30,068 emails Clinton returned to the State Department, even though Clinton claimed under oath that she had returned all her work-related emails. The FBI found these after they “had been deleted over the years and we found traces of them on devices that supported or were connected to the private email domain.” Others were found in the archived government email accounts of other government employees whom Clinton frequently communicated with. Still others were found “from the laborious review of the millions of email fragments” of the server decommissioned in 2013.
- Out of these additional work emails, three were classified at the time they were sent or received – none at the ‘top secret’ level, one at the ‘secret’ level, and two at the ‘confidential’ level. None were found to have been deemed classified later.
- Furthermore, Comey claims “we found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them. Our assessment is that, like many email users, Secretary Clinton periodically deleted emails or emails were purged from the system when devices were changed. Because she was not using a government account—or even a commercial account like Gmail—there was no archiving at all of her emails, so it is not surprising that we discovered emails that were not on Secretary Clinton’s system in 2014, when she produced the 30,000 emails to the State Department.”
However, he also admits that “It could also be that some of the additional work-related emails we recovered were among those deleted as ‘personal’ by Secretary Clinton’s lawyers when they reviewed and sorted her emails for production in 2014.” He claims that the three lawyers who sorted the emails for Clinton in late 2014 (David Kendall, Cheryl Mills, and Heather Samuelson) “did not individually read the content of all of her emails…” Instead, they used keyword searches to determine which emails were work related, and it is “highly likely their search terms missed some work-related emails” that were later found by the FBI elsewhere.
- Comey states it is “likely” that some emails may have disappeared forever. because Clinton’s three lawyers “deleted all emails they did not return to State, and the lawyers cleaned their devices in such a way as to preclude complete forensic recovery.” But he says that after interviews and technical examination, “we believe our investigation has been sufficient to give us reasonable confidence there was no intentional misconduct in connection with that sorting effort.”
Comey then begins stating his findings:
- “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.”
- As an example, he points out that “seven email chains concern matters that were classified at the ‘Top Secret/Special Access Program’ [TP/SAP] level when they were sent and received. These chains involved Secretary Clinton both sending emails about those matters and receiving emails from others about the same matters. There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation.”
- He adds that it was a similar situation with emails classified at the “secret” level when they were sent, although he doesn’t specify how many.
- He comments, “None of these emails should have been on any kind of unclassified system, but their presence is especially concerning because all of these emails were housed on unclassified personal servers not even supported by full-time security staff, like those found at departments and agencies of the US government—or even with a commercial service like Gmail.”
- He notes that “only a very small number of the emails containing classified information bore markings indicating the presence of classified information. But even if information is not marked ‘classified’ in an email, participants who know or should know that the subject matter is classified are still obligated to protect it.”
- He then criticizes the State Department as a whole. The FBI found evidence that “the security culture” of the State Department “was generally lacking in the kind of care for classified information found elsewhere in the government.” This was especially true regarding the use of unclassified email systems.
- Then he addresses whether “hostile actors” were able to gain access to Clinton’s emails. Although no direct evidence of any successful hacking was found, he points out that “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.”
After laying out the evidence of what the FBI found, Comey moves to the FBI’s recommendation to the Justice Department. He admits that it is highly unusual to publicly reveal the FBI’s recommendation, but “in this case, given the importance of the matter, I think unusual transparency is in order.”
Then he comes to these conclusions:
- “Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.”
- To justify this decision, he claims he examined other cases involving the mishandling or removal of classified information, and “we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.”
- He then says, “To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now. As a result, although the Department of Justice makes final decisions on matters like this, we are expressing to Justice our view that no charges are appropriate in this case.”
- He concludes by saying the FBI’s investigation was done competently, honestly, and independently, and without any kind of outside influence.
He doesn’t address the possibility of recommending the indictment of any of Clinton’s aides or other figures like Sid Blumenthal or Justin Cooper. He also doesn’t make any mention of the Clinton Foundation, though there have been media reports the FBI has been investigating it as well. After finishing his speech, he leaves without taking any questions from the media. (Federal Bureau of Investigation, 7/5/2016)
In a July 5, 2016 public speech, FBI Director James Comey addresses the possibility that Clinton’s emails were accessed by outsiders. He says, “We did not find direct evidence that Secretary Clinton’s personal email domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.” (Federal Bureau of Investigation, 7/5/2016)
The next day, the New York Times reports that although Comey said there was no “direct evidence” Clinton’s email account had been successfully hacked, “both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”
The Times says that Comey’s comments were a “blistering” critique of Clinton’s “email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others.” However, “the central mystery — who got into the system, if anyone — may never be resolved.”
Adam Segal, a cybersecurity expert at the Council on Foreign Relations (CFR), says, “Reading between the lines and following Comey’s logic, it does sound as if the FBI believes a compromise of Clinton’s email is more likely than not. Sophisticated attackers would have known of the existence of the account, would have targeted it, and would not have been seen.”
Before Comey’s comments, Clinton and her spokespeople had said on numerous occasions that her server had never been hacked. In an October 2015 interview, President Obama came to a similar conclusion about her server: “I don’t think it posed a national security problem.”
The Times also comments that Comey’s “most surprising suggestion” may have been his comment that Clinton used her private email while in the territory of “sophisticated adversaries.” This is understood to mean China and Russia and possibly a few more countries.
Former government cybersecurity expert James Lewis says, “If she used it in Russia or China, they almost certainly picked it up.” (The New York Times, 7/6/2016)
Cybersecurity consultant Morgan Wright says the most likely suspects are Russia, China and Israel, “in that order.”
Ben Johnson, a former National Security Agency official and security strategist, says “Certainly foreign military and intelligence services” would have targeted Clinton’s emails. “They’re going to have a lot of means and motives to do this.” He also says it wasn’t just likely countries such as China and Russia, but “any country that’s looking to potentially have adversarial relations with us or just [desires] more relations with us.” He specifically cites Middle East countries specifically as having a likely motive. (Politico, 7/5/2016)
In a Congressional hearing, Comey says, “The challenge of security is not binary, it’s just degrees of security. [Clinton’s private server] was less secure than one at the State Department, or as I said, even one at a private commercial provider like a Gmail.” (CNN, 7/7/2016)
Representative Rod Blum (R) asks, “Director Comey, are you implying in [your comments] that the private email servers of Secretary Clinton’s were perhaps less secure than a Gmail account that is used for free by a billion people around this planet?”
Comey replies, “Yes. And I’m not looking to pick on Gmail. Their security is actually pretty good; the weakness is individual users. But, yes, Gmail has full-time security staff and thinks about patching, and logging, and protecting their systems in a way that was not the case here.”
Blum also comments, “I know some security experts in the industry. I check with them. The going rate to hack into somebody’s Gmail account, $129. For corporate emails, they can be hacked for $500 or less. If you want to hack into an IP address, it’s around $100. I’m sure the FBI can probably do it cheaper. This is the going rate.” (CNN, 7/7/2016)
The Washington Post reports that “Intelligence officials, who spoke on the condition of anonymity to discuss an issue under investigation, said there is little doubt that agents of the Russian government hacked the Democratic National Committee [DNC], and the White House was informed months ago of [Russia’s] culpability.” However, days after WikiLeaks posted almost 20,000 DNC emails, the Post adds, “The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.”
One unnamed US official says, “We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none.”
Former NSA Director Keith Alexander says, “Determining with confidence who was behind it — if the Russians were the hackers, seeing them pass that data to WikiLeaks — is probably much more difficult than attributing it to the initial hacker. That’s a tough one — especially because there are different ways of passing that information, not all electronic.”
Furthermore, even if Russia is behind the leaks to WikiLeaks, the motivation is unclear. A key question is if Russia is attempting to influence the November 2016 US presidential election. Michael Hayden, former director of both the NSA and the CIA, states, “Frankly, I don’t think they’re motivated by thinking they can affect the election itself.” He thinks the Russians may be flexing their muscles “to demonstrate that they can — not necessarily to make [Donald] Trump win or Hillary [Clinton] lose.”
Leo Taddeo, a former FBI agent who worked with cybersecurity operations, says, “This is not [Russian leader Vladimir] Putin trying to help Trump. I think they were messaging Hillary Clinton, telling her that they can get in the way of her election if she doesn’t show some flexibility in her position toward them.”
Representative Adam Schiff (D) believes that if Russia is ultimately responsible, the Obama administration “should make it known publicly and forcefully. Even if they’re not able to lay out the evidence because it would disclose sources and methods, they should make the attribution.” (The Washington Post, 7/27/2016)
Representative Lamar Smith (R), chair of the Committee on Science, Space and Technology, issues subpoenas for Platte River Networks, which managed Clinton’s server from May 2013 until August 2015; Datto, Inc., which made back-up copies of the server; and SECNAP, which carried out threat monitoring of the network connected to Clinton’s server. Smith wants documents from the companies by September 9, 2016, after they declined to voluntarily produce them. Congressional committees requested information since August and November 2015, to no avail. The companies had been threatened with subpoenas on July 12, 2016.
Smith comments, “Companies providing services to Secretary Hillary Clinton’s private email account and server are not above the law.” He claims the information he is seeking is “critical to… informing policy changes in how to prevent similar email arrangements in the future.”
Smith is working with Senator Ron Johnson (R), chair of the Senate Homeland Security and Governmental Affairs Committee. They are looking for information about breaches or potential breaches, and documents that detail the scope of the work of each company. (The Washington Post, 8/22/2016)
Since late 2014, when Clinton and her lawyers deleted over 31,000 of Clinton’s emails from when she was secretary of state, it has been unclear if the emails were simply deleted or “wiped,” meaning deliberate steps were taken to make sure they couldn’t be recovered later.
In an interview, Representative Trey Gowdy (R) says that, “[Clinton] and her lawyers [Cheryl Mills, David Kendall, and Heather Samuelson] had those emails deleted. And they didn’t just push the delete button; they had them deleted where even God can’t read them. They were using something called BleachBit. You don’t use BleachBit for yoga emails or bridemaids emails. When you’re using BleachBit, it is something you really do not want the world to see.”
BleachBit is computer software whose website advertises that it can “prevent recovery” of files. Politico notes that if Gowdy is correct, this would be “further proof that Clinton had something to hide in deleting personal emails from the private email system she used during her tenure as secretary of state.” It is not explained how Gowdy might know this, but his comments come only a few days after the FBI gave raw materials about their Clinton email investigation to Congress. (Politico, 8/25/2016)
Gowdy’s claim contradicts what FBI Director James Comey said on July 5, 2016 when he announced that he would not recommend charging Clinton with any crime. At that time, Comey stated, “we found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them. Our assessment is that, like many email users, Secretary Clinton periodically deleted emails or emails were purged from the system when devices were changed.” (Federal Bureau of Investigation, 7/5/2016)
Within hours of Gowdy’s comments, BleachBit updates their website to say: “Last year when Clinton was asked about wiping her email server, she joked, ‘Like with a cloth or something?’ It turns out now that BleachBit was that cloth, according to remarks by Gowdy.” The website also notes, “As of the time of writing BleachBit has not been served a warrant or subpoena in relation to the investigation. … The cleaning process [of our program] is not reversible.” (BleachBit, 8/25/2016)
On September 2, 2016, the FBI’s final report on their Clinton email investigation will be released, and it will be revealed that BleachBit was used on Clinton’s server in late March 2015. (Federal Bureau of Investigation, 9/2/2016)
Russian President Vladimir Putin says in an interview about accusations of Russian government in the hacking of Democratic National Committee (DNC) emails: “Listen, does it even matter who hacked this data? The important thing is the content that was given to the public …. There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it. … But I want to tell you again, I don’t know anything about it, and on a state level Russia has never done this.”
However, an internal probe conducted by CrowdStrike Inc. traced the source of the hack to two Russian hacking groups connected with Russian intelligence, “Cozy Bear” and “Fancy Bear.”
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, claims that Russia has engaged in state hacking in the past and that Putin’s denials are “not credible.”
Putin continues: “You know how many hackers there are today? They act so delicately and precisely that they can leave their mark — or even the mark of others — at the necessary time and place, camouflaging their activities as that of other hackers from other territories or countries. It’s an extremely difficult thing to check, if it’s even possible to check. At any rate, we definitely don’t do this at a state level.” (Bloomberg News, 9/1/2016)