December 22, 2015: Clinton’s private server was once infected by a computer virus.

When Bryan Pagliano, who managed Clinton’s private server, is interviewed by the FBI on this day, he will mentioned that he recalled finding “a virus” on her server at some point. But according to the FBI, he “could provide no additional details, other than it was nothing of great concern. FBI examination of the [server] and available server backups did not reveal any indications of malware.” (Federal Bureau of Investigation, 9/2/2016)

January 21, 2016: Former Defense Secretary Robert Gates believes foreign countries hacked into Clinton’s private email server.

Secretary of Defense Robert Gates (Credit: ABC News)

Secretary of Defense Robert Gates (Credit: ABC News)

He says in an interview, “Given the fact that the Pentagon acknowledges that they get attacked about 100,000 times a day, I think the odds are pretty high.” Russia, China, and Iran are suggested as countries that would have targeted her server. Gates was defense secretary from 2006 to 2011, under Presidents Bush and Obama. In 2015, Gates praised Clinton, saying, “She was a good secretary of state.” (The Hill, 1/21/2016)

January 21, 2016: Former US Attorney General Michael Mukasey writes an editorial entitled “Clinton’s Emails: A Criminal Charge Is Justified.”

Attorney General Michael Mukasey (Credit: Charles Dharapak / The Associated Press)

Attorney General Michael Mukasey (Credit: Charles Dharapak / The Associated Press)

Writing in the Wall Street Journal, Mukasey argues that “intelligence community investigators believe it is nearly certain that Mrs. Clinton’s server was hacked, possibly by the Chinese or the Russians… [F]rom her direction that classification rules be disregarded, to the presence on her personal email server of information at the highest level of classification, to her repeated falsehoods of a sort that juries are told every day may be treated as evidence of guilty knowledge—it is nearly impossible to draw any conclusion other than that she knew enough to support a conviction at the least for mishandling classified information.” (The Wall Street Journal, 1/21/2016)

January 28, 2016: Clinton’s email scandal could be linked to Clinton Foundation corruption.

John Schindler, a former National Security Agency (NSA) analyst and counterintelligence officer, writes, “Why Ms. Clinton and her staff refused to use State Department email for official business is an open and important question. Suspicion inevitably falls on widespread allegations of pay-for-play, a corrupt scheme whereby foreign entities gave cash to the Clinton Global Initiative in exchange for Ms. Clinton’s favors at Foggy Bottom [State Department headquarters]. […] Regardless of whether Ms. Clinton was engaged in political corruption, she unquestionably cast aside security as secretary of state.” The Clinton Global Initiative is one of the Clinton Foundation’s major projects. (The New York Observer, 1/28/2016)

January 28, 2016: Clinton’s top aides could be in greater legal jeopardy than Clinton.

Bradley Moss (Credit: Twitter)

Bradley Moss (Credit: Twitter)

Bradley Moss, a lawyer who specializes in national security and protection of classified information, speculates about who will be targeted by the FBI’s investigation into Clinton’s emails and server.

He suggests Clinton is less in danger that her aides, since most of the retroactively classified emails were written by her aides. “It’d be a lot harder to make a criminal charge for having received [classified] information. If I’m in Clinton’s campaign, I’m more worried if am Cheryl Mills, Huma Abedin, or Jake Sullivan than if I’m Hillary Clinton. […] The sloppiness and the complete fundamental failure to comply with any aspect of operational and informational security is what puts them at risk. You just can’t do that that many times and not expect to find yourself in trouble.” (The Hill, 1/28/2016)

January 28, 2016: It is claimed that Russian intelligence must have gotten the contents of Clinton’s emails.

This is according to an unnamed former high-ranking Russian intelligence officer. This officer says, “Of course the SVR got it all.” (The SVR, Sluzhba Vneshney Razvedki, is the successor intelligence agency to the KGB.) He adds, “I don’t know if we’re as good as we were in my time, but even half-drunk, the SVR could get those emails. They probably couldn’t believe how easy Hillary made it for them.” (The New York Observer, 1/28/2016)

January 30, 2016: Former US Attorney General Michael Mukasey explains how classified information is kept separate.

This photo of a secret government facility shows how information of different classification levels reside on different systems on different computers, to prevent cross over. (Credit: Director of National Intelligence and Special Security Office)

This photo of a secret government facility shows how information of different classification levels reside on different systems on different computers, to prevent cross over. (Credit: Director of National Intelligence and Special Security Office)

Mukasey is asked if classified markings on Clinton’s “top secret” emails would have been removed before being emailed to Clinton. He replies, “Well, the documents originated someplace. They didn’t drop in from Mars. The person who originated them necessarily put classified markings on them… Now how did the markings get off? […] [There] is very particular language relating to the fact that there are three communication systems within the government. Non-secure, SIPR [Secret Internet Protocol Router Network or SIPRNet] or secure, and the highest, which is JWICS [Joint Worldwide Intelligence Communications System]. The information from SIPR and from JWICS cannot move on the low end system, and if you put anything on there that’s got those markings on it, it essentially sets off an alarm that alerts people involved with security.”

He concludes, “[I]f she has signals intelligence or information from a human source that is obviously confidential and secret and relates to intelligence activities of the United States abroad, she’d have to have been a low grade moron in order to not know that it’s classified.” (CNN, 1/30/2016)

February 18, 2016 and May 3, 2016: A Platte River Networks employee is interviewed twice by the FBI and gives contradictory answers.

Paul Combetta (Credit: public domain)

Paul Combetta (Credit: public domain)

Platte River Networks (PRN) is the computer company managing Clinton’s private server from June 2013 until at least October 2015, and PRN employee Paul Combetta played a pivotal role in the deletion of Clinton’s emails from her server.

On February 18, 2016, Combetta is interviewed by the FBI for the first time. He says that between March 25 and 31, 2015, he realized he failed to change the email retention policy on Clinton’s email account on her server, as Clinton’s lawyer (and former chief of staff) Cheryl Mills told him to do in December 2014. This would result in the deletion of some of her emails after 60 days. However, he claims that despite this realization, he still didn’t take any action. Additionally, on March 9, 2015, Mills sent him and other PRN employees an email which mentioned that the House Benghazi Committee had made a formal request to preserve Clinton’s emails. Combetta tells the FBI that he didn’t recall seeing the preservation request referenced in the email.

On May 3, 2016, Combetta has a follow-up FBI interview, and his answers on key issues completely contradict what he said before. This time, he says that when he realized between March 25 and 31, 2015 that he forgot to change the email retention policy on Clinton’s email account, he had an “oh shit!” moment. Then, instead of finally changing the policy settings, he entirely deleted Clinton’s email mailbox from the server,  and used the BleachBit computer program to effectively wipe the data to make sure it could never be recovered. He also deleted a Datto back-up of the data. And he did all this without consulting anyone in PRN or working for Clinton. Furthermore, he admits that he was aware of the mention in the March 9, 2015 email from Mills mentioning the Congressional request to preserve Clinton’s emails.

A September 2016 FBI report will simply note these contradictions. There will be no explanation why Combetta was not indicted for lying to the FBI, obstruction of justice, and other possible charges. There also will be no explanation why his answers changed so much in his second FBI interview, such as him possibly being presented with new evidence that contradicted what he’d said before. (Federal Bureau of Investigation, 9/2/2016)

March 3, 2016: The FBI has the computer security logs from Clinton’s private email server, and they allegedly show no evidence of foreign hacking.

Morgan Wright (Credit: Gov Tech)

Morgan Wright (Credit: Gov Tech)

The logs were given to the FBI by Bryan Pagliano, a Clinton aide who is cooperating with the FBI and who managed Clinton’s server during the time she was secretary of state. However, sophisticated hacking attempts sometimes leave no evidence in the security logs. (The New York Times, 3/3/2016) 

Additionally, cybersecurity expert Morgan Wright will later suggest the server may not have had an adequate detection system. “If you have a bank and you have one video camera when you need 20, then you missed it. If they weren’t capturing all the activity, their security logs may say they didn’t see anything.” (Fox News, 5/7/2016) 

In May 2016, it will emerge that there were hacking attempts on the server during the time Pagliano was managing it, for instance in January 2011. It’s not clear why these attacks didn’t appear on the server logs or why previous media reports of the logs were incorrect. (US Department of State, 5/25/2016) 

Also, it appears there were hacking attempts on the server after June 2013, when Pagliano was no longer involved, but when all of Clinton’s emails were still on the server. (The Associated Press, 10/7/2015)

April 2016: Hacking attacks on the DNC and the Clinton campaign are first discovered.

On June 14, 2016, McClatchy Newspapers will report that a hacking attack on the DNC [Democratic National Committee] is discovered “in late April 2016, after staffers noticed unusual activity on the DNC’s computer network.” (McClatchy Newspapers, 6/14/2016) 

On June 21, 2016, Bloomberg News will report, “The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.” (Bloomberg News, 6/21/2016)

In late July 2016, it will be reported that the FBI warned the Clinton campaign in March 2016 that it was the target of hacking attempts, but the campaign refused to help the FBI stop them.

April 4, 2016: Questions remain about Clinton’s server.

The Hill notes there are many lingering questions about Clinton’s email scandal, including a lack of information about the security of Clinton’s server. “Clinton’s camp has refused to outline precisely which digital protections she used to safeguard the information on her private server.” Other questions include what laws might have been broken, who other than Clinton might be in trouble, and if Clinton’s over 31,000 deleted emails were ever recovered. (The Hill, 3/4/2016)

May 2, 2016: The State Department changes its policy on when foreign intelligence should be considered classified.

State Department legislative liaison Julia Frifield sends a letter to the Senate indicating an apparent change in what information the State Department considers properly classified. The vast majority of redactions in Clinton’s emails are for foreign government information, to which Frifield refers as “FGI.”

Frifield writes, “Although the unauthorized release of FGI is presumed to cause harm to the national security—thereby qualifying as Confidential [level] classified information, department officials of necessity routinely receive such information through unclassified channels. For example, diplomats engage in meetings with counterparts in open settings, have phone calls with foreign contacts over unsecure lines, and email with and about foreign counterparts via unclassified systems. Diplomats could not conduct diplomacy if doing so violated the law.” As a result, not all such information should automatically be considered classified.

However, regulations in effect when Clinton was secretary of state called for FGI to be marked “confidential” unless it was designated “C/MOD” (for “confidential/modified handling”). But none of Clinton’s emails appear to have been given that designation. (Politico, 5/12/2016)

May 4, 2016: Guccifer tells Fox News he accessed Clinton’s private server in 2013.

Guccifer (left) talks to Fox News reporter Catherine Herridge (right). (Credit: Fox News)

Guccifer (left) talks to Fox News reporter Catherine Herridge (right). (Credit: Fox News)

The Romanian hacker nicknamed Guccifer, whose real name is Marcel-Lehel Lazar, has been recently interviewed by Fox News. He claims for the first time that after breaking into the email account of Clinton confidant Sid Blumenthal in March 2013, he traced Clinton’s emails back to her private email server.

He tells Fox News, “For me, it was easy […] easy for me, for everybody.” He says he accessed her server “like twice.” He adds, “For example, when Sidney Blumenthal got an email, I checked the email pattern from Hillary Clinton, from Colin Powell, from anyone else to find out the originating IP [Internet Protocol address]. […] When they send a letter, the email header is the originating IP usually…then I scanned with an IP scanner.”

He said he then used some Internet programs to determine if the server was active and which ports were open. However, the server’s contents did “not interest” him at the time. “I was not paying attention. For me, it was not like the Hillary Clinton server, it was like an email server she and others were using with political voting stuff.”

If he breached the server, it appears he didn’t fully understand what he was seeing, and he has not claimed to have uncovered more of Clinton’s emails. He is interviewed from a US prison and has no documents to back up his claim. However, Fox News reports, “While [his] claims cannot be independently verified, three computer security specialists, including two former senior intelligence officials, said the process described is plausible and the Clinton server, now in FBI custody, may have an electronic record that would confirm or disprove Guccifer’s claims.”

Cybersecurity expert Morgan Wright comments, “The Blumenthal account gave him a road map to get to the Clinton server. […] You get a foothold in one system. You get intelligence from that system, and then you start to move.”

Guccifer claims he wants to cooperate with the US government, adding that he has hidden two gigabytes of data that is “too hot” and is “a matter of national security.”

The Clinton campaign responds, “There is absolutely no basis to believe the claims made by this criminal from his prison cell. In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton’s server are inaccurate.” (Fox News, 5/4/2016) 

Politico reports, “An internal FBI review of Clinton’s email records did not indicate traces of hacking” according to “a source familiar with the situation.” (Politico, 5/4/2016)

An FBI report in September 2016 will assert that Guccifer admitted in his FBI interview that he lied about his claim to have accessed Clinton’s server.

May 4, 2016: Guccifer also tells NBC News he accessed Clinton’s private server in 2013.

Guccifer (left) being interviewed by Cynthia McFadden (right) inside a Romanian prison complex. (Credit: NBC News)

Guccifer (left) being interviewed by Cynthia McFadden (right) inside a Romanian prison complex. (Credit: NBC News)

Hours after Fox News reports on recently interviewing Romanian hacker Guccifer, NBC News reports on their recent interview with Guccifer. Like the Fox News interview, the main story is that Guccifer claims to have gained access to Clinton’s private email server. He tells NBC News, “It was like an open orchid on the Internet. […] There were hundreds of folders.” He also calls her server “completely unsecured.”

An unnamed source with knowledge of the FBI’s Clinton investigation claims “that with Guccifer in US custody, investigators fully intend to question him about her server.”

While Fox News recently interviewed him in a US prison, NBC News interviewed him from a prison in Bucharest, Romania, where he was until he was extradited to the US in late March 2016. (NBC News, 5/4/2016)

LawNewz notes the timing, and asks, “Why would a major news network sit on such an explosive allegation—especially when the claim directly relates to a presidential candidate and the biggest story the 2016 presidential election cycle?” NBC News has not commented. (LawNewz, 5/4/2016)

An FBI report in September 2016 will assert that Guccifer admitted in his FBI interview that he lied about his claim to have accessed Clinton’s server.

May 5, 2016: The State Department may postpone releasing documents about Clinton’s email security procedures until after the November 2016 presidential election.

Jason Koebler (Credit: Vice News)

Jason Koebler (Credit: Vice News)

In March 2015, shortly after Clinton’s exclusive use of a private email and server was first publicly revealed, Vice News filed a Freedom of Information Act (FOIA) request with the State Department for all “communications, presentations, and procedures created by the State Department to secure Hillary Clinton’s email from electronic threats.” In 2015, the Department began releasing some relevant emails, but no other relevant documents have been released.

After two delays, on this day, Vice News is told by the Department that the “estimated completion date” for the FOIA request has been “extended to December 2016.”

Vice News reporter Jason Koebler comments, “The FOIA process is a notorious mess, but it is patently ridiculous that records pertaining to the security practices of someone who stands a very good chance of running the country—and thus being in possession of highly sensitive documents at all times—won’t be made available to the public a year and a half after they were requested.” (Vice News, 5/5/2016)

May 5, 2016: CNN alleges the FBI has not proven that Clinton “willfully” broke the law; the investigation could conclude within weeks.

CNN reports, “The investigation is still ongoing, but so far investigators haven’t found evidence to prove that Clinton willfully violated the law the US officials say.” However, nothing has been said about crimes that did not involve willful violation of the law, such as gross negligence, or unsecure possession of classified material.

Unnamed officials also claim that “The probe remains focused on the security of the server and the handling of classified information and hasn’t expanded to other matters.”

Furthermore, “FBI officials overseeing the probe now expect to complete their work in the next few weeks and then turn over the findings to the Justice Department, which will make a final decision on whether to bring charges against anyone.” (CNN, 5/5/2016)

May 18, 2016: Director of National Intelligence James Clapper warns Clinton and Trump their campaign networks are being hacked.

Director of National Intelligence James Clapper (Credit: ABC News)

Director of National Intelligence James Clapper (Credit: ABC News)

Clapper publicly comments, “We’ve already had some indications” of hacking on the computer networks of the two frontrunners in the presidential race. He warns, “We’ll probably have more.” He suggests the hackers could be working for foreign governments.

V. Miller Newton, who advises federal agencies on data security, says foreign spying on campaign sites is inevitable. “These campaigns are not working on encrypted platforms. It’s a matter of when, and how serious of an impact it is going to have on this election.” (The Associated Press, 5/18/2016

It will later emerge that a hacking attack on the DNC [Democratic National Committee] was already discovered, in late April 2016, after staffers noticed unusual activity on the DNC’s computer network. (McClatchy Newspapers, 6/14/2016)

May 25, 2016: Guccifer pleads guilty as part of an apparent deal to cooperate with US investigators.

Judge James Cacheris (Credit: public domain)

Judge James Cacheris (Credit: public domain)

The Romanian hacker nicknamed Guccifer pleads guilty in a US court to charges of identity theft and unauthorized access to protected computers. At a plea hearing before US District Court Judge James Cacheris in Alexandria, VA, he admits that he broke into email and social media accounts of about 100 US citizens between 2012 and 2014.

Guccifer is best known for breaking into the email account of Clinton confidant Sid Blumenthal in March 2013 and thus publicly revealing Clinton’s private email address. He could face up to seven years in prison in the US, on top of the seven years he is already serving in Romania.

He is due to be sentenced on September 1, 2016. However, it is alleged that his guilty plea is part of a deal to cooperate with the US government, possibly including the FBI’s Clinton investigation. It has been reported that he will cooperate with the government in other investigations and be “reasonably available for debriefing and pre-trial conferences as the US may require.” He also has agreed to turn over any documents or other materials “that may be relevant to investigations or inquires.” (LawNewz, 5/25/2016)

May 25, 2016: The State Department’s top two security officials say they would never have approved Clinton’s exclusive use of a personal email account.

Left: Gregory Starr Right: Steven C. Taylor (Credit: public domain)

Left: Gregory Starr Right: Steven C. Taylor (Credit: public domain)

A new State Department inspector general report determines that department rules required Clinton to get official approval to conduct official business using a personal email account on her private server, but she did not do so. 

In the words of the report, Steven C. Taylor, current head of Information Resources Management (IRM) and Gregory Starr, current head of Diplomatic Security (DS), jointly claim that Clinton “had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs. However, according to these officials, DS and IRM did not—and would not—approve her exclusive reliance on a personal email account to conduct department business, because of the restrictions in the FAM [Foreign Affairs Manual] and the security risks in doing so.” (US Department of State, 5/25/2016)

May 26, 2016: In an FBI interview, Guccifer says he lied about getting into Clinton’s private server.

Cynthia McFadden interviews Guccifer in Romania on May 4, 2016. (Credit: NBC News)

Cynthia McFadden interviews Guccifer in Romania in April 2016. (Credit: NBC News)

Guccifer, whose real name Marcel-Lehel Lazar, is interviewed by the FBI as part of the FBI’s Clinton email investigation. He appears to have spoken to the FBI previously, but these may have been about other matters, since he hacked dozens of US citizens.

Around the end of April 2016, Guccifer had high-profile interviews with Fox News and NBC News. It was already known that he broke into the email account of Clinton confidant Sid Blumenthal in March 2013 and learned Clinton’s private email address. In both media interviews, Guccifer claimed that he then gained access to Clinton’s private server. But the FBI will later say that Guccifer admitted in his FBI interview that he lied about this.

Additionally, “FBI forensic analysis of the Clinton server during the timeframe [Guccifer] claimed to have compromised the server did not identify evidence that [he] hacked the server.” (Federal Bureau of Investigation, 9/2/2016)

May 31, 2016: A former State Department inspector general says he would not have allowed Clinton’s use of a private server.

Howard Krongard (Credit: Fox News)

Howard Krongard (Credit: Fox News)

Howard Krongard, who was the State Department’s inspector general from 2005 to 2008, says he “would have been stunned had I been asked to send an email to [Clinton] at a personal server, private address. I would have declined to do so on security grounds and if she had sent one to me, I probably would have started an investigation.”

Krongard also suggests that Clinton benefited from the lack of a permanent inspector general for the entire duration of her tenure as secretary of state. “They are the people who enforce the rules, and there was no one enforcing the rules during that time.” (Fox News, 5/31/2016)

Before June 14, 2016: US officials allegedly warn the Trump, Sanders, and Clinton campaigns that sophisticated hackers are attempting to breach their computers.

A June 21, 2016 Bloomberg News article claims the warnings came before the hack on the DNC [Democratic National Committee] was made public on June 14, 2016. However, it’s unclear when the warnings happened exactly. This is according to one unnamed “person familiar with the government investigation into the attacks.”

But the Trump campaign won’t respond to questions about the warnings, and Sanders spokesperson Michael Briggs says he isn’t aware of the warnings.

Bloomberg News will comment, “Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.” (Bloomberg New, 6/21/2016

It has been reported that the Clinton campaign and related organizations have been attacked by hackers, but there have been no confirmed attacks on the Trump or Sanders campaigns. (Bloomberg News, 6/17/2016)

June 14, 2016: Hackers allegedly linked to the Russian government broke into the DNC’s files.

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.

One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.

The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016

Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016) 

Clinton was targeted by spear phishing at least three times, twice in May 2011, and once in July 2011. It is unknown if any of those attacks succeeded. (US Department of State, 10/30/2015) (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)

June 14, 2016: Clinton claims to have just learned about the DNC network breach, and inaccurately claims her campaign has not been similarly targeted.

In an interview, Clinton is asked about a news report from earlier in the day that hackers allegedly linked to the Russian government breached the computer network of the DNC [Democratic National Committee]. She is asked the general question, “What can you tell us about that incident? How worrisome is it?”

She replies, “I only learned about it when it was made public. And it is troubling, just as all cyber-attacks against our businesses and our institutions, our government are. The Russians—and according to the reporting—who did this hacking were most likely in the employment of the Russian government.”

She also comments without being prompted, “So far as we know, my campaign has not been hacked into and we’re obviously looking hard at that.” (The Hill, 6/14/2016)

But two days later, Forbes reports that a security company hired by the Clinton campaign has determined many of her campaign staffers have been targeted by hackers in recent months, and there are indications some of their email accounts could have been breached. (Forbes, 6/16/2016)

June 15, 2016: A hacker nicknamed Guccifer 2.0 posts files showing they were behind the DNC hack.

(Credit: public domain)

(Credit: public domain)

One day after the Washington Post reported that alleged Russian hackers broke into the DNC’s [Democratic National Committee] computer network, a man using the nickname “Guccifer 2.0” creates a new website on the Internet showing that person got the DNC files. Guccifer 2.0 likely has no connection to Guccifer, who is now in a US prison, but seems inspired to take the name due to Guccifer’s earlier hacking notoriety.

He posts a 200-page opposition research file on Republican presumptive presidential nominee Donald Trump dating from December 2015, as well as other computer files from the DNC. The files include a sample of donor information, contradicting the DNC’s claim from the day before that no financial information had been stolen.

Guccifer 2.0 also claims to have given “thousands of files and mails” to WikiLeaks. This comes several days after WikiLeaks head Julian Assange promised to post more of Clinton’s emails soon. The security firm CrowdStrike was hired to investigate the DNC hack, and they claimed to be confident that it was a sophisticated operation done by two hacking groups with ties to the Russian government.

However, Guccifer 2.0 claims to be working independently, and says of CrowdStrike, “I’m very pleased the company appreciated my skills so highly. But in fact, it was easy, very easy.”

However, CrowdStrike stands by their original claim and suggests the new website could be “part of a Russian intelligence disinformation campaign.” (Wired, 6/15/2016) (Vice News, 6/15/2016) 

NBC News reports that “several Democratic sources familiar with the party’s opposition research efforts said they believed opposition research book to be authentic. It also includes links to data stored on internal DNC servers, which would not accessible to people outside the committee.” (NBC News, 6/15/2016)

June 16, 2016: Recent alleged Russian hacking attacks appear to have focused on Clinton and the DNC and not other presidential campaigns.

SecureWorks Logo (Credit: SecureWorks)

SecureWorks Logo (Credit: SecureWorks)

SecureWorks is a cybersecurity company that apparently has been hired to investigate recent leaks targeting US government officials, departments, and related entities. Focusing on the hacking group known as Fancy Bear (or APT 28), they conclude with “moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.” They also conclude that the group targeted Clinton’s presidential campaign and the DNC [Democratic National Committee].

However, SecureWorks have not observed Fancy Bear “[target] the US Republican party or the other US presidential candidates whose campaigns were active between mid-March and mid-May [2016]: Donald Trump, Bernie Sanders, Ted Cruz, Marco Rubio, and John Kasich.” But they point out the other campaigns could have been targeted by other means not noticed by them. (SecureWorks, 6/16/2016)

June 16, 2016: Various clues suggest that “Guccifer 2.0” could be a front for Russian hacking efforts.

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

On June 15, 2016, someone going by the name “Guccifer 2.0” claimed to be the “lone hacker” behind the breach of the DNC [Democratic National Committee] computer network reported in the media the day before.

However, various clues support the assertion by security experts hired by the DNC that the hacking effort is connected to the Russian government or at least originates from Russia:

  • The metadata of one file sent by Guccifer 2.0 to Gawker contains metadata indicating the last person to change the file used the nickname for Felix Dzerzhinsky (Феликс Эдмундович), a long-dead Russian statesman best known for founding the Soviet secret police.
  • The nickname is written in the Cyrillic alphabet, which means Guccifer 2.0’s computer was configured to use the Russian language and was connected to a Russian-language keyboard.
  • Another file contains some broken web links. The error message is also written in Russian, using the Cyrillic alphabet.
  • A blog post written by Guccifer 2.0 uses “)))” to indicate a smiley face. This is common in Eastern Europe and Russia but very uncommon elsewhere, due to differences with the Russian-language keyboard. (Ars Technica, 6/16/2016)
  • Other metadata indicates the person who saved the files used a cracked version of Office 2007, which is popular in Russia.
  • Vice News reports that Guccifer 2.0 had no online history prior to June 15, and “multiple security sources said they’d never heard of nor seen anyone by that alias” before that date. (Vice News, 6/16/2016)
  • Dave Aitel, CEO of Immunity Security, comments, “You don’t have the FBI or DHS [Department of Homeland Security] coming out and saying: ‘Hey we don’t think it’s Russia.’ If it is Russia, a nation state, it’s a pretty big deal. Otherwise the FBI would say: ‘We’re conducting an investigation.’ But they’re not saying that.”

Ars Technica comments, “Of course, it’s still possible that the Russian fingerprints were left intentionally by someone who has no connection to Russia, or by a Russian-speaking person with no connection to the Russian government, or any number of other scenarios.” (Ars Technica, 6/16/2016)

June 17, 2016: Some cybersecurity experts doubt the Russian government is behind recent hacking attacks.

Nathaniel Gleicher (Credit: Carmen Holt)

Nathaniel Gleicher (Credit: Carmen Holt)

Time Magazine notes that although CrowdStrike, the cybersecurity firm hired by the DNC [Democratic National Committee] to stop the hacking of their computer network, claims the Russian government is behind the attacks, other security experts are skeptical. Someone calling themselves “Guccifer 2.0” has posted some files that appear to come from the DNC hack, and that person claims to be a “lone hacker.”

CrowdStrike asserts this is just an effort to sow confusion about Russian involvement, but some experts doubt that as well.

Nathaniel Gleicher, the former director for cybersecurity policy on the NSC [National Security Council], says, “Attribution is incredibly difficult—I wouldn’t say impossible, but it’s very difficult.”

Reg Harnish, the CEO of the cybersecurity company GreyCastle Security, says the final answer may still be unknown, with political intrigues complicating the picture. “I’ve been personally involved in hundreds of these investigations, and you just don’t end up in the same place where you began. […] I think there’s a lot of misinformation out there right now.”

Scott Borg, the head of the US Cyber Consequences Unit, echoed the skepticism. “Our best guess is that the second (and apparently less skillful) of the two intruders was not Russian intelligence. We are also uncertain about the first group.”

So far, the FBI has not made any comment. (Time, 6/17/2016)

June 18, 2016: Guccifer 2.0 publishes more of the DNC’s financial documents.

A sample of the data released by Guccifer 2.0, revealing personal information of DNC donors. (Credit: Guccifer 2.0)

A sample of the data released by Guccifer 2.0, revealing personal information of DNC donors. (Credit: Guccifer 2.0)

Two days after emerging to post some DNC [Democratic National Committee] documents on the Internet, the hacker known by the nickname Guccifer 2.0 publishes some more.

This person comments on their new website, “It appears there are a lot of financial reports, donors lists, and their detailed personal information, including e-mail addresses and private cell phone numbers…I got tons of files and docs.” This person also promises to post more soon.

Business Insider notes: “The Washington Post’s initial report stated that the hacker’s avoidance of donor information indicates that the breach was likely the work of ‘traditional espionage,’ but the new information posted by Guccifer 2.0, if legitimate, seems to discredit that line of thinking.”

The DNC has not confirmed that the documents are genuine, but has not denied it either. It is unknown who Guccifer 2.0 is, but security experts hired by the DNC assert the Russian government is behind the leaks. (Business Insider, 6/18/2016)

June 20, 2016: Two more cybersecurity companies support CrowdStrike’s conclusion that the Russian government was behind the recent hack of the DNC computer network.

Michael Buratowski (Credit: FidelisCybersecurity)

Michael Buratowski (Credit: FidelisCybersecurity)

The companies are Fidelis Cybersecurity and Mandiant. They base their analysis on five malware samples used in the hacking attack. Fidelis executive Michael Buratowski says, “Based on our comparative analysis, we agree with CrowdStrike and believe that the Cozy Bear and Fancy Bear…groups were involved in successful intrusions at the DNC [Democratic National Committee] . […] The malware samples matched the description, form and function that was described in the CrowdStrike blog post. In addition, they were similar and at times identical to malware that other [research firms] have associated to these actor sets.”

However, the Washington Post reports, “It is also possible, researchers said, that someone else besides the Russians were inside the DNC’s network and had access to the same documents.” (The Washington Post, 6/20/2016) 

A law firm reviewing the DNC attack, Baker & McKenzie, has begun working with three cybersecurity companies to review CrowdStrike’s findings. Fidelis Cybersecurity is one of them, along with FireEye and Palo Alto Networks, Inc. (Bloomberg News, 6/21/2016) (Fidelis Cybersecurity, 6/20/2016)

June 21, 2016: The Clinton Foundation’s computer network was recently successfully hacked by alleged Russian hackers.

Bloomberg News reports this is according to three unnamed “people familiar with the matter.” Clinton Foundation officials say they haven’t been notified of the attack and refuse to say more. The breach was discovered as recently as one week earlier.

The attack appears to be part of a larger sweep of attacks that has targeted at least 4,000 email accounts of people connected to US politics since about October 2015. Many of the targets appear to be linked to Clinton.

Bloomberg News comments, “The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal emails filled with gossip about world leaders and Hollywood stars were made public.”

Someone going by the nickname “Guccifer 2.0” has been releasing documents from a hack on the DNC [Democratic National Committee] but it is unknown if this person is linked to the foundation attack. (Bloomberg News, 6/21/2016)

June 21, 2016: Guccifer 2.0 releases 261 more files from the DNC hack.

This is the third release by Guccifer 2.0 of files from the DNC [Democratic National Committee] in a week. Guccifer 2.0 claims on his website, “It’s a big folder of docs devoted to Hillary Clinton that I found on the DNC server.” The files are compilations of news reports and other publicly available documents on existing or likely Democratic candidates from around April 2015, and the vast majority of the files contain information from that time or earlier. Nearly all the files are about Clinton, noting stories that could hurt her and often countering them with pro-Clinton talking points.

The DNC has neither confirmed nor denied that Guccifer 2.0 files come from the DNC breach, but Mother Jones notes that the “new trove of documents [were] apparently pilfered from the [DNC].” (Mother Jones, 6/21/2016)

June 21, 2016: Democrats hope that blaming recent hacking attacks on the Russian government will limit the political fallout.

Glen Caplin (Credit: Global Strategy Group)

Glen Caplin (Credit: Global Strategy Group)

Bloomberg News reports, “If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.”

In the same article, Clinton spokesperson Glen Caplin refuses to comment on details about recent hacking attacks or confirm if any of Clinton’s campaign staff got successfully hacked. However, Caplin does say, “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”

The DNC [Democratic National Committee] similarly won’t comment on details or confirm reports of successful attacks. However, the DNC issues a written statement that it believes recent leaks by Guccifer 2.0 are “part of a disinformation campaign by the Russians.”

The Russian government has denied any involvement. (Bloomberg News, 6/21/2016)

June 21, 2016: Guccifer 2.0 is interviewed and claims to be Romanian, not Russian.

Starting June 15, 2015, someone using the nickname “Guccifer 2.0” created a website and started posting files that appear to come from a recent hack of the DNC [Democratic National Committee] computer network. He claims to be a “lone hacker” while some have suggested that he is a front for the Russian government.

For the first time, he is interviewed, by Vice News, through Twitter, so his appearance and location remain unknown. He says he is from Romania, just like the original hacker nicknamed Guccifer, who is now in a US prison. However, Vice News asks him to answer a question in Romanian and he declines to do so. He does make a few comments in Romanian, but they have numerous errors. He says he deliberately left Russian metadata in the leaked documents as his personal “watermark.” Yet he claims, “I don’t like Russians and their foreign policy. I hate being attributed to Russia.”

He says he first breached the DNC network in the summer of 2015. “Then I installed my Trojans on several PCs. I had to go from one PC to another every week so CrowdStrike couldn’t catch me for a long time. I know that they have cool intrusion detection system. But my heuristic algorithms are better.” He claims he finally got kicked out of the network on June 12, 2016, when the DNC “rebooted their system.”

He says he has had other successful hacking attacks, but he refuses to name the targets because “my safety depends on it.” He says he doesn’t care about Donald Trump but targeted the DNC to emulate the work of the original Guccifer. (Vice News, 6/21/2016)

June 21, 2016: The FBI, NSA, and US Secret Service are all investigating recent hacks on US political targets.

None of those government agencies have made any public statements about the hacking attacks or who might be behind them, and the White House has been silent as well. But Bloomberg News reports that because so many of the attacks have targeted people or institutions close to Clinton, the FBI has been careful to keep its hacking investigation separate from its ongoing Clinton email investigation. Totally different personnel are being used in the two investigations. (Bloomberg News, 6/21/2016)

June 30, 2016: One company that possessed Clinton’s emails is accused of having shockingly poor security.

Datto Headquarters in Norwalk, Connecticut. (Credit: Stephen A. Schwartz / Daily Mail)

Datto Headquarters in Norwalk, Connecticut. (Credit: Stephen A. Schwartz / Daily Mail)

From around June 2013 until August 2015, Clinton’s private server containing her emails from her time as secretary of state was managed by Platte River Networks. But another company, Datto Inc., was making monthly back-up copies of all the server’s data in the Internet cloud.  Datto has 600 employees and is valued at $1 billion, but two people tell the Daily Mail that the company is extremely incompetent.

Marc Tamarin, president of Virtual IT Consulting, was a Datto business partner from 2009 until early 2016. He says he frequently worked with Datto’s technical support, but “Those guys were really morons. They weren’t qualified to handle our back-up and that was the biggest concern for us. … If they’re inept at the basic principles of technology, how are they going to handle something advanced like security? Most companies like mine trust their vendor that they are doing due diligence. I’ve never heard anything this bad before in my life, the dataincompetence was shocking.”

An unnamed former employee, who spent three years at the company, has even more complaints. “If you’re talking about high-level data security, at the political, presidential level, the security level of data [at Datto] … was nowhere near something that could have been protected from a good hacker that knows how to spread out their points at which to infiltrate. It’s not something that Datto was focused on. It was more about getting the data off-site quickly and cost-effectively than securing the data and keeping it from being hacked. There’s no doubt in my mind that someone could easily hack them – even today.”

He calls Datto’s security “a joke.” He claims a potential hacker could walk in off the street and sit down at an unused computer and access all the company’s data. There were no security guards, the receptionists didn’t ask questions of strangers, there was no key card access or other security features, passwords were not regularly changed, and so on. People who said they had lost their security pass would be let in without questions. Unused computers were frequently left on and logged in to the network.

He says, “For years, any Datto employee, even low-level ones, could go in any customer’s device, see their backups, restore files, and delete files.” Oftentimes, Datto customers would find themselves logged into the data of another customer without even wanting to. Datto’s internal servers were hacked in 2010. However, complaints were swept under the rug and security was not improved. (The Daily Mail, 6/30/2016)

July 2016—August 18, 2016: Hackers target the election databases in two US states, but the motives and identities of the hackers are unclear.

In July 2016, the FBI uncovers evidence that two state election databases may have been recently hacked, in Arizona and Illinois. Officials shut down the voter registration systems in both states in late July 2016, with the Illinois system staying shut down for ten days.

160701JehJohnsonpublic

Jeh Johnson (Credit: public domain)

On August 15, 2016,  Homeland Security Secretary Jeh Johnson heads a conference call with state election officials and offers his department’s help to make state voting systems more secure. In the call, he emphasizes that he is not aware of “specific or credible cybersecurity threats” to the November 2016 presidential election.

Three days later, the FBI Cyber Division issues a warning, titled “Targeting Activity Against State Board of Election Systems.” It reveals that the FBI is investigating hacking attempts on the Arizona and Illinois state election websites. The warning suggests the hackers could be foreigners and asks other states to look for signs that they have been targeted too. Out of the eight known IP addresses used in the attacks, one IP address was used in both attacks, strongly suggesting the attacks were linked.

An unnamed “person who works with state election officials calls the FBI’s warning “completely unprecedented. … There’s never been an alert like that before that we know of.” In the Arizona case, malicious software was introduced into its voter registration system, but apparently there was no successful stealing of data. However, in the Illinois case, the hackers downloaded personal data on up to 200,000 state voters.

160701TomKellermannBBCNews

Tom Kellermann (Credit: BBC News)

It is not known who was behind the attacks. One theory is that the Russian government is responsible. A former lead agent in the FBI’s Cyber Division said the way the hack was done and the level of the FBI’s alert “more than likely means nation-state attackers.” Tom Kellermann, head of the cybersecurity company Strategic Cyber Ventures, believes Russian President Vladimir Putin is ultimately behind the attacks, and thinks it is connected to the hacking of the Democratic National Committee (DNC) and other recently targeted US political targets. Kellermann says of Putin, “I think he’s just unleashed the hounds.”

But another leading theory is that common criminals are trying to steal personal data on state voters for financial gain. Milan Patel, former chief technology officer of the FBI’s Cyber Division, says, “It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe.” But he adds, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.” Some cybersecurity experts note that hackers often target government databases for personal information they can sell.

160701RickBarger

Rich Barger (Credit: Threat Connect)

So far, the motive and identity of the hackers remains uncertain. Rich Barger, chief intelligence officer for ThreatConnect, says that one of the IP addresses listed in the FBI alert previously surfaced in Russian criminal underground hacker forums. However, sometimes these groups work alone, and other times they work for or cooperate with the Russian government. Barger also claims the method of attack on one of the state election systems appears to resemble methods used in other suspected Russian state-sponsored cyberattacks. But cybersecurity consultant Matt Tait says that “no robust evidence as of yet” connects the hacks to the Russian government or any other government.

US officials are considering the possibility that some entity may be attempting to hack into voting systems to influence the tabulation of results in the November 2016 election. A particular worry is that all of six states and parts of four others use only electronic voting with no paper verification. Hackers could conceivably use intrusions into voter registration databases to delete names from voter registration lists. However, this is still considered only a remote possibility. But the FBI is warning states to improve their cybersecurity to reduce the chances this could happen.

News of these attacks and FBI alerts will be made public by Yahoo News on August 29, 2016. (Yahoo News, 8/29/2016) (Politico, 8/29/2016)

July 5, 2016: FBI Director Comey announces he will not recommend Clinton’s indictment on any charge, but he calls her “extremely careless” in handling highly classified information.

FBI Director James Comey announces his recommendation for Clinton and her aides on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey announces his recommendation in a press conference on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey gives a public speech in front of a group of reporters. The timing is surprising, since this brings an end to the FBI’s investigation of Clinton’s email practices, and just a Sunday and the Fourth of July holiday separate this from the FBI’s interview of Clinton on July 2, 2016. Comey spends most of his speech criticizing Clinton, but ends it by saying he will not recommend that the Justice Department pursue any indictment of Clinton or her aides.

Comey’s fifteen-minute speech includes the following information, in order, with key phrases bolded to assist in understanding.

Comey begins by describing the FBI investigation:

  • The investigation started with a referral from Intelligence Community Inspector General Charles McCullough, and “focused on whether classified information was transmitted” on Clinton’s personal email server during her time as secretary of state. It specifically “looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.” The FBI “also investigated to determine whether there is evidence of computer intrusion in connection with the personal email server by any foreign power, or other hostile actors.”
  • The FBI found that Clinton “used several different servers and administrators of those servers during her four years at the State Department, and used numerous mobile devices to view and send email on that personal domain. As new servers and equipment were employed, older servers were taken out of service, stored, and decommissioned in various ways…”
  • The FBI analyzed the over 30,000 work emails that Clinton did turn over to the State Department in December 2014, working with other US government departments to determine which emails contained truly classified information at the time they were sent, and which ones were justifiably classified later.
  • James Comey (Credit: Fox News)

    James Comey (Credit: Fox News)

    From the group of 30,068 emails Clinton returned to the State Department, “110 emails in 52 email chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was ‘top secret’ at the time they were sent; 36 chains contained ‘secret’ information at the time; and eight contained ‘confidential’ information, which is the lowest level of classification. Separate from those, about 2,000 additional emails were ‘up-classified’ to make them ‘confidential’; the information in those had not been classified at the time the emails were sent.”

  • It had previously been reported that the FBI had recovered most or all of the 31,830 emails that Clinton had deleted, allegedly because they contained personal information only. However, Comey reveals that was not the case, and thousands of emails were not recovered. He gives an example of how when one of Clinton’s servers was decommissioned in 2013, the email was removed and broken up into millions of fragments.
  • The FBI “discovered several thousand work-related emails” that were not included in the 30,068 emails Clinton returned to the State Department, even though Clinton claimed under oath that she had returned all her work-related emails. The FBI found these after they “had been deleted over the years and we found traces of them on devices that supported or were connected to the private email domain.” Others were found in the archived government email accounts of other government employees whom Clinton frequently communicated with. Still others were found “from the laborious review of the millions of email fragments” of the server decommissioned in 2013.
  • Out of these additional work emails, three were classified at the time they were sent or received – none at the ‘top secret’ level, one at the ‘secret’ level, and two at the ‘confidential’ level. None were found to have been deemed classified later.
  • Furthermore, Comey claims “we found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them. Our assessment is that, like many email users, Secretary Clinton periodically deleted emails or emails were purged from the system when devices were changed. Because she was not using a government account—or even a commercial account like Gmail—there was no archiving at all of her emails, so it is not surprising that we discovered emails that were not on Secretary Clinton’s system in 2014, when she produced the 30,000 emails to the State Department.”
  • 160705DeletingAttorneys

    The three Clinton attorneys who deleted emails are David Kendall (left), Cheryl Mills (center), and Heather Samuelson (right). (Credit: public domain)

    However, he also admits that “It could also be that some of the additional work-related emails we recovered were among those deleted as ‘personal’ by Secretary Clinton’s lawyers when they reviewed and sorted her emails for production in 2014.” He claims that the three lawyers who sorted the emails for Clinton in late 2014 (David Kendall, Cheryl Mills, and Heather Samuelson) “did not individually read the content of all of her emails…” Instead, they used keyword searches to determine which emails were work related, and it is “highly likely their search terms missed some work-related emails” that were later found by the FBI elsewhere.

  • Comey states it is “likely” that some emails may have disappeared forever. because Clinton’s three lawyers “deleted all emails they did not return to State, and the lawyers cleaned their devices in such a way as to preclude complete forensic recovery.” But he says that after interviews and technical examination, “we believe our investigation has been sufficient to give us reasonable confidence there was no intentional misconduct in connection with that sorting effort.”

Comey then begins stating his findings:

  • “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.”
  • As an example, he points out that “seven email chains concern matters that were classified at the ‘Top Secret/Special Access Program’ [TP/SAP] level when they were sent and received. These chains involved Secretary Clinton both sending emails about those matters and receiving emails from others about the same matters. There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation.”
  • He adds that it was a similar situation with emails classified at the “secret” level when they were sent, although he doesn’t specify how many.
  • He comments, “None of these emails should have been on any kind of unclassified system, but their presence is especially concerning because all of these emails were housed on unclassified personal servers not even supported by full-time security staff, like those found at departments and agencies of the US government—or even with a commercial service like Gmail.”
  • He notes that “only a very small number of the emails containing classified information bore markings indicating the presence of classified information. But even if information is not marked ‘classified’ in an email, participants who know or should know that the subject matter is classified are still obligated to protect it.”
  • He then criticizes the State Department as a whole. The FBI found evidence that “the security culture” of the State Department “was generally lacking in the kind of care for classified information found elsewhere in the government.” This was especially true regarding the use of unclassified email systems.
  • Then he addresses whether “hostile actors” were able to gain access to Clinton’s emails. Although no direct evidence of any successful hacking was found, he points out that “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.”

After laying out the evidence of what the FBI found, Comey moves to the FBI’s recommendation to the Justice Department. He admits that it is highly unusual to publicly reveal the FBI’s recommendation, but “in this case, given the importance of the matter, I think unusual transparency is in order.”

James Comey (Credit: NPR)

James Comey (Credit: NPR)

Then he comes to these conclusions:

  • “Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.”
  • To justify this decision, he claims he examined other cases involving the mishandling or removal of classified information, and “we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.”
  • He then says, “To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now. As a result, although the Department of Justice makes final decisions on matters like this, we are expressing to Justice our view that no charges are appropriate in this case.”
  • He concludes by saying the FBI’s investigation was done competently, honestly, and independently, and without any kind of outside influence.

He doesn’t address the possibility of recommending the indictment of any of Clinton’s aides or other figures like Sid Blumenthal or Justin Cooper. He also doesn’t make any mention of the Clinton Foundation, though there have been media reports the FBI has been investigating it as well. After finishing his speech, he leaves without taking any questions from the media. (Federal Bureau of Investigation, 7/5/2016)

July 5, 2016—July 6, 2016: Comey’s comments indicate it is “very likely” Clinton’s emails were hacked, but solid proof may never be found.

In a July 5, 2016 public speech, FBI Director James Comey addresses the possibility that Clinton’s emails were accessed by outsiders. He says, “We did not find direct evidence that Secretary Clinton’s personal email domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.” (Federal Bureau of Investigation, 7/5/2016)

The next day, the New York Times reports that although Comey said there was no “direct evidence” Clinton’s email account had been successfully hacked, “both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”

The Times says that Comey’s comments were a “blistering” critique of Clinton’s “email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others.” However, “the central mystery — who got into the system, if anyone — may never be resolved.”

Adam Segal (Credit: public domain)

Adam Segal (Credit: public domain)

Adam Segal, a cybersecurity expert at the Council on Foreign Relations (CFR), says, “Reading between the lines and following Comey’s logic, it does sound as if the FBI believes a compromise of Clinton’s email is more likely than not. Sophisticated attackers would have known of the existence of the account, would have targeted it, and would not have been seen.”

Before Comey’s comments, Clinton and her spokespeople had said on numerous occasions that her server had never been hacked. In an October 2015 interview, President Obama came to a similar conclusion about her server: “I don’t think it posed a national security problem.”

The Times also comments that Comey’s “most surprising suggestion” may have been his comment that Clinton used her private email while in the territory of “sophisticated adversaries.” This is understood to mean China and Russia and possibly a few more countries.

Former government cybersecurity expert James Lewis says, “If she used it in Russia or China, they almost certainly picked it up.” (The New York Times, 7/6/2016)

Cybersecurity consultant Morgan Wright says the most likely suspects are Russia, China and Israel, “in that order.”

Ben Johnson, a former National Security Agency official and security strategist, says “Certainly foreign military and intelligence services” would have targeted Clinton’s emails. “They’re going to have a lot of means and motives to do this.” He also says it wasn’t just likely countries such as China and Russia, but “any country that’s looking to potentially have adversarial relations with us or just [desires] more relations with us.” He specifically cites Middle East countries specifically as having a likely motive. (Politico, 7/5/2016)

July 7, 2016: FBI Director James Comey says Clinton’s private server was less secure than the State Department’s computer network or a commercial email provider.

160707JamesComeyJackGruberUSAToday

Comey testifies to the House Benghazi Committee on July 7, 2016. (Credit: Jack Gruber / USA Today)

In a Congressional hearing, Comey says, “The challenge of security is not binary, it’s just degrees of security. [Clinton’s private server] was less secure than one at the State Department, or as I said, even one at a private commercial provider like a Gmail.” (CNN, 7/7/2016)

Representative Rod Blum (R) asks, “Director Comey, are you implying in [your comments] that the private email servers of Secretary Clinton’s were perhaps less secure than a Gmail account that is used for free by a billion people around this planet?”

Comey replies, “Yes. And I’m not looking to pick on Gmail. Their security is actually pretty good; the weakness is individual users. But, yes, Gmail has full-time security staff and thinks about patching, and logging, and protecting their systems in a way that was not the case here.”

Blum also comments, “I know some security experts in the industry. I check with them. The going rate to hack into somebody’s Gmail account, $129. For corporate emails, they can be hacked for $500 or less. If you want to hack into an IP address, it’s around $100. I’m sure the FBI can probably do it cheaper. This is the going rate.” (CNN, 7/7/2016)

July 27, 2016: US intelligence hasn’t found proof that the Russian government is responsible for WikiLeaks getting recently hacked emails.

The Washington Post reports that “Intelligence officials, who spoke on the condition of anonymity to discuss an issue under investigation, said there is little doubt that agents of the Russian government hacked the Democratic National Committee [DNC], and the White House was informed months ago of [Russia’s] culpability.” However, days after WikiLeaks posted almost 20,000 DNC emails, the Post adds, “The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.”

160727KeithAlexanderAP

Former NSA director Keith Alexander, testifying before Congress in 2013. (Credit: The Associated Press)

One unnamed US official says, “We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none.”

Former NSA Director Keith Alexander says, “Determining with confidence who was behind it — if the Russians were the hackers, seeing them pass that data to WikiLeaks — is probably much more difficult than attributing it to the initial hacker. That’s a tough one — especially because there are different ways of passing that information, not all electronic.”

Furthermore, even if Russia is behind the leaks to WikiLeaks, the motivation is unclear. A key question is if Russia is attempting to influence the November 2016 US presidential election. Michael Hayden, former director of both the NSA and the CIA, states, “Frankly, I don’t think they’re motivated by thinking they can affect the election itself.” He thinks the Russians may be flexing their muscles “to demonstrate that they can — not necessarily to make [Donald] Trump win or Hillary [Clinton] lose.”

160727LeoTaddeoTwitter

Leo Taddeo (Credit: Twitter)

Leo Taddeo, a former FBI agent who worked with cybersecurity operations, says, “This is not [Russian leader Vladimir] Putin trying to help Trump. I think they were messaging Hillary Clinton, telling her that they can get in the way of her election if she doesn’t show some flexibility in her position toward them.”

Representative Adam Schiff (D) believes that if Russia is ultimately responsible, the Obama administration “should make it known publicly and forcefully. Even if they’re not able to lay out the evidence because it would disclose sources and methods, they should make the attribution.” (The Washington Post, 7/27/2016)

August 22, 2016: A Congressperson issues subpoenas to three companies that helped manage Clinton’s private email server.

160822LamarSmithpublicdomain

Representative Lamar Smith (Credit: public domain)

Representative Lamar Smith (R), chair of the Committee on Science, Space and Technology, issues subpoenas for Platte River Networks, which managed Clinton’s server from May 2013 until August 2015; Datto, Inc., which made back-up copies of the server; and SECNAP, which carried out threat monitoring of the network connected to Clinton’s server. Smith wants documents from the companies by September 9, 2016, after they declined to voluntarily produce them. Congressional committees requested information since August and November 2015, to no avail. The companies had been threatened with subpoenas on July 12, 2016.

Smith comments, “Companies providing services to Secretary Hillary Clinton’s private email account and server are not above the law.” He claims the information he is seeking is “critical to… informing policy changes in how to prevent similar email arrangements in the future.”

Smith is working with Senator Ron Johnson (R), chair of the Senate Homeland Security and Governmental Affairs Committee. They are looking for information about breaches or potential breaches, and documents that detail the scope of the work of each company. (The Washington Post, 8/22/2016)

August 25, 2016: It is alleged that Clinton’s lawyers used a computer program to make sure her deleted emails couldn’t be recovered.

Since late 2014, when Clinton and her lawyers deleted over 31,000 of Clinton’s emails from when she was secretary of state, it has been unclear if the emails were simply deleted or “wiped,” meaning deliberate steps were taken to make sure they couldn’t be recovered later.

160825GowdyFoxNews

Trey Gowdy appears with Martha MacCallum on Fox News on August 25, 2016. (Credit: Fox News)

In an interview, Representative Trey Gowdy (R) says that, “[Clinton] and her lawyers [Cheryl Mills, David Kendall, and Heather Samuelson] had those emails deleted. And they didn’t just push the delete button; they had them deleted where even God can’t read them. They were using something called BleachBit. You don’t use BleachBit for yoga emails or bridemaids emails. When you’re using BleachBit, it is something you really do not want the world to see.”

160825BleachBitLogo

BleachBit Logo (Credit: public domain)

BleachBit is computer software whose website advertises that it can “prevent recovery” of files. Politico notes that if Gowdy is correct, this would be “further proof that Clinton had something to hide in deleting personal emails from the private email system she used during her tenure as secretary of state.” It is not explained how Gowdy might know this, but his comments come only a few days after the FBI gave raw materials about their Clinton email investigation to Congress. (Politico, 8/25/2016)

Gowdy’s claim contradicts what FBI Director James Comey said on July 5, 2016 when he announced that he would not recommend charging Clinton with any crime. At that time, Comey stated, “we found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them. Our assessment is that, like many email users, Secretary Clinton periodically deleted emails or emails were purged from the system when devices were changed.” (Federal Bureau of Investigation, 7/5/2016)

Within hours of Gowdy’s comments, BleachBit updates their website to say: “Last year when Clinton was asked about wiping her email server, she joked, ‘Like with a cloth or something?’ It turns out now that BleachBit was that cloth, according to remarks by Gowdy.” The website also notes, “As of the time of writing BleachBit has not been served a warrant or subpoena in relation to the investigation. … The cleaning process [of our program] is not reversible.” (BleachBit, 8/25/2016)

On September 2, 2016, the FBI’s final report on their Clinton email investigation will be released, and it will be revealed that BleachBit was used on Clinton’s server in late March 2015. (Federal Bureau of Investigation, 9/2/2016)

September 1, 2016: Putin denies that Russia was involved in the DNC hack.

Russian President Vladimir Putin says in an interview about accusations of Russian government in the hacking of Democratic National Committee (DNC) emails: “Listen, does it even matter who hacked this data? The important thing is the content that was given to the public …. There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it. … But I want to tell you again, I don’t know anything about it, and on a state level Russia has never done this.”

However, an internal probe conducted by CrowdStrike Inc. traced the source of the hack to two Russian hacking groups connected with Russian intelligence, “Cozy Bear” and “Fancy Bear.”

John Lewis (Credit: public domain)

James Lewis (Credit: public domain)

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, claims that Russia has engaged in state hacking in the past and that Putin’s denials are “not credible.”

Putin continues: “You know how many hackers there are today? They act so delicately and precisely that they can leave their mark — or even the mark of others — at the necessary time and place, camouflaging their activities as that of other hackers from other territories or countries. It’s an extremely difficult thing to check, if it’s even possible to check. At any rate, we definitely don’t do this at a state level.” (Bloomberg News, 9/1/2016)