June 2011: Huma Abedin’s emails are requested, but the State Department will not turn any over.

Gawker files a Freedom of Information Act (FOIA) request for some of Clinton’s deputy chief of staff Huma Abedin’s email correspondence. The exact scope of the request is not clear from media accounts. The State Department eventually returns no documents, although the timing of their reply also is not clear.

In March 2015, it will be revealed that Abedin primarily used an email account at the clintonemail.com server, just like Clinton did. Presumably this is why no emails are turned over. However, she also used a .gov email account. (Gawker, 3/3/2015)

March 20, 2013: Gawker publishes an article that reveals Clinton’s use of a private email address and notes it “could be a major security breach.”

The article notes that the hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal. “[W]hy was Clinton apparently receiving emails at a non-governmental email account? The address Blumenthal was writing to was hosted at the domain ‘clintonemail.com’, which is privately registered via Network Solutions. It is most certainly not a governmental account. […] And there seems to be little reason to use a different account other than an attempt to shield her communications with Blumenthal from the prying eyes of FOIA [Freedom of Information Act] requesters.

Neither the State Department nor the White House would immediately comment on whether the White House knew that Blumenthal was digitally whispering in Clinton’s ear, or if the emails were preserved as the law requires. And if, as it appears, Blumenthal’s emails contained information that was classified, or ought to have been treated as such, it could be a major security breach for Clinton to have allowed it to be sent to her on an open account, rather than through networks the government has specifically established for the transmission of classified material.” (Gawker, 3/20/2013)

Late March 2013 or After: Emails between Clinton and Blumenthal are requested, but the State Department will fail to turn them over.

Gawker files a Freedom of Information Act (FOIA) request seeking all emails between Clinton and her confidant Sid Blumenthal. Due to the revelation of Clinton’s exact email address by the hacker nicknamed Guccifer in March 2013, the request specifies that address along with Blumenthal’s AOL [America Online] address.

However, even though some emails between Clinton and Blumenthal had been made public by Guccifer, the State Department eventually tells Gawker it could find no records responsive to the request. The exact timing of the request and the reply is not clear. (The New York Times, 3/3/2015) (Gawker, 3/3/2015)

December 4, 2013: Some Bill Clinton doodles are made public due to the hacker Guccifer.

One of Bill Clinton's doodles. Guccifer added his name to it. (Credit: Guccifer / Gawker)

One of Bill Clinton’s doodles. Guccifer added his name to it. (Credit: Guccifer / Gawker)

Gawker publishes some doodles made by Bill Clinton when he was US president. Gawker claims the doodles come from the Romanian hacker nicknamed Guccifer. It is not clear where or how Guccifer got the doodles, except they come from a folder called “Wjcdrawings.” It is probable the doodles were stored either on The Clinton Library’s server (which has a .gov address) or The Clinton Foundation’s server. (Gawker, 12/4/2013) If it’s the latter, that would help verify Guccifer’s later claim that he looked into Clinton’s private email server, because it apparently was also The Clinton Foundation’s server until early 2015.

March 5, 2015: Clinton’s private server is active and shows obvious security vulnerabilities.

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.

Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.

It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.

As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)

Clinton still doesn’t shut the server down. However, about two days later, the security settings are changed.

March 5, 2015: Clinton’s private server shows more obvious security vulnerabilities.

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)

March 27, 2015: Blumenthal sent Clinton intelligence apparently based on NSA wiretapping of top European leaders.

Angela Merkel (Credit: The Associated Press)

Angela Merkel (Credit: The Associated Press)

Gawker reveals that Sid Blumenthal’s emails to Clinton appear to contain information from highly classified NSA intercepts of German Prime Minister Angela Merkel. It is not stated when, but one of Blumenthal’s emails details conversations between Merkel and her finance minister Wolfgang Schäuble about French President Francois Hollande (who was elected in 2012). Blumenthal marked the email with a warning: “THIS INFORMATION COMES FROM AN EXTREMELY SENSITIVE SOURCE.” (Gawker, 3/27/2015) 

In 2013, whistleblower Edward Snowden revealed that the NSA had tapped Merkel’s phone for many years. In July 2015, it will be revealed that the phones of Germany’s ministers were tapped by the NSA as well. (The Guardian, 7/1/2015) It is not clear how Blumenthal gets such intelligence, since he is a private citizen with no security clearance at the time.

March 27, 2015: There allegedly is a “massive” FBI investigation of Guccifer’s hack into Blumenthal’s emails.

Cody Shearer (Credit: Vimeo)

Cody Shearer (Credit: Vimeo)

In March 2013, Clinton confidant Sid Blumenthal’s email account was broken into by the Romanian hacker nicknamed Guccifer, and some emails between Blumenthal and Clinton were publicly revealed. Cody Shearer was a business partner with Blumenthal in a company called Osprey Global Solutions that is sometimes mentioned in the hacked emails.

When contacted by Gawker for a comment about such emails, Shearer says that “the FBI is involved and told me not to talk. There is a massive investigation of the hack and all the resulting information.”

Nothing else is known about this investigation, presuming it exists. Shearer is also described by Gawker as “a longtime Clinton family operative.” (Gawker, 3/27/2015)

January 7, 2016: The State Department’s internal watchdog slams the department’s FOIA process.

The State Department’s inspector general Steve Linick issues a report claiming that the department “repeatedly provided inadequate and inaccurate responses to Freedom of Information Act [FOIA] requests involving top agency officials, including a misleading answer to a request three years ago seeking information on Secretary of State Hillary Clinton’s email use.”

Politico states the new report also points to “a series of failures in the procedures the office of the secretary used to respond to public records requests, including a lack of written policies and training, as well as inconsistent oversight by senior personnel.”

According to the report, “These procedural weaknesses, coupled with the lack of oversight by leadership and failure to routinely search emails, appear to contribute to inaccurate and incomplete responses.”

CREW's Logo (Credit: CREW)

CREW’s Logo (Credit: CREW)

One important flawed department response was a letter sent to the watchdog group Citizens for Responsibility and Ethics in Washington (CREW) in May 2013 after the organization asked for details on email accounts used by Clinton. State’s response to CREW was, “no records responsive to your request were located.” The report says the inspector general’s office “found evidence that [Clinton’s chief of staff Cheryl Mills] was informed of the request at the time it was received and subsequently tasked staff to follow up.” However, according to the report, none of those officials appear to have reviewed the results of the search done in the department’s files, and there was “no evidence” that those staffers who did the search and responded to CREW knew about Clinton’s private email setup.  CREW followed up last year by saying it never received any final response to its FOIA request.

The AP Logo (Credit: The Associated Press)

The AP Logo (Credit: The Associated Press)

Other flaws pointed out by the inspector general’s report include extreme delays in other cases, such as an Associated Press FOIA request for Clinton’s schedules that was pending without substantive response for five years.

Politico also filed a FOIA request for legal and ethics reviews of former President Bill Clinton’s paid speeches. That request was pending for four years before the department began producing records.

The Gawker Logo (Credit: Gawker Media)

Another failed response involved a Gawker request for emails that former Clinton adviser Philippe Reines exchanged with 34 news organizations. Politico reports “that request initially received a “no records” response from [the] State [Department], even though State has now found 81,000 potentially responsive emails in its official files. At a court hearing last month, a government lawyer would not concede that the no-records response was inadequate.” (Politico, 1/7/2016)

 

June 16, 2016: Various clues suggest that “Guccifer 2.0” could be a front for Russian hacking efforts.

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

Copy of the metadata and the nickname for Felix Dzerzhinsky, written in the Cyrillic alphabet. (Credit: Ars Technica)

On June 15, 2016, someone going by the name “Guccifer 2.0” claimed to be the “lone hacker” behind the breach of the DNC [Democratic National Committee] computer network reported in the media the day before.

However, various clues support the assertion by security experts hired by the DNC that the hacking effort is connected to the Russian government or at least originates from Russia:

  • The metadata of one file sent by Guccifer 2.0 to Gawker contains metadata indicating the last person to change the file used the nickname for Felix Dzerzhinsky (Феликс Эдмундович), a long-dead Russian statesman best known for founding the Soviet secret police.
  • The nickname is written in the Cyrillic alphabet, which means Guccifer 2.0’s computer was configured to use the Russian language and was connected to a Russian-language keyboard.
  • Another file contains some broken web links. The error message is also written in Russian, using the Cyrillic alphabet.
  • A blog post written by Guccifer 2.0 uses “)))” to indicate a smiley face. This is common in Eastern Europe and Russia but very uncommon elsewhere, due to differences with the Russian-language keyboard. (Ars Technica, 6/16/2016)
  • Other metadata indicates the person who saved the files used a cracked version of Office 2007, which is popular in Russia.
  • Vice News reports that Guccifer 2.0 had no online history prior to June 15, and “multiple security sources said they’d never heard of nor seen anyone by that alias” before that date. (Vice News, 6/16/2016)
  • Dave Aitel, CEO of Immunity Security, comments, “You don’t have the FBI or DHS [Department of Homeland Security] coming out and saying: ‘Hey we don’t think it’s Russia.’ If it is Russia, a nation state, it’s a pretty big deal. Otherwise the FBI would say: ‘We’re conducting an investigation.’ But they’re not saying that.”

Ars Technica comments, “Of course, it’s still possible that the Russian fingerprints were left intentionally by someone who has no connection to Russia, or by a Russian-speaking person with no connection to the Russian government, or any number of other scenarios.” (Ars Technica, 6/16/2016)