June 2, 2011: Chinese hackers are targeting Gmail accounts of senior US officials, but top Clinton aides keep using Gmail account for work.

The Google Gmail logo (Credit: Google)

The Google Gmail logo (Credit: Google)

Google Inc. publicly announces that hackers based in China are targeting the email accounts of senior US officials and hundreds of other prominent people. The attacks are on users of Google’s Gmail email service. If successful, the hackers are able to read the emails of their targets. (The Wall Street Journal, 6/2/2011) 

Clinton’s chief of staff Cheryl Mills conducts government work through her Gmail account. Philippe Reines, Clinton’s senior advisor and press secretary, has a government account and a Gmail account, and uses both for work. However, there’s no evidence Mills or Reines stops using Gmail for work after this news report. (Judicial Watch, 9/14/2015) (Politico, 10/5/2015) 

Furthermore, two days later, Mills indicates in an email that there was an attempt to hack her email: “As someone who attempted to be hacked (yes I was one)…” (CBS News, 9/30/2015

Later in the month, the State Department will issue a warning to all employees not to use private emails for work, but apparently Mills and Reines still won’t stop using their Gmail accounts for work. (The Washington Post, 3/27/2016)

July 26, 2011: Clinton jokes about Chinese hackers but doesn’t take steps to combat the hacking.

Clinton types on her phone during a visit to Brasilia, Brazil, in April, 2012. (Credit: CNN)

Clinton types on her phone during a visit to Brasilia, Brazil, in April, 2012. (Credit: CNN)

In June 2011, Google Inc. publicly warned that hackers based in China were targeting the Gmail email accounts of senior US officials. (The Wall Street Journal, 6/2/2011) On this day, Clinton shows awareness of the problem through a joke.

Another State Department official sends Clinton an email, and some confusion results about the official’s two email accounts.

Clinton writes, “I just checked and I do have your state but not your Gmail – so how did that happen. Must be the Chinese!” (US Department of State, 9/3/2015)  

After that official says “You’ve always emailed me on my State email,” Clinton jokes again, “Weird since my address book only has your Gmail. Maybe the Chinese hacked it and focused on you!”  (US Department of State, 10/30/2015)

But despite this awareness,But despite this awareness, and a State Department warning not to use any private email addresses due to the problem that was sent out in Clinton’s name, Clinton apparently fails to make any changes to her own private email use and security set-up. (The Washington Post, 3/27/2016)

February 2014: A laptop containing all of Clinton’s emails from one year earlier is permanently lost in the mail.

In the spring of 2013, Clinton aide Monica Hanley made a copy of all of Clinton’s emails on a MacBook laptop to make a safe back-up copy of them. Then she apparently forgot to do anything with it for nearly a full year.

The 2013 Apple Mac Book Air Laptop (Credit: public domain)

The 2013 Apple MacBook Air Laptop (Credit: public domain)

In early 2014, Hanley finds the laptop where it has been stored at her personal residence. She attempts to transfer the archive of Clinton’s emails to Platte River Networks (PRN), the computer company which is managing Clinton’s private server by this time. She works with PRN employee Paul Combetta. After trying unsuccessfully to remotely transfer the emails to him, Hanley ships the laptop to his residence in February 2014. Combetta then transfers Clinton’s emails from the laptop onto Clinton’s private server.

This server already should contain all of Clinton’s old emails. But the server that existed when Hanley made the back-up in the spring of 2013 was replaced in June 2013 by a new server, so it is possible that some emails get transferred at the time didn’t get successfully transferred before.

Combetta transfers all of the Clinton email content to a personal Gmail email address he created. Then he downloads all the emails from the Gmail account to a mailbox on the new Clinton server. He will later tell the FBI that he used the Gmail as a middle step because he had format compatibility issues.

Hanley will later tell the FBI that she recommended that PRN wipe the laptop after the emails were transferred to the server. (“Wiping” means repeatedly overwriting the data so it can never be recovered.) However, Combetta will tell the FBI that once the transfer was done, he deleted the emails from the laptop but didn’t do any wiping. He also deleted the emails uploaded to the Gmail account.

According to the FBI’s final report, Combetta then ships the laptop to a person whose name will later be redacted, but works on Clinton’s staff in some capacity. He ships it through the mail, using United States Postal Service (USPS) or United Parcel Service (UPS). The unnamed Clinton staffer will later tell the FBI that she never received the laptop. She will say that Clinton’s staff was moving offices at the time, and it would have been easy for the package to get lost during the transition period.

According to Combetta’s September 2015 FBI interview, he “shipped the foregoing MacBook back to [redacted], but recalled nothing about the return shipment.” That would presumably mean he shipped it back to Hanley, since she shipped it to him. But in Hanley’s January 2016 interview, she will claim to have asked another woman (whose name is redacted) if they ever received laptop and were told they did not. Thus it would appear Combetta and Hanley will have different accounts of who is sent the laptop.

The laptop is apparently permanently lost. However, some of Clinton’s emails will somehow be recovered from the Gmail account in 2016, even though they were all deleted. (Federal Bureau of Investigation, 9/2/2016) (Federal Bureau of Investigation, 9/23/2016)

October 2015—Mid-May 2016: Hackers, alleged to be Russian, target almost 4,000 Google accounts related to US politics.

Center for American Progress logo (Credit: public domain)

Center for American Progress logo (Credit: public domain)

According to a June 17, 2016 Bloomberg News article, during this time period, the same allegedly Russian hackers who breach the computers of the DNC [Democratic National Committee] and Clinton’s presidential campaign “[burrow] much further into the US political system, sweeping in law firms, lobbyists, consultants, foundations, and the policy groups known as think tanks, according to a person familiar with investigations of the attacks.” Almost 4,000 Google accounts are targeted by “spear phishing,” which involves tricking targets to give log-in information so their data can be accessed. The Center for American Progress, a think tank with ties to Clinton and the Obama administration, is one known target.

Bloomberg News will further report that, “Based on data now being analyzed, various security researchers believe the campaign stems from hackers linked to Russian intelligence services and has been broadly successful, extracting reams of reports, policy papers, correspondence and other information.”

The Russian government denies any involvement, but cybersecurity experts who have investigated the attacks believe the hackers are working for Russia. It is believed that either or both of two major Russian hacking groups, Fancy Bear (or APT 28) and Cozy Bear (or APT 29) are behind the attacks. (Bloomberg News, 6/17/2016)

February 3, 2016: A State Department official claims someone tried to hack her private email account two years earlier, in early 2014.

Wendy Sherman (Credit: Alex Wong / Getty Images)

Wendy Sherman (Credit: Alex Wong / Getty Images)

Wendy Sherman is interviewed by the FBI. Sherman served as deputy secretary of state under Clinton (the third highest ranking post), and as under secretary of state for political affairs. Her name will later be redacted in the FBI summary of the interview, but the Daily Caller will identify the interviewee as Sherman due to details mentioned elsewhere in the interview.

Sherman served as chief negotiator on a nuclear deal between the US and Iran, which was agreed to in 2014. In the FBI summary of her interview, she said that she was not aware of any specific instances where she was notified of a potential hack of her State Department or personal email accounts or those of other department employees. However, she “explained [she] was sure people tried to hack into [her] personal email account and the accounts of [redacted] team approximately two years ago during [redacted] in the Iran negotiations. Specifically, [redacted] received a similar email. [She] reported the incident to [State Department] Diplomatic Security who reportedly traced the emails back to a [redacted].”

Elsewhere in the interview, she said that it “was not uncommon for [her] to have to use [her] personal Gmail account to communicate while on travel, because there were often times [she] could not access her [State Department] unclassified account.”

The Daily Caller will later comment, “While it is no surprise that hackers would attempt to infiltrate the negotiating teams’ email accounts — the US government has robust spy operations that try to do the same thing — Sherman’s use of a personal account while overseas likely increased her chances of being hacked.” (The Daily Caller, 9/24/2016) (Federal Bureau of Investigation, 9/23/2016)

March 2016: The same hacking group that allegedly breaches the DNC [Democratic National Committee] computer network may also breach computers of some Clinton presidential campaign staffers.

Clinton's Deputy Communications Director, Kristina Schake (Credit: Getty Images)

Clinton’s Deputy Communications Director, Kristina Schake (Credit: Getty Images)

The hacker or hacking group is known by the nickname Fancy Bear, and is alleged to be working for the Russian government. Fancy Bear gets into the DNC network in April 2016, which makes it separate from the efforts of Cozy Bear (alleged also to be linked to Russia) or Guccifer 2.0 (alleged to be a “lone hacker”) which in either case got into the network for about a year. Fancy Bear’s attack on Clinton’s staffers is said to start in March 2016, according to the security firm SecureWorks. Targets include Clinton’s communications and travel organizers, speechwriters, policy advisers, and campaign finance managers.

The hackers use the “spear phishing” technique of sending an email from a seemingly trusted source in order to get the target to click on a link. In this case, the links are shortened by an Internet service known as Bitly to make it hard to notice that they’re bogus. They take the target to a fake Google login page, since most or all of Clinton’s staffers use Gmail. Once the target gives their user name and password, the hacker can log into the real account and access all the data. The hackers create 213 links targeting 108 hillaryclinton.com addresses. Twenty of those are clicked, raising the possibility that some accounts are successfully breached. (Forbes, 6/16/2016)

June 21, 2016: The FBI recovers 302 previously lost Clinton emails from a Gmail account; two of them were deemed classified when they were sent.

In February 2014, an unnamed Platte River Networks (PRN) employee created a Gmail email account and briefly transferred all of Clinton’s emails into it from a back-up of Clinton’s server made in the spring of 2013. He transferred the Clinton emails to a new version of this server, but most of the emails on this server will later be destroyed. He also will tell the FBI that he deleted all of the emails from his Gmail account after completing the transfer.

However, the FBI will later report that on June 21, 2016, FBI investigators discovered 940 Clinton emails that were still on the Gmail account somehow. It has not been explained if the PRN employee simply failed to delete them all or if deleted emails were recovered.

All of the 940 emails date from October 25, 2010 to December 31, 2010. 56 of them were later deemed to be classified at the “confidential” level. 302 of them were not in the over 30,000 emails that Clinton gave to the State Department in December 2014. It has not been specified how many of these were deemed work-related. But of the 302 emails, the FBI gave 18 of them to other departments to for classification review. The State Department decided one email was classified “secret” when it was sent, but then later was downgraded to “confidential.” Another email was “confidential” when it was sent and later downgraded to be unclassified. (Federal Bureau of Investigation, 9/2/2016)

July 5, 2016: FBI Director Comey announces he will not recommend Clinton’s indictment on any charge, but he calls her “extremely careless” in handling highly classified information.

FBI Director James Comey announces his recommendation for Clinton and her aides on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey announces his recommendation in a press conference on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey gives a public speech in front of a group of reporters. The timing is surprising, since this brings an end to the FBI’s investigation of Clinton’s email practices, and just a Sunday and the Fourth of July holiday separate this from the FBI’s interview of Clinton on July 2, 2016. Comey spends most of his speech criticizing Clinton, but ends it by saying he will not recommend that the Justice Department pursue any indictment of Clinton or her aides.

Comey’s fifteen-minute speech includes the following information, in order, with key phrases bolded to assist in understanding.

Comey begins by describing the FBI investigation:

  • The investigation started with a referral from Intelligence Community Inspector General Charles McCullough, and “focused on whether classified information was transmitted” on Clinton’s personal email server during her time as secretary of state. It specifically “looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.” The FBI “also investigated to determine whether there is evidence of computer intrusion in connection with the personal email server by any foreign power, or other hostile actors.”
  • The FBI found that Clinton “used several different servers and administrators of those servers during her four years at the State Department, and used numerous mobile devices to view and send email on that personal domain. As new servers and equipment were employed, older servers were taken out of service, stored, and decommissioned in various ways…”
  • The FBI analyzed the over 30,000 work emails that Clinton did turn over to the State Department in December 2014, working with other US government departments to determine which emails contained truly classified information at the time they were sent, and which ones were justifiably classified later.
  • James Comey (Credit: Fox News)

    James Comey (Credit: Fox News)

    From the group of 30,068 emails Clinton returned to the State Department, “110 emails in 52 email chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was ‘top secret’ at the time they were sent; 36 chains contained ‘secret’ information at the time; and eight contained ‘confidential’ information, which is the lowest level of classification. Separate from those, about 2,000 additional emails were ‘up-classified’ to make them ‘confidential’; the information in those had not been classified at the time the emails were sent.”

  • It had previously been reported that the FBI had recovered most or all of the 31,830 emails that Clinton had deleted, allegedly because they contained personal information only. However, Comey reveals that was not the case, and thousands of emails were not recovered. He gives an example of how when one of Clinton’s servers was decommissioned in 2013, the email was removed and broken up into millions of fragments.
  • The FBI “discovered several thousand work-related emails” that were not included in the 30,068 emails Clinton returned to the State Department, even though Clinton claimed under oath that she had returned all her work-related emails. The FBI found these after they “had been deleted over the years and we found traces of them on devices that supported or were connected to the private email domain.” Others were found in the archived government email accounts of other government employees whom Clinton frequently communicated with. Still others were found “from the laborious review of the millions of email fragments” of the server decommissioned in 2013.
  • Out of these additional work emails, three were classified at the time they were sent or received – none at the ‘top secret’ level, one at the ‘secret’ level, and two at the ‘confidential’ level. None were found to have been deemed classified later.
  • Furthermore, Comey claims “we found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them. Our assessment is that, like many email users, Secretary Clinton periodically deleted emails or emails were purged from the system when devices were changed. Because she was not using a government account—or even a commercial account like Gmail—there was no archiving at all of her emails, so it is not surprising that we discovered emails that were not on Secretary Clinton’s system in 2014, when she produced the 30,000 emails to the State Department.”
  • 160705DeletingAttorneys

    The three Clinton attorneys who deleted emails are David Kendall (left), Cheryl Mills (center), and Heather Samuelson (right). (Credit: public domain)

    However, he also admits that “It could also be that some of the additional work-related emails we recovered were among those deleted as ‘personal’ by Secretary Clinton’s lawyers when they reviewed and sorted her emails for production in 2014.” He claims that the three lawyers who sorted the emails for Clinton in late 2014 (David Kendall, Cheryl Mills, and Heather Samuelson) “did not individually read the content of all of her emails…” Instead, they used keyword searches to determine which emails were work related, and it is “highly likely their search terms missed some work-related emails” that were later found by the FBI elsewhere.

  • Comey states it is “likely” that some emails may have disappeared forever. because Clinton’s three lawyers “deleted all emails they did not return to State, and the lawyers cleaned their devices in such a way as to preclude complete forensic recovery.” But he says that after interviews and technical examination, “we believe our investigation has been sufficient to give us reasonable confidence there was no intentional misconduct in connection with that sorting effort.”

Comey then begins stating his findings:

  • “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.”
  • As an example, he points out that “seven email chains concern matters that were classified at the ‘Top Secret/Special Access Program’ [TP/SAP] level when they were sent and received. These chains involved Secretary Clinton both sending emails about those matters and receiving emails from others about the same matters. There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation.”
  • He adds that it was a similar situation with emails classified at the “secret” level when they were sent, although he doesn’t specify how many.
  • He comments, “None of these emails should have been on any kind of unclassified system, but their presence is especially concerning because all of these emails were housed on unclassified personal servers not even supported by full-time security staff, like those found at departments and agencies of the US government—or even with a commercial service like Gmail.”
  • He notes that “only a very small number of the emails containing classified information bore markings indicating the presence of classified information. But even if information is not marked ‘classified’ in an email, participants who know or should know that the subject matter is classified are still obligated to protect it.”
  • He then criticizes the State Department as a whole. The FBI found evidence that “the security culture” of the State Department “was generally lacking in the kind of care for classified information found elsewhere in the government.” This was especially true regarding the use of unclassified email systems.
  • Then he addresses whether “hostile actors” were able to gain access to Clinton’s emails. Although no direct evidence of any successful hacking was found, he points out that “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.”

After laying out the evidence of what the FBI found, Comey moves to the FBI’s recommendation to the Justice Department. He admits that it is highly unusual to publicly reveal the FBI’s recommendation, but “in this case, given the importance of the matter, I think unusual transparency is in order.”

James Comey (Credit: NPR)

James Comey (Credit: NPR)

Then he comes to these conclusions:

  • “Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.”
  • To justify this decision, he claims he examined other cases involving the mishandling or removal of classified information, and “we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.”
  • He then says, “To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now. As a result, although the Department of Justice makes final decisions on matters like this, we are expressing to Justice our view that no charges are appropriate in this case.”
  • He concludes by saying the FBI’s investigation was done competently, honestly, and independently, and without any kind of outside influence.

He doesn’t address the possibility of recommending the indictment of any of Clinton’s aides or other figures like Sid Blumenthal or Justin Cooper. He also doesn’t make any mention of the Clinton Foundation, though there have been media reports the FBI has been investigating it as well. After finishing his speech, he leaves without taking any questions from the media. (Federal Bureau of Investigation, 7/5/2016)

July 7, 2016: FBI Director James Comey says Clinton’s private server was less secure than the State Department’s computer network or a commercial email provider.

160707JamesComeyJackGruberUSAToday

Comey testifies to the House Benghazi Committee on July 7, 2016. (Credit: Jack Gruber / USA Today)

In a Congressional hearing, Comey says, “The challenge of security is not binary, it’s just degrees of security. [Clinton’s private server] was less secure than one at the State Department, or as I said, even one at a private commercial provider like a Gmail.” (CNN, 7/7/2016)

Representative Rod Blum (R) asks, “Director Comey, are you implying in [your comments] that the private email servers of Secretary Clinton’s were perhaps less secure than a Gmail account that is used for free by a billion people around this planet?”

Comey replies, “Yes. And I’m not looking to pick on Gmail. Their security is actually pretty good; the weakness is individual users. But, yes, Gmail has full-time security staff and thinks about patching, and logging, and protecting their systems in a way that was not the case here.”

Blum also comments, “I know some security experts in the industry. I check with them. The going rate to hack into somebody’s Gmail account, $129. For corporate emails, they can be hacked for $500 or less. If you want to hack into an IP address, it’s around $100. I’m sure the FBI can probably do it cheaper. This is the going rate.” (CNN, 7/7/2016)