Mid-August 2008: The Chinese government apparently hacks into the 2008 presidential campaigns of Barack Obama and John McCain.

Admiral Dennis Blair (Credit: Sasakawa Peace Foundation USA)

Admiral Dennis Blair (Credit: Sasakawa Peace Foundation USA)

Hacking teams traced back to China are caught breaking into the computers of the Obama and McCain campaigns, resulting in high-level warnings to Chinese officials to stop. The computers, laptops, and mobile devices of top campaign aides and advisers who receive high-level briefings are particularly targeted. “Spear phishing” is used to get targets to open an attachment containing a virus that would allow data to be stolen from their computer.

Obama campaign manager David Plouffe will later say he got a call in the middle of August 2008 alerting him to the attack and that the FBI was investigating. However, the virus is extremely sophisticated, and it takes months for it to be completely removed from the networks of the two campaigns.

In a May 2009 speech, President Obama will make a general mention of the attacks: “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans.” However, the involvement of China’s government won’t be publicly revealed until June 2013.

Dennis Blair, director of national intelligence from 2009 to 2010, will comment that year, “Based on everything I know, this was a case of political cyberespionage by the Chinese government against the two American political parties. They were looking for positions on China, surprises that might be rolled out by campaigns against China.” (NBC News, 6/6/2013)

April and May 2011: Clinton and her top aides are warned again to minimize the use of personal emails for business due to hacker attacks.

In March 2011, State Department security officials warned Clinton and other senior officials that there was a “dramatic increase” in hacker attacks specifically targeting senior US officials. It concluded, “We urge department users to minimize the use of personal web email for business.”

This is followed by a cybersecurity briefing in April 2011 and then another one in May. Clinton’s immediate staff and other top officials attend the briefings, but it is not clear if Clinton herself does. However, after Clinton ends her term in 2013, a copy of a classified presentation used during one of the briefings will be found in her papers. It contains warnings similar to the March 2011 warning. (US Department of State, 5/25/2016)

June 2, 2011: Chinese hackers are targeting Gmail accounts of senior US officials, but top Clinton aides keep using Gmail account for work.

The Google Gmail logo (Credit: Google)

The Google Gmail logo (Credit: Google)

Google Inc. publicly announces that hackers based in China are targeting the email accounts of senior US officials and hundreds of other prominent people. The attacks are on users of Google’s Gmail email service. If successful, the hackers are able to read the emails of their targets. (The Wall Street Journal, 6/2/2011) 

Clinton’s chief of staff Cheryl Mills conducts government work through her Gmail account. Philippe Reines, Clinton’s senior advisor and press secretary, has a government account and a Gmail account, and uses both for work. However, there’s no evidence Mills or Reines stops using Gmail for work after this news report. (Judicial Watch, 9/14/2015) (Politico, 10/5/2015) 

Furthermore, two days later, Mills indicates in an email that there was an attempt to hack her email: “As someone who attempted to be hacked (yes I was one)…” (CBS News, 9/30/2015

Later in the month, the State Department will issue a warning to all employees not to use private emails for work, but apparently Mills and Reines still won’t stop using their Gmail accounts for work. (The Washington Post, 3/27/2016)

2012: Clinton’s private server is vulnerable to a hacker attack described in a government warning.

Marc Maiffret (Credit: Fox News Business)

Marc Maiffret (Credit: Fox News Business)

The Homeland Security Department’s Computer Emergency Readiness Team issues a warning about remote access attacks, that would allow hackers to take control of computers. The warning notes that “An attacker with a low skill-level would be able to exploit this vulnerability.”

In 2015, the Associated Press will report that Clinton’s private email server could have been vulnerable to a hostile takeover by this very type of attack. Clinton’s server appears to have lacked encrypted protections, and could accept commands from the computers over the Internet.

Marc Maiffret, who founded two cybersecurity companies, will later comment, “That’s total amateur hour. […] Real enterprise-class security, with teams dedicated to these things, would not do this.”

Another cybersecurity expert, Justin Harvey, will comment that Clinton’s server “violates the most basic network-perimeter security tenets: Don’t expose insecure services to the Internet.” (The Associated Press, 10/13/2015)

August and December 2012: An Internet-wide hacker attack makes Clinton’s private server even more vulnerable.

An anonymous hacker using a computer in Serbia scans hundreds of millions of Internet addresses for accessible openings, called “ports.” Clinton’s private server is scanned by this hacker in August 2012 and again in December. The hacker’s millions of results are then made widely available on-line. It is unknown if anyone looking at this data figures out if the server belongs to Bill and Hillary Clinton, although the name “clintonemail.com” is a clue. (The Associated Press, 10/13/2015)

November 2012: Clinton’s private email account is reconfigured to use Google’s servers as a backup in case her personal server fails.

Clinton checks her phone with Assistant Secretary of State for European Affairs Philip Gordon in Munich, Germany, on February 4, 2012. (Credit: Politico)

Clinton checks her phone with Assistant Secretary of State for European Affairs Philip Gordon in Munich, Germany, on February 4, 2012. (Credit: Politico)

This is according to Internet records; it is likely in response to the server crashing for several days after Hurricane Sandy one month earlier. The choice of Google is curious because Clinton herself claimed that in June 2011, the Chinese government tried to break into the Google email accounts of senior US government officials. (The Associated Press, 3/4/2015)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

March 15, 2013—March 21, 2013: Clinton’s private server is repeatedly scanned from Russia shortly after Guccifer’s hack revealed her server domain.

On March 14, 2013, the Romanian hacker known as Guccifer broke into the email account of Clinton confidant Sid Blumenthal and learned Clinton’s private email address and thus her clintonemail.com server domain.

A September 2016 FBI report will reveal that “An examination of log files [of Clinton’s server] from March 2013 indicated that IP addresses from Russia and Ukraine attempted to scan the server on March 15, 2013, the day after the Blumenthal compromise, and on March 19 and March 21, 2013. However, none of these attempts were successful, and it could not be determined whether this activity was attributable to [Guccifer].” (Federal Bureau of Investigation, 9/2/2016)

June 6, 2013: Chinese government hacker attacks on US government targets have steadily increased since 2008.

Shawn Henry (Credit: public domain)

Shawn Henry (Credit: public domain)

In the summer of 2008, the presidential campaigns of Barack Obama and John McCain had their computers successfully breached by hackers apparently working for the Chinese government. According to NBC News, “US officials say that Chinese intrusions have escalated in the years since, involving repeated attacks on US government agencies, political campaigns, corporations, law firms, and defense contractors—including the theft of national security secrets and hundreds of billions of dollars in intellectual property.”

Shawn Henry headed up the FBI’s investigation of the 2008 attacks and now is president of the computer security company CrowdStrike. He says there’s “little doubt” the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector. “There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue.” (NBC News, 6/6/2013)

Late June 2013—October 2013: During this time, it appears that Clinton’s private server is wide open to hacking attempts.

On May 31, 2013, maintenance of the server was taken over by a small Colorado-based company called Platte River Networks (PRN), and the server is sent to a data center in New Jersey. PRN then pays to use threat monitoring software called CloudJacket SMB made by a company named SECNAP. SECNAP claims the software can foil “even the most determined hackers.”

Around June 30, 2013, PRN transfers all the email accounts from the old server to the new one. However, the new software doesn’t begin working until October 2013, apparently leaving the server vulnerable. It is known that the server is repeatedly attacked by hackers in the months from October 2013 on, but it is unknown if any attacks occur when the software is not yet installed. (The Associated Press, 10/7/2015) 

An FBI report will later obliquely confirm this by mentioning that when the new server is set up in June 2013, all the hardware is built up at the time, except for an “intrusion detection device” which has to be added later after it gets shipped to the server location. (Federal Bureau of Investigation, 9/2/2016)

Justin Harvey (Credit: Third Certainty)

Justin Harvey (Credit: Third Certainty)

Justin Harvey, chief security officer of a cybersecurity company, will later comment that Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department. […] She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state. Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.” (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media, which would have left the server especially vulnerable in the months after.

October 2013—February 2014: Clinton’s private email server is the subject of repeated attempted cyber attacks, originating from China, South Korea, and Germany.

The attempts are foiled due to threat monitoring software installed in October 2013. However, from June to October 2013, her server is not protected by this software, and there is no way of knowing if there are successful attacks during that time.

A 2014 email from an employee of SECNAP, the company that makes the threat monitoring software, describes four attacks. But investigators will later find evidence of a fifth attack from around this time. Three are linked to China, one to South Korea, and one to Germany. It is not known if foreign governments are involved or how sophisticated the attacks are.

Clinton had ended her term as secretary of state in February 2013, but more than 60,000 of her emails remained on her server. (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media.

Mid-November 2014: The State Department apparently successfully thwarts an attempt by Russian hackers to penetrate its email system.

The State Department apparently successfully thwarts an attempt by Russian hackers to penetrate its email system.”’ The entire computer network is quickly shut down for several days after evidence is found that a hacker entered the system. (The Washington Post, 11/16/2014) 

It is alleged that the US government believes the Russian government is responsible. The attack begins when a department employee falls for “spear phishing,” a trick in which a computer user is is led to click on a bogus link that loads malicious software onto the network. It is believed that only the department’s unclassified network is infected, since the classified and unclassified networks are never allowed to reside on the same computer. But the damage is widespread, and thousands of computers in embassies and offices around the world are affected.

In February 2015, the Wall Street Journal will report that the department is still struggling to make sure all traces of the attack are gone from its network. (The Wall Street Journal, 2/18/2015)

In March 2015, Wired Magazine will later comment, “[A]t least, in that case, there was a response. If the same sort of highly resourced hackers had gone after the server in Clinton’s basement, there’s no guarantee that the same alarms would have gone off.” (Wired, 3/4/2015)

March 5, 2015: Clinton’s private server is active and shows obvious security vulnerabilities.

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.

Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.

It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.

As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)

Clinton still doesn’t shut the server down. However, about two days later, the security settings are changed.

March 5, 2015: Clinton’s private server shows more obvious security vulnerabilities.

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)

March 10, 2015: Clinton falsely claims that her private server had “no security breaches.”

Clinton answers questions at a United Nations press conference on March 10, 2015. (Credit: The Associated Press)

Clinton answers questions at a United Nations press conference on March 10, 2015. (Credit: The Associated Press)

During her United Nations press conference, Clinton says about her private email server at her Chappaqua, New York, house: “The system we used was set up for President Clinton’s office. And it had numerous safeguards. It was on property guarded by the Secret Service. And there were no security breaches.”

However, in May 2016, a State Department inspector general’s report will detail hacking attempts on Clinton’s emails housed in the server. In January 2011, Justin Cooper, who helped manage the server, wrote in an email that he shut down the server because he suspected “someone was trying to hack us…” Later that day, he wrote, “We were attacked again so I shut (the server) down for a few min [minutes].” And in May 2011, Clinton told her aides that someone was “hacking into her email.”

Additionally, the Associated Press will later comment that “it’s unclear what protection her email system might have achieved from having the Secret Service guard the property. Digital security breaches tend to come from computer networks, not over a fence.” (The Associated Press, 5/27/2016)

March 18, 2015: Clinton’s team won’t answer basic questions about the security of her private server.

John A. Lewis (Credit: John Hopkins University)

John A. Lewis (Credit: John Hopkins University)

Clinton spokesperson Nick Merrill claims that when Clinton set up her private email server, “Robust protections were put in place and additional upgrades and techniques were employed over time as they became available. There was never evidence of a breach, nor any unauthorized intrusions.”

However, Merrill declines to say who exactly was in charge of maintaining the server and ensuring its security. Furthermore, it’s unclear what sort of security vetting that person or persons received, if any. Additionally, Merrill won’t reveal if other departments that protect government communications, such as the FBI or the NSA, were ever told of the server’s existence, and if so, if they helped provide security for it.

James A. Lewis, who held senior technology posts at the White House and State Department, comments that emails “that run on commercial services are vulnerable to collection. […] I don’t think people realize how much of this information is available to foreign intelligence services.” (Bloomberg News, 3/18/2015)

Contrary to Merrill’s claim, a May 2016 State Department inspector general report will reveal that there were hacker attacks on Clinton’s server.

August 14, 2015: The FBI is trying to find out if foreign countries, especially China or Russia, broke into Clinton’s private server.

The New York Times reports that according to several unnamed US officials, “specially trained cybersecurity investigators will seek to determine whether Russian, Chinese, or other hackers breached the account or tried to transfer any of Mrs. Clinton’s emails…” (The New York Times, 8/14/2015)

September 2, 2015: It is widely believed foreign governments have intercepted Clinton’s emails.

The Daily Beast reports on Clinton’s email scandal, “There’s a widely held belief among American counterspies that foreign intelligence agencies had to be reading the emails on Hillary’s private server, particularly since it was wholly unencrypted for months. ‘I’d fire my staff if they weren’t getting all this,’ explained one veteran Department of Defense counterintelligence official, adding: ‘I’d hate to be the guy in Moscow or Beijing right now who had to explain why they didn’t have all of Hillary’s email.’ Given the widespread hacking that has plagued the State Department, the Pentagon, and even the White House during Obama’s presidency, senior counterintelligence officials are assuming the worst about what the Russians and Chinese know.”

An unnamed senior official who is “close to the investigation” says, “Of course they knew what they were doing, it’s as clear as day from the emails. I’m a Democrat and this makes me sick. They were fully aware of what they were up to, and the Bureau knows it.” (The Daily Beast, 9/2/2015)

October 2015—Mid-May 2016: Hackers, alleged to be Russian, target almost 4,000 Google accounts related to US politics.

Center for American Progress logo (Credit: public domain)

Center for American Progress logo (Credit: public domain)

According to a June 17, 2016 Bloomberg News article, during this time period, the same allegedly Russian hackers who breach the computers of the DNC [Democratic National Committee] and Clinton’s presidential campaign “[burrow] much further into the US political system, sweeping in law firms, lobbyists, consultants, foundations, and the policy groups known as think tanks, according to a person familiar with investigations of the attacks.” Almost 4,000 Google accounts are targeted by “spear phishing,” which involves tricking targets to give log-in information so their data can be accessed. The Center for American Progress, a think tank with ties to Clinton and the Obama administration, is one known target.

Bloomberg News will further report that, “Based on data now being analyzed, various security researchers believe the campaign stems from hackers linked to Russian intelligence services and has been broadly successful, extracting reams of reports, policy papers, correspondence and other information.”

The Russian government denies any involvement, but cybersecurity experts who have investigated the attacks believe the hackers are working for Russia. It is believed that either or both of two major Russian hacking groups, Fancy Bear (or APT 28) and Cozy Bear (or APT 29) are behind the attacks. (Bloomberg News, 6/17/2016)

October 13, 2015: Clinton’s private server was especially vulnerable to hacker attacks.

Clinton checks her phone at the United Nations Security Council on March 12, 2012. (Credit: Richard Drew / The Associated Press)

Clinton checks her phone at the United Nations Security Council on March 12, 2012. (Credit: Richard Drew / The Associated Press)

The Associated Press reports that “The private email server running in [Clinton’s] home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers, according to data and documents reviewed by the Associated Press. […] Experts said the Microsoft remote desktop service [used on the server] wasn’t intended for such use without additional protective measures, and was the subject of US government and industry warnings at the time over attacks from even low-skilled intruders.” (The Associated Press, 10/13/2015) 

One anonymous senior National Security Agency (NSA) official comments after reading the Associated Press report, “Were they drunk? Anybody could have been inside that server—anybody.” (The New York Observer, 10/19/2015)

January 21, 2016: Former Defense Secretary Robert Gates believes foreign countries hacked into Clinton’s private email server.

Secretary of Defense Robert Gates (Credit: ABC News)

Secretary of Defense Robert Gates (Credit: ABC News)

He says in an interview, “Given the fact that the Pentagon acknowledges that they get attacked about 100,000 times a day, I think the odds are pretty high.” Russia, China, and Iran are suggested as countries that would have targeted her server. Gates was defense secretary from 2006 to 2011, under Presidents Bush and Obama. In 2015, Gates praised Clinton, saying, “She was a good secretary of state.” (The Hill, 1/21/2016)

January 28, 2016: It is claimed that Russian intelligence must have gotten the contents of Clinton’s emails.

This is according to an unnamed former high-ranking Russian intelligence officer. This officer says, “Of course the SVR got it all.” (The SVR, Sluzhba Vneshney Razvedki, is the successor intelligence agency to the KGB.) He adds, “I don’t know if we’re as good as we were in my time, but even half-drunk, the SVR could get those emails. They probably couldn’t believe how easy Hillary made it for them.” (The New York Observer, 1/28/2016)

February 3, 2016: A State Department official claims someone tried to hack her private email account two years earlier, in early 2014.

Wendy Sherman (Credit: Alex Wong / Getty Images)

Wendy Sherman (Credit: Alex Wong / Getty Images)

Wendy Sherman is interviewed by the FBI. Sherman served as deputy secretary of state under Clinton (the third highest ranking post), and as under secretary of state for political affairs. Her name will later be redacted in the FBI summary of the interview, but the Daily Caller will identify the interviewee as Sherman due to details mentioned elsewhere in the interview.

Sherman served as chief negotiator on a nuclear deal between the US and Iran, which was agreed to in 2014. In the FBI summary of her interview, she said that she was not aware of any specific instances where she was notified of a potential hack of her State Department or personal email accounts or those of other department employees. However, she “explained [she] was sure people tried to hack into [her] personal email account and the accounts of [redacted] team approximately two years ago during [redacted] in the Iran negotiations. Specifically, [redacted] received a similar email. [She] reported the incident to [State Department] Diplomatic Security who reportedly traced the emails back to a [redacted].”

Elsewhere in the interview, she said that it “was not uncommon for [her] to have to use [her] personal Gmail account to communicate while on travel, because there were often times [she] could not access her [State Department] unclassified account.”

The Daily Caller will later comment, “While it is no surprise that hackers would attempt to infiltrate the negotiating teams’ email accounts — the US government has robust spy operations that try to do the same thing — Sherman’s use of a personal account while overseas likely increased her chances of being hacked.” (The Daily Caller, 9/24/2016) (Federal Bureau of Investigation, 9/23/2016)

March 2016: The same hacking group that allegedly breaches the DNC [Democratic National Committee] computer network may also breach computers of some Clinton presidential campaign staffers.

Clinton's Deputy Communications Director, Kristina Schake (Credit: Getty Images)

Clinton’s Deputy Communications Director, Kristina Schake (Credit: Getty Images)

The hacker or hacking group is known by the nickname Fancy Bear, and is alleged to be working for the Russian government. Fancy Bear gets into the DNC network in April 2016, which makes it separate from the efforts of Cozy Bear (alleged also to be linked to Russia) or Guccifer 2.0 (alleged to be a “lone hacker”) which in either case got into the network for about a year. Fancy Bear’s attack on Clinton’s staffers is said to start in March 2016, according to the security firm SecureWorks. Targets include Clinton’s communications and travel organizers, speechwriters, policy advisers, and campaign finance managers.

The hackers use the “spear phishing” technique of sending an email from a seemingly trusted source in order to get the target to click on a link. In this case, the links are shortened by an Internet service known as Bitly to make it hard to notice that they’re bogus. They take the target to a fake Google login page, since most or all of Clinton’s staffers use Gmail. Once the target gives their user name and password, the hacker can log into the real account and access all the data. The hackers create 213 links targeting 108 hillaryclinton.com addresses. Twenty of those are clicked, raising the possibility that some accounts are successfully breached. (Forbes, 6/16/2016)

April 2016: Hacking attacks on the DNC and the Clinton campaign are first discovered.

On June 14, 2016, McClatchy Newspapers will report that a hacking attack on the DNC [Democratic National Committee] is discovered “in late April 2016, after staffers noticed unusual activity on the DNC’s computer network.” (McClatchy Newspapers, 6/14/2016) 

On June 21, 2016, Bloomberg News will report, “The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.” (Bloomberg News, 6/21/2016)

In late July 2016, it will be reported that the FBI warned the Clinton campaign in March 2016 that it was the target of hacking attempts, but the campaign refused to help the FBI stop them.

Around April or May 2016: The FBI warns “dozens of lawmakers” that they are being targeted by hackers.

160401TomDaschleNYMagazine

Former senator Tom Daschle (Credit: NY Magazine)

On July 25, 2016, the Washington Post will report that the FBI warns the “Clinton campaign and dozens of lawmakers” that they are being targeted by hackers. Later reporting by Yahoo News will indicate that the Clinton campaign is first warned by the FBI in March 2016. The timing of the warning to lawmakers is less clear, except that the Post mentions it takes place “weeks before” a media report on June 14, 2016 that hackers had broken into the Democratic National Committee (DNC) computer network.

It still has not been proven that hack on the lawmakers have been successful. However, former Senate majority leader Tom Daschle (D) has told the Post that his email account was hacked recently. But he hasn’t been given any indication if law enforcement is investigating or who the hacker might be. (The Washington Post, 7/25/2016)

 

Late April 2016—Early May, 2016: Hacking attacks on a DNC consultant researching pro-Russian politicians in Ukraine lead DNC leaders to conclude the Russian government is behind such attacks.

160530AlexandraChalupaLinkedIn

Alexandra Chalupa (Credit: Linked In)

Alexandra Chalupa, a consultant for the Democratic National Committee (DNC), has been working for several weeks on an opposition research file about Paul Manafort, the campaign manager of Republican presidential nominee Donald Trump. Manafort has a long history of advising politicians around the world, including controversial dictators. Logging into her Yahoo email account, she gets a warning entitled “Important action required” from a Yahoo cybersecurity team. The warning adds, “We strongly suspect that your account has been the target of state-sponsored actors.”

Paul Manafort (Credit: Linked In)

Paul Manafort (Credit: Linked In)

Paul Manafort was a key adviser to Ukrainian President Viktor Yanukovych from 2004 until 2010. Yanukovych is a controversial figure frequently accused of widespread corruption and was overthrown after a massive series of protests in February 2014, and has since been living in Russia, protected by the Russian government. Chalupa had been drafting memos and writing emails about Manafort’s link to pro-Russian Ukrainian leaders such as Yanukovych when she got the warning. She had been in contact with investigative journalists in Ukraine who had been giving her information about Manafort’s ties there.

Chalupa immediately alerts top DNC officials. But more warnings from Yahoo’s security team follows. On May 3, 2016, she writes in an email to DNC communications director Luis Miranda, “Since I started digging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often.”

160725ScreenshotCapturedYahooNews(1)

A photo capture of the Yahoo security warning appearing on DNC consultant Alexandra Chalupa’s computer screen. (Credit: Yahoo News)

In July 2016, she will tell Yahoo News, “I was freaked out,” and “This is really scary.” Her email message to Miranda will later be one of 20,000 emails released by WikiLeaks on July 22, 2016, showing that there was good reason to be concerned about hacking attempts.

Chalupa’s email to Miranda, results in concern amongst top level DNC officials. One unnamed insider will later say. “That’s when we knew it was the Russians,” since Russia would be very interested in Chalupa’s research and other countries like China would not. This source also says that as a precaution, “we told her to stop her research.”

Yahoo will later confirm that it did send numerous warnings to Chalupa, and one Yahoo security official will say, “Rest assured we only send these notifications of suspected attacks by state-sponsored actors when we have a high degree of confidence.” (Yahoo News, 7/25/2016)

May 4, 2016: Guccifer tells Fox News he accessed Clinton’s private server in 2013.

Guccifer (left) talks to Fox News reporter Catherine Herridge (right). (Credit: Fox News)

Guccifer (left) talks to Fox News reporter Catherine Herridge (right). (Credit: Fox News)

The Romanian hacker nicknamed Guccifer, whose real name is Marcel-Lehel Lazar, has been recently interviewed by Fox News. He claims for the first time that after breaking into the email account of Clinton confidant Sid Blumenthal in March 2013, he traced Clinton’s emails back to her private email server.

He tells Fox News, “For me, it was easy […] easy for me, for everybody.” He says he accessed her server “like twice.” He adds, “For example, when Sidney Blumenthal got an email, I checked the email pattern from Hillary Clinton, from Colin Powell, from anyone else to find out the originating IP [Internet Protocol address]. […] When they send a letter, the email header is the originating IP usually…then I scanned with an IP scanner.”

He said he then used some Internet programs to determine if the server was active and which ports were open. However, the server’s contents did “not interest” him at the time. “I was not paying attention. For me, it was not like the Hillary Clinton server, it was like an email server she and others were using with political voting stuff.”

If he breached the server, it appears he didn’t fully understand what he was seeing, and he has not claimed to have uncovered more of Clinton’s emails. He is interviewed from a US prison and has no documents to back up his claim. However, Fox News reports, “While [his] claims cannot be independently verified, three computer security specialists, including two former senior intelligence officials, said the process described is plausible and the Clinton server, now in FBI custody, may have an electronic record that would confirm or disprove Guccifer’s claims.”

Cybersecurity expert Morgan Wright comments, “The Blumenthal account gave him a road map to get to the Clinton server. […] You get a foothold in one system. You get intelligence from that system, and then you start to move.”

Guccifer claims he wants to cooperate with the US government, adding that he has hidden two gigabytes of data that is “too hot” and is “a matter of national security.”

The Clinton campaign responds, “There is absolutely no basis to believe the claims made by this criminal from his prison cell. In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton’s server are inaccurate.” (Fox News, 5/4/2016) 

Politico reports, “An internal FBI review of Clinton’s email records did not indicate traces of hacking” according to “a source familiar with the situation.” (Politico, 5/4/2016)

An FBI report in September 2016 will assert that Guccifer admitted in his FBI interview that he lied about his claim to have accessed Clinton’s server.

May 4, 2016: Guccifer also tells NBC News he accessed Clinton’s private server in 2013.

Guccifer (left) being interviewed by Cynthia McFadden (right) inside a Romanian prison complex. (Credit: NBC News)

Guccifer (left) being interviewed by Cynthia McFadden (right) inside a Romanian prison complex. (Credit: NBC News)

Hours after Fox News reports on recently interviewing Romanian hacker Guccifer, NBC News reports on their recent interview with Guccifer. Like the Fox News interview, the main story is that Guccifer claims to have gained access to Clinton’s private email server. He tells NBC News, “It was like an open orchid on the Internet. […] There were hundreds of folders.” He also calls her server “completely unsecured.”

An unnamed source with knowledge of the FBI’s Clinton investigation claims “that with Guccifer in US custody, investigators fully intend to question him about her server.”

While Fox News recently interviewed him in a US prison, NBC News interviewed him from a prison in Bucharest, Romania, where he was until he was extradited to the US in late March 2016. (NBC News, 5/4/2016)

LawNewz notes the timing, and asks, “Why would a major news network sit on such an explosive allegation—especially when the claim directly relates to a presidential candidate and the biggest story the 2016 presidential election cycle?” NBC News has not commented. (LawNewz, 5/4/2016)

An FBI report in September 2016 will assert that Guccifer admitted in his FBI interview that he lied about his claim to have accessed Clinton’s server.

May 18, 2016: Director of National Intelligence James Clapper warns Clinton and Trump their campaign networks are being hacked.

Director of National Intelligence James Clapper (Credit: ABC News)

Director of National Intelligence James Clapper (Credit: ABC News)

Clapper publicly comments, “We’ve already had some indications” of hacking on the computer networks of the two frontrunners in the presidential race. He warns, “We’ll probably have more.” He suggests the hackers could be working for foreign governments.

V. Miller Newton, who advises federal agencies on data security, says foreign spying on campaign sites is inevitable. “These campaigns are not working on encrypted platforms. It’s a matter of when, and how serious of an impact it is going to have on this election.” (The Associated Press, 5/18/2016

It will later emerge that a hacking attack on the DNC [Democratic National Committee] was already discovered, in late April 2016, after staffers noticed unusual activity on the DNC’s computer network. (McClatchy Newspapers, 6/14/2016)

May 25, 2016: A Bill Clinton assistant with no security clearance and no special computer expertise helped manage Hillary Clinton’s private server.

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

It had been previously believed that Bryan Pagliano was the one who managed Clinton’s private server. But the State Department inspector general’s report released on this day reveals that there actually were “two individuals who provided technical support to Secretary Clinton.”

The report rarely names names, but the individual other than Pagliano is described as someone who “was at one time an advisor to former President [Bill] Clinton but was never a [State] Department employee, [and] registered the clintonemail.com domain name on January 13, 2009.” Previous media reports made clear the person who registered the domain on that day and was an aide to Bill Clinton is Justin Cooper. (US Department of State, 5/25/2016) (The Washington Post, 03/10/2015) 

In 2015, the Washington Post reported that Cooper had “no security clearance and no particular expertise in safeguarding computers, according to three people briefed on the server setup.” (The Washington Post, 8/4/2015) 

However, the inspector general’s report describes a January 2011 incident in which Cooper turned Clinton’s server off and on in response to a hacker attack, showing he had direct access to the server and thus all the classified information contained inside it. (US Department of State, 5/25/2016) 

In April 2016, the Washington Times alleged that Bill and Hillary Clinton “have paid [Cooper’s] legal fees associated with the FBI investigation, amounting to ‘hundreds of thousands of dollars.’” (The Washington Times, 4/27/2016)

June 10, 2016: Blumenthal confirms he had no security clearance when Clinton was secretary of state.

In a Fox News interview, Clinton confidant Sid Blumenthal is asked if he ever had security clearance when exchanging emails with Clinton, given that many of her emails were later deemed to contain classified material. He responds, “I was her friend, and I had no security clearance, nor did I seek it, nor did anyone ever send me anything that was classified. So I had no access to, nor did I send or receive any classified material.”

Curiously, he also comments about the Romanian hacker nicknamed Guccifer, who broke into his email inbox in 2013: “Marcel Lazar is a Romanian. He worked from a Russian server. He may well be part of a Russian information operation.” (Fox News, 6/11/2016)

Before June 14, 2016: US officials allegedly warn the Trump, Sanders, and Clinton campaigns that sophisticated hackers are attempting to breach their computers.

A June 21, 2016 Bloomberg News article claims the warnings came before the hack on the DNC [Democratic National Committee] was made public on June 14, 2016. However, it’s unclear when the warnings happened exactly. This is according to one unnamed “person familiar with the government investigation into the attacks.”

But the Trump campaign won’t respond to questions about the warnings, and Sanders spokesperson Michael Briggs says he isn’t aware of the warnings.

Bloomberg News will comment, “Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.” (Bloomberg New, 6/21/2016

It has been reported that the Clinton campaign and related organizations have been attacked by hackers, but there have been no confirmed attacks on the Trump or Sanders campaigns. (Bloomberg News, 6/17/2016)

June 14, 2016: Hackers allegedly linked to the Russian government broke into the DNC’s files.

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.

One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.

The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016

Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016) 

Clinton was targeted by spear phishing at least three times, twice in May 2011, and once in July 2011. It is unknown if any of those attacks succeeded. (US Department of State, 10/30/2015) (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)

June 14, 2016: Clinton claims to have just learned about the DNC network breach, and inaccurately claims her campaign has not been similarly targeted.

In an interview, Clinton is asked about a news report from earlier in the day that hackers allegedly linked to the Russian government breached the computer network of the DNC [Democratic National Committee]. She is asked the general question, “What can you tell us about that incident? How worrisome is it?”

She replies, “I only learned about it when it was made public. And it is troubling, just as all cyber-attacks against our businesses and our institutions, our government are. The Russians—and according to the reporting—who did this hacking were most likely in the employment of the Russian government.”

She also comments without being prompted, “So far as we know, my campaign has not been hacked into and we’re obviously looking hard at that.” (The Hill, 6/14/2016)

But two days later, Forbes reports that a security company hired by the Clinton campaign has determined many of her campaign staffers have been targeted by hackers in recent months, and there are indications some of their email accounts could have been breached. (Forbes, 6/16/2016)

June 15, 2016: A hacker nicknamed Guccifer 2.0 posts files showing they were behind the DNC hack.

(Credit: public domain)

(Credit: public domain)

One day after the Washington Post reported that alleged Russian hackers broke into the DNC’s [Democratic National Committee] computer network, a man using the nickname “Guccifer 2.0” creates a new website on the Internet showing that person got the DNC files. Guccifer 2.0 likely has no connection to Guccifer, who is now in a US prison, but seems inspired to take the name due to Guccifer’s earlier hacking notoriety.

He posts a 200-page opposition research file on Republican presumptive presidential nominee Donald Trump dating from December 2015, as well as other computer files from the DNC. The files include a sample of donor information, contradicting the DNC’s claim from the day before that no financial information had been stolen.

Guccifer 2.0 also claims to have given “thousands of files and mails” to WikiLeaks. This comes several days after WikiLeaks head Julian Assange promised to post more of Clinton’s emails soon. The security firm CrowdStrike was hired to investigate the DNC hack, and they claimed to be confident that it was a sophisticated operation done by two hacking groups with ties to the Russian government.

However, Guccifer 2.0 claims to be working independently, and says of CrowdStrike, “I’m very pleased the company appreciated my skills so highly. But in fact, it was easy, very easy.”

However, CrowdStrike stands by their original claim and suggests the new website could be “part of a Russian intelligence disinformation campaign.” (Wired, 6/15/2016) (Vice News, 6/15/2016) 

NBC News reports that “several Democratic sources familiar with the party’s opposition research efforts said they believed opposition research book to be authentic. It also includes links to data stored on internal DNC servers, which would not accessible to people outside the committee.” (NBC News, 6/15/2016)

June 16, 2016: Recent alleged Russian hacking attacks appear to have focused on Clinton and the DNC and not other presidential campaigns.

SecureWorks Logo (Credit: SecureWorks)

SecureWorks Logo (Credit: SecureWorks)

SecureWorks is a cybersecurity company that apparently has been hired to investigate recent leaks targeting US government officials, departments, and related entities. Focusing on the hacking group known as Fancy Bear (or APT 28), they conclude with “moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.” They also conclude that the group targeted Clinton’s presidential campaign and the DNC [Democratic National Committee].

However, SecureWorks have not observed Fancy Bear “[target] the US Republican party or the other US presidential candidates whose campaigns were active between mid-March and mid-May [2016]: Donald Trump, Bernie Sanders, Ted Cruz, Marco Rubio, and John Kasich.” But they point out the other campaigns could have been targeted by other means not noticed by them. (SecureWorks, 6/16/2016)