March 18, 2015: Clinton’s team won’t answer basic questions about the security of her private server.

John A. Lewis (Credit: John Hopkins University)

John A. Lewis (Credit: John Hopkins University)

Clinton spokesperson Nick Merrill claims that when Clinton set up her private email server, “Robust protections were put in place and additional upgrades and techniques were employed over time as they became available. There was never evidence of a breach, nor any unauthorized intrusions.”

However, Merrill declines to say who exactly was in charge of maintaining the server and ensuring its security. Furthermore, it’s unclear what sort of security vetting that person or persons received, if any. Additionally, Merrill won’t reveal if other departments that protect government communications, such as the FBI or the NSA, were ever told of the server’s existence, and if so, if they helped provide security for it.

James A. Lewis, who held senior technology posts at the White House and State Department, comments that emails “that run on commercial services are vulnerable to collection. […] I don’t think people realize how much of this information is available to foreign intelligence services.” (Bloomberg News, 3/18/2015)

Contrary to Merrill’s claim, a May 2016 State Department inspector general report will reveal that there were hacker attacks on Clinton’s server.

July 5, 2016—July 6, 2016: Comey’s comments indicate it is “very likely” Clinton’s emails were hacked, but solid proof may never be found.

In a July 5, 2016 public speech, FBI Director James Comey addresses the possibility that Clinton’s emails were accessed by outsiders. He says, “We did not find direct evidence that Secretary Clinton’s personal email domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.” (Federal Bureau of Investigation, 7/5/2016)

The next day, the New York Times reports that although Comey said there was no “direct evidence” Clinton’s email account had been successfully hacked, “both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”

The Times says that Comey’s comments were a “blistering” critique of Clinton’s “email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others.” However, “the central mystery — who got into the system, if anyone — may never be resolved.”

Adam Segal (Credit: public domain)

Adam Segal (Credit: public domain)

Adam Segal, a cybersecurity expert at the Council on Foreign Relations (CFR), says, “Reading between the lines and following Comey’s logic, it does sound as if the FBI believes a compromise of Clinton’s email is more likely than not. Sophisticated attackers would have known of the existence of the account, would have targeted it, and would not have been seen.”

Before Comey’s comments, Clinton and her spokespeople had said on numerous occasions that her server had never been hacked. In an October 2015 interview, President Obama came to a similar conclusion about her server: “I don’t think it posed a national security problem.”

The Times also comments that Comey’s “most surprising suggestion” may have been his comment that Clinton used her private email while in the territory of “sophisticated adversaries.” This is understood to mean China and Russia and possibly a few more countries.

Former government cybersecurity expert James Lewis says, “If she used it in Russia or China, they almost certainly picked it up.” (The New York Times, 7/6/2016)

Cybersecurity consultant Morgan Wright says the most likely suspects are Russia, China and Israel, “in that order.”

Ben Johnson, a former National Security Agency official and security strategist, says “Certainly foreign military and intelligence services” would have targeted Clinton’s emails. “They’re going to have a lot of means and motives to do this.” He also says it wasn’t just likely countries such as China and Russia, but “any country that’s looking to potentially have adversarial relations with us or just [desires] more relations with us.” He specifically cites Middle East countries specifically as having a likely motive. (Politico, 7/5/2016)

September 1, 2016: Putin denies that Russia was involved in the DNC hack.

Russian President Vladimir Putin says in an interview about accusations of Russian government in the hacking of Democratic National Committee (DNC) emails: “Listen, does it even matter who hacked this data? The important thing is the content that was given to the public …. There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it. … But I want to tell you again, I don’t know anything about it, and on a state level Russia has never done this.”

However, an internal probe conducted by CrowdStrike Inc. traced the source of the hack to two Russian hacking groups connected with Russian intelligence, “Cozy Bear” and “Fancy Bear.”

John Lewis (Credit: public domain)

James Lewis (Credit: public domain)

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, claims that Russia has engaged in state hacking in the past and that Putin’s denials are “not credible.”

Putin continues: “You know how many hackers there are today? They act so delicately and precisely that they can leave their mark — or even the mark of others — at the necessary time and place, camouflaging their activities as that of other hackers from other territories or countries. It’s an extremely difficult thing to check, if it’s even possible to check. At any rate, we definitely don’t do this at a state level.” (Bloomberg News, 9/1/2016)