Mid-August 2008: The Chinese government apparently hacks into the 2008 presidential campaigns of Barack Obama and John McCain.

Admiral Dennis Blair (Credit: Sasakawa Peace Foundation USA)

Admiral Dennis Blair (Credit: Sasakawa Peace Foundation USA)

Hacking teams traced back to China are caught breaking into the computers of the Obama and McCain campaigns, resulting in high-level warnings to Chinese officials to stop. The computers, laptops, and mobile devices of top campaign aides and advisers who receive high-level briefings are particularly targeted. “Spear phishing” is used to get targets to open an attachment containing a virus that would allow data to be stolen from their computer.

Obama campaign manager David Plouffe will later say he got a call in the middle of August 2008 alerting him to the attack and that the FBI was investigating. However, the virus is extremely sophisticated, and it takes months for it to be completely removed from the networks of the two campaigns.

In a May 2009 speech, President Obama will make a general mention of the attacks: “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans.” However, the involvement of China’s government won’t be publicly revealed until June 2013.

Dennis Blair, director of national intelligence from 2009 to 2010, will comment that year, “Based on everything I know, this was a case of political cyberespionage by the Chinese government against the two American political parties. They were looking for positions on China, surprises that might be rolled out by campaigns against China.” (NBC News, 6/6/2013)

Mid-November 2014: The State Department apparently successfully thwarts an attempt by Russian hackers to penetrate its email system.

The State Department apparently successfully thwarts an attempt by Russian hackers to penetrate its email system.”’ The entire computer network is quickly shut down for several days after evidence is found that a hacker entered the system. (The Washington Post, 11/16/2014) 

It is alleged that the US government believes the Russian government is responsible. The attack begins when a department employee falls for “spear phishing,” a trick in which a computer user is is led to click on a bogus link that loads malicious software onto the network. It is believed that only the department’s unclassified network is infected, since the classified and unclassified networks are never allowed to reside on the same computer. But the damage is widespread, and thousands of computers in embassies and offices around the world are affected.

In February 2015, the Wall Street Journal will report that the department is still struggling to make sure all traces of the attack are gone from its network. (The Wall Street Journal, 2/18/2015)

In March 2015, Wired Magazine will later comment, “[A]t least, in that case, there was a response. If the same sort of highly resourced hackers had gone after the server in Clinton’s basement, there’s no guarantee that the same alarms would have gone off.” (Wired, 3/4/2015)

March 5, 2015: Clinton’s private server shows more obvious security vulnerabilities.

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)

March 18, 2015: Clinton’s private server was not protected against hackers who might impersonate her identity.

A security evaluation of Clinton's server. (Credit: Bloomberg View)

A security evaluation of Clinton’s server. (Credit: Bloomberg View)

Bloomberg News reports, “According to publicly available information, whoever administrated [Clinton’s private server] didn’t enable what’s called a Sender Policy Framework, or SPF, a simple setting that would prevent hackers sending emails that appear to be from clintonemail.com. SPF is a basic and highly recommended security precaution for people who set up their own servers.”

Bob Gourley, who was the chief technology officer at the DIA [Defense Intelligence Agency] and is the founder of his own cybersecurity consulting firm, says: “If [an SPF] was not in use, [hackers] could send an email that looks like it comes from her to, say, the ambassador of France that says, ‘leave the back door open to the residence a package is coming.’ Or a malicious person could send an email to a foreign dignitary meant to cause an international incident or confuse US foreign policy.” This also would have made it easy for hackers to launch “spear phishing” attacks from Clinton’s account. Other government officials could have thought they were getting a real email from Clinton and then be tricked into having their own accounts breached.

Clinton’s spokesperson claims there is no evidence her account was ever successfully exploited in this manner. But Bloomberg News points out, “The problem with such confidence is that if hackers exploited the SPF vulnerability, Clinton’s office would likely never have known her domain name…was being used surreptitiously.” (Bloomberg News, 3/18/2015)

October 2015—Mid-May 2016: Hackers, alleged to be Russian, target almost 4,000 Google accounts related to US politics.

Center for American Progress logo (Credit: public domain)

Center for American Progress logo (Credit: public domain)

According to a June 17, 2016 Bloomberg News article, during this time period, the same allegedly Russian hackers who breach the computers of the DNC [Democratic National Committee] and Clinton’s presidential campaign “[burrow] much further into the US political system, sweeping in law firms, lobbyists, consultants, foundations, and the policy groups known as think tanks, according to a person familiar with investigations of the attacks.” Almost 4,000 Google accounts are targeted by “spear phishing,” which involves tricking targets to give log-in information so their data can be accessed. The Center for American Progress, a think tank with ties to Clinton and the Obama administration, is one known target.

Bloomberg News will further report that, “Based on data now being analyzed, various security researchers believe the campaign stems from hackers linked to Russian intelligence services and has been broadly successful, extracting reams of reports, policy papers, correspondence and other information.”

The Russian government denies any involvement, but cybersecurity experts who have investigated the attacks believe the hackers are working for Russia. It is believed that either or both of two major Russian hacking groups, Fancy Bear (or APT 28) and Cozy Bear (or APT 29) are behind the attacks. (Bloomberg News, 6/17/2016)

March 2016: The FBI warns the Clinton campaign that it is a target of a hacker attack, but the campaign doesn’t assist the FBI.

160301ClintonFBIpublic

The Clinton campaign logo superimposed over the FBI logo. (Credit: public domain)

This is according to what two unnamed “sources who have been briefed on the matter” will tell Yahoo News in July 2016. FBI officials privately meet with senior Clinton campaign officials and express concern that hackers are using “spear phishing” techniques to access the campaign’s computers. They ask the campaign to turn over internal computer logs and the personal email addresses of top campaign staffers to help the FBI’s investigation. But the campaign declines to do so after deciding the request for personal data is too broad and intrusive. The FBI doesn’t give any mention as to who the hackers might be.

One month later, the campaign will learn on its own that its computers have been hacked and they will use a private cybersecurity company to combat the hackers.

Yahoo News will comment that the FBI’s “warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously.”

At the time, the FBI has an active investigation into Clinton’s email usage while she was secretary of state, and Clinton’s campaign isn’t sure how extensive that inquiry is. There have been media reports that the investigation extended into unethical practices at the Clinton Foundation, which could theoretically include interest in more recent communications.

Yahoo News will report that, according to an unnamed internal source, “Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe.” But the FBI insists that its request for data to combat the hacking has no connection to any other investigation, and since there is no subpoena forcing the issue, the Clinton campaign turns down the request. (Yahoo News, 7/29/2016)

March 2016: The same hacking group that allegedly breaches the DNC [Democratic National Committee] computer network may also breach computers of some Clinton presidential campaign staffers.

Clinton's Deputy Communications Director, Kristina Schake (Credit: Getty Images)

Clinton’s Deputy Communications Director, Kristina Schake (Credit: Getty Images)

The hacker or hacking group is known by the nickname Fancy Bear, and is alleged to be working for the Russian government. Fancy Bear gets into the DNC network in April 2016, which makes it separate from the efforts of Cozy Bear (alleged also to be linked to Russia) or Guccifer 2.0 (alleged to be a “lone hacker”) which in either case got into the network for about a year. Fancy Bear’s attack on Clinton’s staffers is said to start in March 2016, according to the security firm SecureWorks. Targets include Clinton’s communications and travel organizers, speechwriters, policy advisers, and campaign finance managers.

The hackers use the “spear phishing” technique of sending an email from a seemingly trusted source in order to get the target to click on a link. In this case, the links are shortened by an Internet service known as Bitly to make it hard to notice that they’re bogus. They take the target to a fake Google login page, since most or all of Clinton’s staffers use Gmail. Once the target gives their user name and password, the hacker can log into the real account and access all the data. The hackers create 213 links targeting 108 hillaryclinton.com addresses. Twenty of those are clicked, raising the possibility that some accounts are successfully breached. (Forbes, 6/16/2016)

June 14, 2016: Hackers allegedly linked to the Russian government broke into the DNC’s files.

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.

One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.

The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016

Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016) 

Clinton was targeted by spear phishing at least three times, twice in May 2011, and once in July 2011. It is unknown if any of those attacks succeeded. (US Department of State, 10/30/2015) (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)

August 18, 2016: The Clinton Foundation’s computer network may have been recently hacked.

Reuters reports that the foundation has recently hired the cybersecurity company FireEye to investigte and combat hacking after seeing indications of possible hacking. This is according to two unnamed “sources familiar with the matter.”

No stolen emails or documents from the foundation have been made public so far. However, one of the sources plus two unnamed US security officials say that hackers appear to have used “spear phishing” techniques to gain access to the foundation’s network, in the same way they’ve hacked the Democratic National Committee (DNC) and other political targets. (Reuters, 8/18/2016)