Around Mid-2010: A Secret Service agent advises Pagliano to take a step to improve the security of Clinton’s private server, but the step is not taken.

After Bryan Pagliano sets up Clinton’s new private server in January 2009, he sets up Internet Protocol (IP) filtering on the firewall, once a firewall is established in late March 2009. Pagliano will later tell the FBI that he tried to review the firewall log files once a month.

The US Secret Service Badge (Credit: public domain)

The US Secret Service Badge (Credit: public domain)

At some point, Justin Cooper, a Bill Clinton aide who is helping Pagliano manage the server, puts Pagliano in contact with a US Secret Service agent. The timing of this is not clear. However, in a September 2016 Congresssional hearing, Cooper will say it happened after Clinton’s server started to get frequent “brute force” hacking attacks, and that begins around the middle of 2010.

This agent recommends that Pagliano should also perform outbound filtering of email traffic. According to a September 2016 FBI report, “Pagliano further considered, but ultimately did not implement, a Virtual Private Network (VPN) or two-factor authentication to better secure administrative access to the server system by him and Cooper.”

The FBI report will explain: “‘VPN’ is a private network that runs on top of a larger network to provide access to shared network resources, which may or may not include the physical hard drives of individual computers… VPN offers an additional layer of security by encrypting the data traveling to the private network before sending it over the Internet. Data is then decrypted when it reaches the private network. … ‘Two-factor authentication’ is a method of confirming a user’s claimed identity by utilizing a combination of two different components…” (Federal Bureau of Investigation, 9/2/2016) (US Congress, 9/13/2016)

August 21, 2015: An email reveals that every employee of the company managing Clinton’s private server can access the server through the Internet.

150815PlatteRiverEmployees

PRN grew exponentially in 2015, including a number of new employees. (Credit: Platte River Networks)

Paul Combetta, an employee of Platte River Networks (PRN), sends an email to Leif McKinley, an employee of Datto, Inc. PRN is managing Clinton’s private server, and Datto has been subcontracted by PRN to provide back-up for the server. Combetta writes: “We are trying to tighten down every possible security angle on this customer. It occurs to us that anyone at PRN with access to the Datto Partner Portal (i.e. everyone here) could potentially access this device via the remote web feature. Can we set up either two-factor authentication, or move this device to a separate partner account, or some other method (disable remote web access altogether?) to allow only who we permit on our end to access this device via the Internet?” (US Congress, 9/12/2016)

On May 14, 2015, a photo of PRN employees was posted to their website and suggests the number of employees working there at the time to be approximately 28.  (Platte River Networks, 5/14/15)

In September 2016, after the email is publicly released, Representative Jason Chaffetz (R) will comment, “If I understand the email correctly, every single employee of PRN could have accessed some of the most highly classified national security information that’s ever been breached at the State Department.” (US Congress, 9/13/2016)