An unidentified hacker compromised the email of a Bill Clinton staffer.
- By Elias GrollElias Groll is a staff writer at Foreign Policy, covering cybersecurity, privacy, and intelligence. , David FrancisDavid Francis is a staff writer for Foreign Policy, where he oversees FP's breaking news blog, The Cable. An award-winning journalist, David has reported from all over Europe, Nigeria, Kenya, Mexico, and Afghanistan on terrorism, national security, the geopolitics of energy, global economics, and the European financial crisis. His work has been published in outlets including the Christian Science Monitor, the Financial Times Deutschland, Slate, and SportsIllustrated.com.
Ever since Hillary Clinton admitted setting up a homebrew server in the basement of her Chappaqua home, one question has always hovered over the case: Did that system ever get hacked? On Friday, the FBI revealed that a hacker broke into an email account on that system.
In a summary of its investigation into Clinton’s use of private email released Friday, the FBI concluded that a username and password for an email account on the server — it’s not clear whose email beyond that it belonged to a woman working as an aide to former President Bill Clinton — was compromised by an unknown entity. That entity logged into the compromised email, read messages, and browsed attachments using a service called Tor.
That service allows a user to mask his or her physical location, and the FBI was unsuccessful in its efforts to determine who had logged into the Clinton email system and why.
It’s difficult to assess the impact of the breach of a single account on the server but the report raises fresh questions about the security of other accounts, including Hillary Clinton’s. The FBI account presents no evidence that Hillary Clinton’s emails were affected, or that the aide to Bill Clinton had access to classified information.
Nonetheless, amid Republican allegations that Clinton mishandled classified information by using a private email system as secretary of state, the news that one account on that system was breached could provide more ammunition to attack the Democratic presidential nominee’s trustworthiness.
The FBI has consistently said that it has no evidence to indicate that Hillary Clinton’s personal email account was hacked, but has repeatedly noted that if such a breach did occur its agents might not be able to to tell.
In its summary, the FBI said that it did not get access to all of Clinton’s electronic devices, inhibiting their ability to collect evidence and determine whether the former secretary of state’s email was compromised. “The FBI investigation and forensic analysis did not find evidence confirming that Clinton’s email server systems were compromised by cyber means,” the author of the report wrote.
The investigation summary also details the security measures employed on Clinton’s email server and found that they were not particularly sophisticated. The bureau determined that the email server did not initially use a correctly set-up encryption tool and used software with known security flaws. The report details multiple attempts to hack into the server — all of which were unsuccessful apart from the case of the unidentified email account accessed via Tor.
The FBI’s interviews with the Democratic presidential nominee reveal her to be a less-than-sophisticated tech user. In her interview with the FBI conducted in early July, Clinton said she could not recall receiving emails that she thought should be on a classified system, and that she used her private email address “out of convenience.” Aides to Clinton also told investigators that she often replaced her Blackberry after misplacing it; they said the location of the old device would “frequently become unknown.”
Clinton admitted she was offered a State Department email address at the beginning of her tenure as the nation’s top diplomat, but declined. No one at the FBI raised concerns about her use of private email while secretary of state, the Democratic presidential nominee said. She also said she did not know she had to save her emails when she left office.
She also didn’t think about whether emails about drones should be classified. As for her conversation with former Secretary of State Colin Powell about his use of private email, Clinton said Powell advised her to “be very careful.”
The documents, totaling 58 pages, are heavily redacted; in some sections, page after page is left blank. And they only include a handful of notes from interviews with more than a dozen senior Clinton staffers, other State Department officials, and Powell.
The FBI turned the documents over to a number of congressional committees looking into Clinton’s use of a private server at her home in upstate New York. The bureau’s now-closed investigation found that no criminal charges should be brought against Clinton, but FBI Director James Comey said Clinton and her staffers were “extremely careless” when it came to use of private email while in public office.
In a statement to Reuters, State Department Spokesperson John Kirby said, “The State Department does not have full insight into the FBI’s investigation, so it would be inappropriate for us to comment on their findings or their recommendations.” He also noted that Comey declined to pursue charges.
The FBI’s summary of the investigation revealed that around three weeks after the New York Times revealed the existence of Clinton’s private email system, a technician for the company managing the service at that point, deleted archives of that system. An unnamed technician for Platte River Networks “had an ‘oh shit’ moment” and realized he had deleted emails that were supposed to be stored, according to the FBI document. That summary does not indicate that the deletion caused gaps in the record of Clinton’s emails.
The FBI’s summary also provides additional detail on the amount of classified information that transited Clinton’s server. The bureau identified three email chains, encompassing eight emails, that “contained at least one paragraph marked ‘(C)’.” That marking typically indicates “confidential” material, but the emails in question did not contain the headers and footers that usually accompany classified documents.
Clinton told the FBI that “she did not know what the ‘(C)’ meant at the beginning of the paragraphs and speculated it was referencing paragraphs marked in alphabetical order,” according to the bureau’s summary.
Of the three chains, one is currently considered “confidential.” The other two are now unclassified.
The FBI’s summary of the investigation describes the climate in which Clinton and her aides are trading emails containing sensitive information. In many cases, aides told the bureau, State Department officials were scrambling to respond to quickly unfolding events when Clinton and other officials needed to be briefed but could not access secure email systems.
One unidentified State Department employee told the bureau that information received from other government agencies and passed up the chain of command was “technically probably classified” but that “you can’t do business that way.” The FBI quotes unidentified members of the U.S. intelligence community expressing concern about how the State Department generally handles classified information.
In other cases, aides said that information later deemed classified during State Department review concerned information about secret programs that had made their way into the media. Department employees needed to craft responses to such reports, but that work sometimes entailed discussing programs considered classified — even if they had appeared on the front page of the Times.
Also among the aides mentioned in the bureau’s report is Sid Blumenthal, the controversial figure who Clinton had sought to bring into the State Department as a formal adviser but whose appointment the Obama White House vetoed. The FBI identified 179 emails sent to Clinton by Blumenthal. The State Department’s FOIA process determined that 24 memos sent by Blumenthal to Clinton contained information currently considered “confidential.” One was “secret.”
Clinton’s comments to investigators are consistent with public statements she’s made in the past. Republicans claim that she contradicted her earlier testimony to Congress on several points.
Clinton’s campaign did not immediately return a request for comment. In the past, Clinton campaign spokesman Brian Fallon has said that turning over the documents was “an extraordinarily rare step that was sought solely by Republicans for the purposes of further second-guessing the career professionals at the FBI.” He has also said that if the documents were going to be released outside the Justice Department, “they should be released widely so that the public can see them for themselves, rather than allow Republicans to mischaracterize them through selective, partisan leaks.”
A statement from the campaign of her Republican presidential challenger, Donald Trump, said the notes “reinforce her tremendously bad judgment and dishonesty.”
Photo credit: AARON BERNSTEIN/Getty Images