Prior to her confirmation as Secretary of State, Hillary Clinton and her close inner circle regularly communicated using Blackberry phones. She was warned early by State Department security officials about the use of such phones noting possible security leaks. The email account on her Blackberry was hosted by a private server. She never revealed to State Department personnel the existence of the server. An internal report later determined that Clinton should have notified the State Department, asked for permission, and likely would never have been granted permission if she did request it. Perhaps that is the motivation for keeping it in the first place. She later claimed that the Department did allow it, but the report found no record of a request or permission being granted.
Some officials were aware of the arrangement, but never pressed her to use the State Department email system. In 2010, two State Department employees raised the issue with their superiors but were informed never to ask about it again. Most of the emails she sent or received traversed through the server over the Blackberry phone. The IG report later reported that Clinton had taken no steps to maintain the security of the server.
The State Department did suggest setting up a desktop computer at the State Department, but she said she was unfamiliar with its use. She preferred the convenience of the Blackberry which was her motivation- personal convenience. She was warned about the vulnerability to hacking of her Blackberry and she noted their concerns. They became particularly worried after evidence came to light that someone may have tried to do exactly that while on a trip to Asia, yet she continued to use the Blackberry to send and receive emails after that warning.
Subsequent emails from the State Department revealed that the decision to use the Blackberry phones to conduct State Department business occurred about one month after the NSA denied her a more secure Blackberry device like Obama had been issued. After being denied the request, an NSA official met with Cheryl Mills to discuss Clinton’s displeasure about security protocols inside a SCIF in the State Department and elsewhere. Mills had met with an official from the NSA- Donald Reid- who reiterated that the use of cell phones in a SCIF was strictly prohibited.
The domain names clintonmail.com, wjcoffice.com, and presidentclinton.com were registered to Eric Hoteham. The domains were pointed to a private server Clinton had installed in the basement of her home during her 2008 presidential campaign. The server remained there (?) from 2009 to 2013 when it was transferred to a data center in New Jersey and eventually to Platte River Networks, a private Denver-based IT firm that managed the emails. The identity of Eric Hoteham was a mystery. Reporters did find Eric Hoteham in a 2001 Washington Post article describing him as a Clinton aid. Another person- Eric Hothem- was found in a Congressional report described as an “aide to First Lady Hillary Clinton” who sent a $15,000 check to Roger Clinton. It is believed that Hoteham and Hothem are the same person.
On the first day of her confirmation hearing in 2009, the domain name clintonmail.com was purchased by Justin Cooper, a long time aid to Bill Clinton, from a Jacksonville IT company called Network Solutions. The management of the account was then shifted to an Atlanta firm called Perfect Privacy.
It should be noted that the State Department did allow the use of home computers to conduct work, but established rules that such work had to be captured by State Department computers to comply with federal law. There was technically no prohibition against the use of a private server because no one likely thought about it. Later in 2009, some employees at the State Department became concerned about possible violations of record-keeping protocols, but nothing was done at the time.
In December 2012, Citizens for Responsibility and Ethics in Washington (CREW) submitted a FOIA request to the State Department requesting records about her emails in response to the Benghazi reporting. The State Department later informed CREW they could find no such records, the reason for which became obvious in March 2013. It was in that month that a hacker by the name of Guccifer had hacked into the email account of Sidney Blumenthal and began distributing them to congressional aides, politicians, and reporters. The emails dealt with the Benghazi attacks and the situation in Libya and it was through Guccifer that people became aware of the clintonmail.com email account.
After the Blumenthal account was hacked, Guccifer searched for emails to Clinton specifically. Most of the emails involved sensitive intelligence. To cover his tracks, Guccifer sent the emails to everyone from the hacked AOL file of a Hollywood actor’s wife. Investigators initially tracked Guccifer’s IP address to two locations in Russia, but that means nothing since this is known as “spoofing” in hacker parlance- using proxy servers in other countries to send investigators further off the trail.
In 2014, State Department lawyers, in response to a request from a Congressional probe into Benghazi, noticed that several emails were missing after which they met with Clinton’s lawyers. By the end of the year, her lawyers delivered copies of more than 30,000 Clinton emails she had sent during her time as Secretary of State. However, another 32,000 were deemed to be of a personal nature and never handed over. By this time, Datto, Inc. promised to deliver hardware to investigators looking for the missing emails. Datto, Inc. was yet another backup service for Hillary Clinton’s email traffic. Leading into the 2016 election, no one could say whether the missing emails could be recovered, or were recovered.
On March 2, 2015 the Congressional Benghazi investigation established that Clinton had exclusively used her own private email server to conduct State Department business rather than a government-issued one and that her aides made no efforts to preserve emails sent or received from her private server as required by law. In her defense, her lawyer, Nick Merrill, noted that previous heads of the State Department and other government agencies used personal email accounts to conduct government business. However, others have pointed out that very few, if any, relied on a private server. A former DOJ official, Dan Metcalfe, noted that Clinton, by using a private server and personal email accounts, gave her tighter control over her emails by not involving third parties like Google and helped screen her from FOIA requests and Congressional subpoenas.
This calls into question another federal law- the Federal Records Act- which does authorize private emails to conduct government business provided those emails are preserved by the government. It also says that no one may destroy or remove relevant government emails. It is illegal to “knowingly” move or retain classified information on a personal email account and only allowed in the case of emergencies. However, the government guidelines strictly discourage the use of personal email accounts.
Making matters worse, the previously mentioned Justin Cooper who managed the email system had no government security clearance nor did he have any experience in the security of computer systems. Larry Paliano, who was Clinton’s IT coordinator during the 2008 campaign replaced Cooper. Initially he pleaded the Fifth Amendment to Congressional inquiries, but later cooperated; however, no emails were ever recovered while Pagliano was in charge of the email server.
Other cybersecurity experts familiar with systems set up by Clinton later claimed that the system was vulnerable to hacking by amateurs and for the first three months of her tenure as Secretary of State, encryption was not even used. Practically everyone within the intelligence community testified before Congress that they would be very surprised if foreign intelligence had not monitored her emails. It was later discovered that Clinton’s server was configured to allow users to connect openly to it from the Internet and control it remotely.
In 2011, it is believed that Russian hackers on five occasions attempted to hack into her server by sending messages disguised as traffic tickets. Had she opened the attachment and/or printed the ticket, it would have allowed hackers full access to her email account and server although it was never determined she fell for the phishing attempt. The IP addresses were traced to overseas accounts with one in Russia, although that, again, does not infer the Russians were involved as hackers often try to cover their trails by using proxy servers in foreign countries.
Next: Part 2- Excuses and stupidity