Hillary Clinton sent at least three dozen emails during seven different trips to China, Vietnam and Russia as secretary of state, a Daily Caller investigation reveals.
Communicating through a personal email account, which Clinton had synced up to a private email server and a non-government-issued BlackBerry, put the Democratic presidential candidate’s communications at risk, especially in nations with robust spy agencies and government-owned telecoms companies like China and Russia, a cyber security specialist tells TheDC.
The risk would have been even greater if Clinton failed to use what’s known as a BlackBerry Enterprise Server, a so-called “middleware” program that encrypts emails and other information, says Stephen Perciballi, a cyber security expert who formerly worked for BlackBerry retailer Softchoice.
If she did not, “it puts her at more risk,” Perciballi told TheDC.
It is unclear how Clinton’s server was configured. The device, which is now in the FBI’s possession, was kept at Clinton’s home in New York during her tenure at State. It was managed by former State Department IT specialist Bryan Pagliano, who worked on Clinton’s 2008 presidential campaign.
“Was that server just sitting there wide open, sitting on her Comcast cable connection?” Perciballi asked. “We don’t know, and that’s really the problem.”
“Is she building up a fortress of security in her basement? The sheer fact that she did something as irresponsible as this with her work email, I’m guessing no.”
The State Department declined to tell TheDC if Clinton utilized a BlackBerry Enterprise Server.
“There are reviews and inquiries looking into this matter generally and we are not going to get ahead of that,” agency spokesman John Kirby told TheDC.
Pagliano, who recently received immunity in exchange for cooperation with the FBI, did not respond to an email seeking comment.
TheDC was able to determine which emails Clinton sent during overseas trips by comparing the emails released by the State Department to her travel schedule. Politico conducted a similar analysis last March, using press photos to determine when and where Clinton was using her BlackBerry overseas.
The State Department has released Clinton’s 52,000-plus pages of emails since then, allowing for a better cross-reference of her email activities with her overseas travels.
Most — if not all — of Clinton’s emails were sent from her personal BlackBerry. Clinton has said that she used a personal email account — and, thus, a personal BlackBerry — so that she would not have to carry around two devices. The State Department did not have the capability during Clinton’s tenure to fix BlackBerries with both types of email accounts.
An Aug. 30, 2011 email recently obtained by TheDC shows that Clinton’s deputy chief of staff Huma Abedin rejected a proposal to provide Clinton with a second BlackBerry equipped with a State.gov email account.
Abedin and other Clinton aides, such as her chief of staff Cheryl Mills, used BlackBerries issued by the State Department. Communications on those devices likely would have been much more secure than Clinton’s, given that the State Department has its own massive IT department.
Clinton emailed heavily from China during a Nov. 2009 trip there to dedicate the USA Pavilion at the Shanghai Expo, State Department records show.
She did the same during a May 2010 trip to China where she again visited the USA Pavilion and attended a meeting of the U.S.-China Strategic and Economic Dialogue.
Clinton also used her BlackBerry and sent emails during trips to Vietnam and China in Oct. 2010.
During her next trip to China, in May 2012, Clinton sent several emails and also received one containing now-classified information from her top foreign policy aide, Jake Sullivan.
Sullivan forwarded the email, which had the subject line “Express Delivery in China,” to Clinton from Robert Hormats, who then served as under secretary of state for economic growth, energy, and the environment.
She continued using her BlackBerry during overseas trips, including during visits to Russia in June and September 2012. She sent emails from China in Sept. 2012 as well, State Department records show.
Clinton and her campaign have downplayed her use of a private email system, personal email account and personal BlackBerry by claiming that her server was never hacked. The campaign pointed to a New York Times article published last month which suggested that FBI investigators found no evidence that Clinton’s server was hacked.
But as former National Security Agency analyst John Schindler wrote in a recent column at the Observer, The Times article relies on a layman’s definition of “hacking” and ignores other methods of compromising Clinton’s communications devices.
“Unencrypted IT systems don’t need ‘hacking,'” Schindler wrote. “Ms. Clinton’s ‘private’ email, which was wholly unencrypted for a time, was incredibly vulnerable to interception, since it was traveling unprotected on normal commercial networks, which is where [signals intelligence] operators lurk, searching for nuggets of gold.”
A “specific phone number, a chatroom handle, an email address” would be the equivalent of “waving a huge ‘I’m right here’ flag at hostile intelligence services,” Schindler wrote.
Perciballi agrees that there would be other ways besides hacking directly into Clinton’s server to snoop on her communications. He also says that foreign states like China and Russia have enormous capabilities of pulling off such attacks.
By using a man-in-the-middle attack, a hacker “could snoop on her email while she was sending it even without her knowing,” the expert said.
While such an attack would be “very difficult” to pull off, it would not be as difficult for state-sanctioned actors to accomplish. That’s especially true in countries where telecoms agencies are owned or controlled by the state, such as is the case in China.
Another method of attack would be through malware.
Such a strategy would allow a hacker to remain silent in the background while stealing a user’s user name and password. If such an attack befell Clinton, the hacker could sync her email with their devices with little chance of detection.
“And now they’re reading State Department email,” said Perciballi.
It is known that Clinton received emails bearing viruses on her personal account. On Aug. 3, 2011 she received five emails designed as speeding tickets send from a New York police department. Clinton has claimed she did not open the emails. It is unclear, however, how many other phishing emails she received. As Politico’s Josh Gerstein pointed out in an article last year, Clinton has acknowledged that she deleted some “spam” emails.
The State Department declined to say whether Clinton utilized a BlackBerry Enterprise Server or whether it was aware if she had.
“As is standard, we don’t discuss State security protocols or speak to the full range of communications capabilities available to current or former Secretaries of State while on foreign travel,” spokesman John Kirby told TheDC.
“Generally speaking, while traveling abroad, the Secretary of State has access to a range of communications capabilities, both classified and unclassified,” he added, noting that security for communications is “adjusted routinely from place to place.”