Hostile foreign actors successfully gained access to several email accounts Democratic presidential nominee Hillary Clinton regularly contacted on her unsecured email server while she served as secretary of state, according to investigation notes released by the FBI.
The released notes gave no further details regarding the nationality of the hostile hackers, but the FBI was able to confirm that hacking the accounts allowed them to gain access to emails sent to or from Clinton from other users’ accounts.
“The FBI did find that hostile foreign actors successfully gained access to the personal email accounts of individuals with whom Clinton was in regular contact and, in doing so, obtained emails sent to or receive by Clinton on her personal account,” stated the FBI notes.
FBI investigators found the domain for Clinton’s email server, ClintonEmail.com, did not have a SSL certificate, which left it “potentially vulnerable to compromise” from January 2009 to March 2009. SSL certificates are used to encrypt information sent between a user’s computer and a website, or server, in this case.
The lack of standard encryption, in combination with the generally unsecured nature of the server, left it particularly vulnerable while Clinton traveled abroad. The former secretary of state also reportedly connected her private account to her personal BlackBerry, which was also unsecured.
“FBI investigation determined that hundreds of emails classified CONFIDENTIAL during the State FOIA (Freedom of Information Act) process were sent or received by Clinton … on … occasions while OCONUS (outside continental United States),” said the FBI report.
While accounts in correspondence with Clinton’s email were found compromised, the FBI’s forensic team was not able to find evidence “confirming” the server had been “compromised by cyber means.” That said, the FBI noted it did not have all the server equipment and devices tied to it, meaning there was potential for possible intrusion from hostile foreign actors.
“As a result, FBI cyber analysis relied, in large part, on witness statements, email correspondence, and related forensic content found on other devices to understand the setup, maintenance, administration, and security of the server systems,” the FBI admitted.
Clinton tech aide Bryan Pagliano admitted to FBI investigators that in a conversation with an unknown individual, he said, “he would not be surprised if classified information was being transmitted to the server,” making it a ripe target for hostile hackers.
Pagliano noted that while he was not aware of any “security breaches” into the server, he was aware of an abnormal amount of failed login attempts on some accounts, which he referred to as “brute force attacks.” The failed attempts increased over time, but he could not recall if they originated from any particular country.
Hackers often try to guess the passwords of accounts based on information they know about the person. The tactic is rudimentary, but fairly effective if the password is not particularly complicated.
Pagliano said the server was also the victim of several phishing attacks. Phishing is a tactic in which a hacker tries to acquire information, like passwords or usernames, from a user by masquerading as someone they know over email. Hackers will often create fake accounts with the names of friends or colleagues of their target in order to appear more legitimate. In at least one case, Clinton nearly fell for the tactic, and responded to one of the phishing emails.
“Is this really from you? I was worried about opening it!” said Clinton in her reply.
The FBI’s notes recalled one instance when the entire server had to be shut down when an unknown hacker broke into the system on January 9, 2011. The hacker used the encryption network Tor to break into an account that belonged to a Clinton staffer and subsequently browsed several emails and attachments. Forensic investigators were unable to determine how the hacker got access to the account.
While the FBI investigation into Clinton’s server certainly appears to be thorough, the exact damage done by potential breaches is still unknown, since Clinton did not provide all devices connected to the server. Investigators are currently missing 13 devices, including two iPads, that were could have been “subject to compromise.”
Send tips to email@example.com.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.