As Dumb As She Is You Know She Was Hacked! Spam Sent to Hillary Clinton Server Prompts
Spam Sent to Hillary Clinton Server Prompts Look at Suspected Russian Hacking
WASHINGTON
— It turns out that Hillary Rodham Clinton’s private email account,
like seemingly everyone else’s in America, was hit by spam sent to try
to lure her into clicking on a malicious link — one that could have
compromised the security of her communications when she was secretary of
state.
But did that put her more at risk than if she had relied solely on the
State Department’s internal systems? Almost certainly not. After all,
in 2014 the unclassified email systems at the State Department and the
White House were shut down, often for days at a time, as government
security experts tried to erase the damage done by the hackers,
suspected to be Russians, probably linked to the government. It seems
virtually certain, investigators say, that the offenders in that case
siphoned vast numbers of emails out of both systems.
Hillary Rodham Clinton before giving a speech at the Brookings Institution in Washington this month.
3 Hillary Clinton Emails Deemed ‘Secret’ in State Dept. Review of 6,300 PagesSEPT. 30, 2015
Huma Abedin, left, with Secretary of State Hillary Rodham Clinton in New York in 2011.
First Draft: Emails Show Hillary Clinton Adviser Sidestepping Potential ConflictSEPT. 28, 2015
Hillary Rodham Clinton on Monday.
String of Emails Raises Questions About When Hillary Clinton Began Using Personal AccountSEPT. 25, 2015
The F.B.I. is investigating whether an aide improperly sent email on the unrest in Libya to Hillary Rodham Clinton in April 2011.
Hillary Clinton Email Inquiry Weighs if Aides Erred at ‘Send’SEPT. 24, 2015
Still, the evidence that Mrs. Clinton’s personal account had been on the receiving end of a “spear phishing” attempt, revealed in a batch of her emails released by the State Department on Wednesday, raises the same question the F.B.I. is trying to answer as it combs through the forensic evidence from the server that was once in Mrs. Clinton’s basement.
And that is whether the attackers who successfully got into the unclassified systems at the State Department and the White House also got into Mrs. Clinton’s. She would have been a natural target for a state-sponsored cyberattack by adversaries who have made clear their determination to learn as much as they can about the inner workings of the United States government. And the possible vulnerability of her home-based system remains a central mystery in the investigations.
“It would stand to reason,” one person involved in the investigation said recently, “that anyone who had planted malware in the State Department system would have seen a very high-level official talking to other high-level officials, and followed the trail.” But, the person added, “we don’t know that happened.”
The person spoke on the condition of anonymity so as to not be identified discussing a continuing investigation.
Nick Merrill, a spokesman for the Clinton campaign, said there was no evidence that the system had ever been breached. “All these emails show is that, like millions of other Americans, she received spam,” he said.
There is also no evidence that the spammers who targeted her knew that it was the secretary of state at the other end of the attack. The fact that it was sent four times to her account over a period of hours suggests it was sent by an automated system.
Some experts disagree. Justin Harvey, the chief security officer of Fidelis Cybersecurity, said in an interview that “the chances are still quite high that it was humanly targeted.” In such an attack, the spam probably would have been sent first to her aides, in hopes of getting to her account.
But if Mrs. Clinton’s system was successfully pierced — perhaps in some other attack — Mrs. Clinton might well not have known it, either. Other email accounts, including one for her husband, Bill, the former president, resided on the same server in their basement of their home in Chappaqua, N.Y. No one has yet explained what kind of monitoring systems were on that server, if any.
Continue reading the main story
First Draft Newsletter
Eric H. Holder Jr., the previous attorney general, often said, “There are two kinds of companies in America: those who know they have been the subject of cyberattacks, and those who don’t know they have been the subject of cyberattacks.” That dictum seems to apply to the State Department as well.
It took officials there weeks or months to catch on to the attack, officials said this year. That is a pretty good record compared with the Office of Personnel Management, who did not know for more than a year that security dossiers on roughly 22 million Americans, and millions of fingerprints, had been secretly transmitted to servers in China.
If Mrs. Clinton felt safer on her own system than on the State Department’s, she was hardly alone. One of Mrs. Clinton’s top policy aides, Anne-Marie Slaughter, noted in another email released Wednesday that “State’s technology is so antiquated that NO ONE uses a State-issued laptop, and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.”
What was true in 2011 remains true today. The State Department on Thursday confirmed a report in The Boston Globe that Secretary of State John Kerry had occasionally received work related emails on a personal account.
“This is an acknowledgment of the reality that Secretary Kerry has decades-old friendships, and those friends have emailed him on a personal account for years,” said John Kirby, a spokesman for the State Department. Mr. Kerry has taken several steps to ensure that he complied with federal record-keeping rules, the State Department said, adding that it has a process in place to review Mr. Kerry’s personal emails to make sure they are forwarded to his work account and backed up on a federal record-keeping system.
The F.B.I. director, James B. Comey, said Thursday that he was certain the bureau would be able to complete the investigation into Mrs. Clinton’s personal email account in a timely manner and that he would make sure politics did not interfere with it.
“I am following this very closely, and I get briefed on it regularly,” Mr. Comey told reporters at F.B.I. headquarters.
The F.B.I. opened its investigation into how classified materials were handled in connection with Mrs. Clinton’s account in response to a referral from the inspector general for the intelligence community after sensitive national security information was found on the account. It is illegal to have classified information on an unsecured network.
Mr. Comey declined to discuss the specifics of the inquiry, but said that one of the reasons he has a 10-year term as director was “to make sure this organization stays outside of politics.”
Correction: October 3, 2015
A headline on Friday with an article about Hillary Rodham Clinton’s email server overstated what is known about an investigation into the server’s security. As the article correctly noted, Mrs. Clinton received spam email that was intended to place malware on her computer network; the investigation has not yet determined that the malware effort was successful.
